https://blog.099c.org/tags/active-directory/ Recent content in Active-Directory on Apuntes de root Hugo en-US jorti@pm.me (Juan Orti Alcaine) jorti@pm.me (Juan Orti Alcaine) Mon, 08 Sep 2014 00:00:00 +0000 https://blog.099c.org/posts/one-liner-to-get-all-the-members-of-an-ad-group/ Mon, 08 Sep 2014 00:00:00 +0000jorti@pm.me (Juan Orti Alcaine) https://blog.099c.org/posts/one-liner-to-get-all-the-members-of-an-ad-group/ <p>With this line you get all the users of an Active Directory group recursively, so any nested group is expanded. It is also exported to a CSV file.</p> <p>[code lang=&ldquo;powershell&rdquo; light=&ldquo;true&rdquo;]Get-ADGroupMember -Identity &lsquo;GroupName&rsquo; -Recursive | Get-ADUser -Properties &lsquo;*&rsquo; | Select-Object samAccountName, name, givenName, sn, mail, l | Export-Csv -Encoding UTF8 -Delimiter &lsquo;;&rsquo; -path &lsquo;.users.csv&rsquo;[/code]</p> https://blog.099c.org/posts/script-to-grant-dial-in-access-in-active-directory/ Mon, 23 Jul 2012 00:00:00 +0000jorti@pm.me (Juan Orti Alcaine) https://blog.099c.org/posts/script-to-grant-dial-in-access-in-active-directory/ <p>I have found that is not a trivial task to change the dial-in permission in an Active Directory user or computer because you must update the userParameters attribute at the same time that the msNPAllowDialin.</p> <p>In the <a href="http://support.microsoft.com/kb/252398/en-us" title="KB252398">KB252398</a>, Microsoft says to download the Active Directory Service Interface, so you can register adsras.dll, and use the ADSI interface it provides, but the download is no longer available.</p> <p>I have managed to create a script to allow dial-in: first, I have allowed manually a user to dial-in, and then I pick those permissions and apply them to the rest.</p>