Below are scripts I originally published in the Microsoft TechNet Gallery. They deal with on-premises Active Directory, editing Wiki articles, demonstrations of various coding techniques, and TechNet Wiki Summit presentations.
The Microsoft TechNet Gallery was recently retired. I have since published the scripts on this website. This includes pages that describe each script: how to run the script, limitations, what the output means, etc.
Update AD Users in Bulk from Excel Spreadsheet
A PowerShell V1 script to update users (or any class of AD objects) in bulk
from the information in a Microsoft Excel spreadsheet. Only single-valued
string attributes are supported.
PowerShell Script to Check Group Membership
PowerShell script that uses tokenGroups attribute to check membership in
security groups.
Find Circular Nested Groups
PowerShell script to find any instances of Circular Nested Groups in the
domain.
List Members of Large Group
A PowerShell Version 1.0 script to enumerate the direct members of a large
Active Directory group. This script uses ADO range retrieval to overcome the
limit of 1500 values that can be retrieved for a multi-valued attribute like
the "member" attribute of a group.
Forest and Domain Information
PowerShell Version 1.0 script to determine functional level of the Active
Directory forest and all domains in the forest. Also finds all FSMO role
holders, all sites, and and all Global Catalog servers in the forest.
Generic Search of Active Directory
A PowerShell Version 1.0 script to search Active Directory. The program
prompts for the base of the query, the LDAP syntax filter, and a comma
delimited list of attribute values to retrieve. Results are in list or comma
delimited format.
Set logonHours Attribute of Users
PowerShell script to assign the hours when users are allowed to logon to the
domain.
Document Active Directory Organization
PowerShell version 1.0 script to document the organizational structure
specified by the manager and directReports attributes of Active Directory
objects, on the "Organization" tab of ADUC.
Update sAMAccountNames of AD Users in Bulk
PowerShell V2 script to check proposed values for user "pre-Windows 2000
logon" names. This is the value of the sAMAccountName, also called the NT
name of the user. Checks include uniqueness, length, and invalid characters.
The script is useful if you change your naming standard.
Count Values in all Non-Linked Multi-Valued Attributes of Object
PowerShell V2 script to count the number of values in every non-linked
multi-valued attribute of a specified object. The numbers are reported for
each such attribute that has at least one value. Finally, the script reports
the grand total number of values for all the attributes.
Find All AD Objects With Forward Linked Multi-Valued Attribute Values
PowerShell V2 script to find all Active Directory objects with values
assigned to forward linked multi-valued attributes. If the values were
assigned before the FFL was at least Windows Server 2003, these attributes
may not be taking advantage of link value replication (LVR).
Fix Legacy Members of a Specified AD Group
PowerShell V2 script to fix "legacy" members of a specified Active Directory
group. This allows the member attribute of the group to take advantage of
Link Value Replication (LVR). "Legacy" members were assigned before the FFL
was at least Windows Server 2003.
Fix Legacy Values of a Specified AD Object Attribute
PowerShell V2 script to fix "legacy" values of a specified attribute of an
Active Directory object. This allows the values of the attriubte to take
advantage of Link Value Replication (LVR). "Legacy" values were assigned
before the FFL was at least Windows Server 2003.
Find All Accounts with Bad Password Counts
PowerShell
Version 1 script to find all accounts that are experiencing bad password
attempts. The script finds all accounts where the badPwdCount attribute has
a value greater than 0 on any Domain Controller in the domain.
Troubleshoot Account Bad Password Attempts
PowerShell Version 1 script to assist in troubleshooting accounts experiencing bad password attempts. It can also be used to investigate how accounts get locked out in Active Directory.
Update Shadow Group with Users in Specified Organizational Unit
PowerShell Version 2 script to ensure all users in a specified OU are also members of a corresponding shadow group. Also makes sure users not in the OU are not members of the group. A Fine Grained Password Policy can be applied to the group.
Parse Log File of Logon and Logoff Events for Sessions
PowerShell Version 1 script to parse a log file that documents logon and logoff events. From the log file the script outputs user sessions.
Find Orphaned Objects in Active Directory
A PowerShell V1 script to find all orphaned objects in Active Directory. These are security principals that were once members of a group protected by the Security Descriptor Propagator process (SDProp). When these objects are removed from protected groups they become orphaned.
PowerShell Script to Find All Empty Groups in the Domain
PowerShell Version 2 script to find all empty groups in the domain. This will be groups where the member attribute is empty, and also where no user or computer has the group designated as their primary group.
Update Active Directory Users in Bulk from CSV
PowerShell V2 script to update Active Directory users from a CSV file. Only specified fields in the CSV that are not missing update the users. The value "<delete>" flags to clear the attribute. Attributes are not updated if the value in the CSV matches the existing value in AD.
PowerShell Function to Spell Strings Phonetically
A PowerShell version 2.0 script function to spell one or more strings, such as passwords, phonetically. If requested, the function determines if the strings meet complexity requirements. This allows any code that generates passwords to include more characters.
Parse Log of Logons and Logoffs to Find Computers a User is Logged into
PowerShell version 2 script to parse a comma delimited log file created by logon and logoff scripts. For a specified user the script outputs any computers the user has logged into, but has not yet logged out of. The script outputs the username, the computer names, and the date and time when the user logged into each computer. The log file is created by logon and logoff scripts configured in Group Policy.
Document Replication Schedule of Active Directory Connection Object
This is a PowerShell script to document the replication schedule assigned to a connection object. The script documents the schedule attribute of the object in Active Directory. The schedule attribute is a byte array with one byte for every hour of every day of a week.
Update Replication Schedule of Active Directory Connection Object
This is a PowerShell script to update the replication schedule assigned to a connection object in Active Directory. The script updates the schedule attribute of the object. The schedule attribute is a byte array with one byte for every hour of every day of a week.
Extend Password Expiration for Active Directory Users in Bulk
A PowerShell script to extend the password expiration date for users in bulk. Each user modified by this script will have their password expire MaxPasswordAge days after they next logon.
Export sAMAccountNames of Active Directory Users to Several CSV files
A PowerShell script to export Active Directory user sAMAccountNames into a specified number of CSV files. Sometimes it is necessary to deal with Active Directory users in bulk. A CSV file that uniquely identifies the users is required. The sAMAccountName attribute uniquely identifies users in Active Directory. But if the users should be processed in groups, you will need a series of CSV files. A separate PowerShell script can use one of the CSV files to import the users and perform some action on each user.
Find Duplicate Email Addresses among Several Attributes of any AD Object
This is a PowerShell script to find duplicate email addresses among any objects in Active Directory. Duplicates raise errors during synchronization with Azure AD or Office 365. All classes of objects are considered. The email addresses can be in any of four attributes: userPrincipalName, mail, proxyAddresses, and msRTCSIP-PrimaryUserAddress.
Document Latest lastLogon and Cumulative logonCount Among All DCs for All Users
This PowerShell script retrieves the values of lastLogon and logonCount for every user account on each domain controller (DC) in the domain. The script outputs the latest lastLogon value and the total logonCount over all DCs for each user.
Document lastLogon and logonCount for a Specified User on All DCs
This PowerShell script outputs the values of lastLogon and logonCount for a specified user account on each domain controller (DC) in the domain.
Update userWorkstations Attribute of Users in Bulk from CSV
PowerShell script to update the userWorkstations attribute of Active Directory users in bulk from the information in a CSV file. Computer names can be added and/or removed from the attribute.
Document all Attributes of Specified Active Directory Object
A PowerShell script to document all attributes of a specified Active Directory object. The script first documents all mandatory attributes for the class of the object, then all optional attributes. The script documents each attribute lDAPDisplayName, the syntax, if it is multi-valued, if it is operational (also called constructed), and the value or values assigned. If the attribute has no value assigned for the object, this is indicated.
Update Dynamic Group with Users Meeting Specified Conditions
This is a PowerShell script to ensure that all users meeting specified conditions are members of a corresponding dynamic group. It also makes sure users not meeting the conditions are not members of the group. The script can be run periodically to maintain the group membership.
EFLAW Readability Score of Any Document
When composing for a global audience, you want your document to be
understood by readers whose native language is not English. This VBScript
program reads text from a specified text file and calculates the McAlpine
EFLAW(TM) Readability Score.
Fix Color Issues in TechNet Wiki Articles
Many Wiki articles use colors. Unfortunately, the way colors are often
specified in HTML, using RGB values, is no longer supported in the TechNet
Wiki. Until this situation is corrected, this VBScript program can help
select the best color name to substitute for any RGB value.
Parse TechNet Wiki Article HTML for Problems
VBScript program to parse a TechNet Wiki article HTML for problems, many of
which affect the Table of Contents feature.
TNWiki Summit 2015 Presentation: Leading Spaces in Active Directory Names
Presentation by Richard Mueller during the International TechNet Wiki Summit
2015, held March 18, 2015, at 18:30 UTC. Leading spaces in RDNs in AD causes
problems. We discuss how the idea for the article arose, how it was
researched, the solution, and features used in the Wiki.
TNWiki Summit 2015 Presentation: Wiki Cross-Linking
Presentation by Richard Mueller during day 2 of the International TechNet
Wiki Summit 2015, held March 18, 2015, at 17:45 UTC. Discusses the value of
adding links to our Wiki articles, and demonstrates how to do it.
PowerShell Script to Calculate Training Heart Rate Zones
A PowerShell script to calculate training heart rate zones. It is intended for use by non-technical users. For this reason the design criteria were selected with the needs of consumers in mind. The script demonstrates how to use Windows Forms in PowerShell.
PowerShell Script to Check for Unbalanced Quotes in Source Code
A PowerShell script that flags all lines with an odd number of quote characters. The Script can be run on any source code to find unbalanced quotes, including PowerShell, VBScript, Visual Basic, HTML, and PHP. It can also be run on text files.