ADDS commands

1. DISCLAIMER - This example code is provided without copyright and AS IS.  It is free for you to use and modify.
2. Manage and Maintain Active Directory Domain Services in Windows Server 2016 - Pluralsight
3.  
4. ************************************************
5. windows-server-2016-manage-maintain-ad-domain-services-m2
6. ************************************************
7.  
8. ***** -- Create and configure Managed Service Accounts
9.  
10. Import-Module ActiveDirectory
11. New-ADServiceAccount -Name TestAccount -RestrictToSingleComputer -Enabled $True
12. Add-ADComputerServiceAccount -Identity mydesktop -ServiceAccount TestAccount
13.  
14. Install-ADServiceAccount -Identity TestAccount
15.  
16. ***** -- Create and configure Group Managed Service Accounts
17.  
18. Add-KDSRootKey –EffectiveTime ((get-date).addhours(-10))
19.  
20. New-ADServiceAccount -name TestgMSA -DNSHostName testgmsa.company.pri -PrincipalsAllowedToRetrieveManagedPassword "Domain Computers"
21.  
22. Add-ADComputerServiceAccount -Identity mydesktop -ServiceAccount TestgMSA
23.  
24. Install-ADServiceAccount -Identity TestgMSA
25. Test-ADServiceAccount -Identity TestgMSA
26.  
27. New-Service -Name "TestService" -BinaryPathName "C:\WINDOWS\System32\svchost.exe -k netsvcs"
28.  
29. ************************************************
30. windows-server-2016-manage-maintain-ad-domain-services-m3
31.  
32. ************************************************
33.  
34.  
35.  
36. ***** -- Perform object- and container-level recovery
37.  
38. Enable-ADOptionalFeature -Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=company,DC=pri' -Scope ForestOrConfigurationSet -Target 'company.pri'
39.  
40. Get-ADObject -Filter {displayName -eq "Dan Jones"} -IncludeDeletedObjects | Restore-ADObject
41.  
42.  
43. ***** -- Clean up metadata
44.  
45. ntdsutil
46. metadata cleanup
47. connections
48. connect to server den-dc1
49. quit
50. select operation target
51. list domains
52. select domain X
53. list sites
54. select site Y
55. list servers
56. select server Z
57. quit
58. remove selected server
59. yes
60. quit
61.  
62. ***** -- Monitor and manage replication
63.  
64. repadmin /showrepl
65. repadmin /showrepl PHX-DC1
66. repadmin /showconn PHX-DC1
67. repadmin /showobjmeta DEN-DC1 "CN=gshields,CN=users,DC=company,DC=pri"
68. repadmin /kcc
69. repadmin /kcc PHX-DC1
70. repadmin /replsum
71. repadmin /replicate DEN-DC1 DEN-DC2 "dc=company,dc=pri"
72. repadmin /syncall DEN-DC1 "dc=company,dc=pri" /d /e
73. dcdiag /s:den-dc1
74. get-adreplicationconnection -server den-dc1
75. get-adreplicationfailure -target phx-dc1
76.  
77.  
78.  
79.  
80.  
81. #Query FSMO roles in AD environment
82. netdom query fsmo
83.  
84. #Move FSMO Roles Powershell
85. Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator
86.  
87.  
88.  
89.  
90.  
91. #Enable AD Recycle Bin with PowerShell
92. Import-module ActiveDirectory
93.  
94. Run the following cmdlet to enable the Recycle Bin
95. Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target <your forest root domain name>
96.  
97. Here is an example using the ad.activedirectorypro.com domain.
98. Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target ad.activedirectorypro.com
99.  
100. How to Verify AD Recycle Bin is enabled
101. Get-ADOptionalFeature -filter *
102.  
103. #Get all Enabled Computer accounts
104. Get-ADComputer -Filter 'operatingsystem -like "Windows 10*" -and enabled -eq "true"' -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion -Wrap -Auto
105.