Powered by Ed Buford and Coffee

Tag: PowerShell

Finding AD Groups with PowerShell

How to List AD Groups by type using PowerShell

The AD group type is a bit of a mystery to me. I’m not sure why Microsoft has chosen to make thing they way they have and I have to keep reminding myself they have been building Active Directory a lot longer than they have been building PowerShell.
Today one of my team asked me to see if I could pull Domain Local groups out of AD using PowerShell. I was sure this was going to be as easy as it sounds. Turns out it isn’t straight forward.

Since there isn’t a Get-ADGroupType PowerShell command I went looking at the Attributes and here’s what I found:


Even more confusing when you Open that Attribute you get something even more interesting:



So I started searching around MSDN and I came up with this chart:

Group Type                                                 Value
Global distribution group                        2
Domain local distribution group           4
Universal distribution group                  8
Global security group                               -2147483646
Domain local security group                  -2147483644
Universal security group                         -2147483640

Now that I have the value I’m looking for I can pull it out of AD:
In order to do that I need to log into Domain Controller or a Domain computer with RSAT loaded.  Then I can import the ActiveDirectory module:

Import-module ActiveDirectory

Then I can get the Group Type by using the command below

Get-ADGroup -Filter * -Properties GroupType | where {$_.GroupType -eq “-2147483644”} | FL name

If I want to change the Group Type that I’m searching for then I just change the number from the list above make sure to include the Negative on the ones that have it listed.

[sourcecode language='powershell' ]
Get-ADGroup -Filter * -Properties GroupType | where {$_.GroupType -eq "-2147483644"} | FL name


Moving FSMO Roles with PowerShell

If you’ve ever had to move FSMO roles in Active Directory to another server you know it’s not as straight forward as it could should be (At least until I found PowerShell).

Open the Active Directory Module for Windows PowerShell or open PoweShell on a machine with RSAT installed and Import-Module ActiveDirectory


Part of the FSMO roles are Domain and part are Forest so you’ll need to use 2 commands to get the roles.
To get the Domain role holders:

Get-ADDomain | select PDCEmulator,RIDMaster,InfrastructureMaster

To get the Forest role holders:

Get-ADForest | select SchemaMaster,DomainNamingMaster

Moving roles only requires one command. Change the Target-DC to the name Domain Controller you’re moving the FSMO role(s) to.

There are 5 FSMO roles include the ones you want to move.

Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator


Recover Deleted Items from Exchange Dumpster

I was having a conversation at lunch with a friend who needed to recover some items for a user from the Exchange Dumpster. So I came up with a one-liner to help you do just that but BEFORE i can really give you the one-liner I need to give you some background.

First there is a Deleted Items folder in your Exchange Mailbox. When you delete an email it goes here first (for many people that is as far as it goes but that’s another blog post…).
A user can simply look here in the their deleted Items folder and find something they have deleted if that folder has not yet been emptied.

If the Deleted Items folder has been emptied it will remain in the Deletions folder (Dumpster) for the next 14 days by default. During this time the user can use Outlook and or OWA to Recover Items that are now in the Dumpster.  I love this feature but it’s not very much fun for the user if they have deleted a lot of items lately. 

So to make things a little easier on the user you can recover all the items in PowerShell and then export them so the user can sort them to their hearts content.  The tricky part here is that you can’t drop them directly back into the mailbox you’re searching.  You can use the DiscoverySearchMailbox but I keep an admin mailbox around that I use for just such occasions. I call this mailbox SearchAdmin and it will become the Target mailbox.

The PowerShell command looks like this:

Search-Mailbox -identity ebuford -SearchDumpsterOnly -TargetMailbox SearchAdmin –TargetFolder ebufordDumpster

Search-Mailbox -identity ebuford -SearchDumpsterOnly -TargetMailbox SearchAdmin –TargetFolder ebufordDumpster

The three items in red are user mailbox you’re searching (ebuford) the target mailbox your dropping the files in (SearchAdmin) and the name of the Folder you want to dump them in (ebufordDumpster).

Once you’ve got them in the new folder you can export to a PST and then Import them back into the users mailbox. Now this isn’t the most straightforward admin task you’re going to do, but if you really want to please a user (or maybe your boss) this will make you some brownie points!


Get your top 5 Errors out of your Event logs

So many times I want to know what Errors are filling up the logs on a server.
Here’s a quick PowerShell to show you the top 5 Errors in your Application or System Logs.
Use this one for Application Log Errors:

Get-EventLog -LogName Applicaiton -EntryType error | Group source,eventid | Sort count -Descending | select -First 5 | FT count,Name

And this one for System Log Errors:

Get-EventLog -LogName system -EntryType error | Group source,eventid | Sort count -Descending | select -First 5 | FT count,Name


Quick Weather

A script a co-worker wrote to grab weather

$url = ""
$data = Invoke-RestMethod $url
$temp = $data.current_observation.temp_f -as [decimal]
$wind = $data.current_observation.wind_mph -as [decimal]
$weather = $

$temp_desc = $null
$wind_desc = $null

    { $_ -le 15 } { $temp_desc = "stupidly cold outside" }
    { $_ -le 40 -and $_ -gt 15 } {$temp_desc = "cold outside"}
    { $_ -le 60 -and $_ -gt 40 } {$temp_desc = "a little chilly outside"}
    { $_ -le 80 -and $_ -gt 60 } {$temp_desc = "warm and comfortable outside"}
    { $_ -le 90 -and $_ -gt 80 } {$temp_desc = "quite warm outside"}
    { $_ -le 100 -and $_ -gt 90 } {$temp_desc = "hot outside"}
    { $_ -gt 100 } {$temp_desc = "stupidly hot outside"}

    { $_ -le 0 } {$wind_desc = "quiet, a little too quiet...."}
    { $_ -le 5 -and $_ -gt 0 } {$wind_desc = "a gental breeze."}
    { $_ -le 10 -and $_ -gt 5 } {$wind_desc = "a brisk draft."}
    { $_ -le 15 -and $_ -gt 10 } {$wind_desc = "quite a bit windy."}
    { $_ -le 20 -and $_ -gt 15 } {$wind_desc = "blowing more than you would like."}
    { $_ -le 25 -and $_ -gt 20 } {$wind_desc = "frustratingly powerful."}
    { $_ -ge 26 } {$wind_desc = "an unstopable hurricane!"}

"The weather is currently $temp_desc with winds that are $wind_desc You might also notice it's $weather."

Save the script and then execute it like this:


Another one-line example:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri  -Credential $LiveCred -Authentication Basic –AllowRedirection