active directory

November 26, 2018
This probably takes a bit of explanation. My use case is the following: I wish to expose an internal Wiki outside the corporate network. To accomplish this I use an Azure AD Application Proxy. I also wish to restrict who has access to the application proxy and enforce multifactor authentication. This is easily accomplished by setting “User assignment required” in properties and adding a Conditional Access-policy. However. A really weird drawback in Azure AD is lack of support for nested groups.
September 29, 2017
1Get-ADUser -SearchBase "ou=users,dc=contoso,dc=com" -Filter * -Properties Name, EmployeeNumber, UserPrincipalName, Manager | where {$_.Manager -eq $null} | ft Name, EmployeeNumber, UserPrincipalName, Manager

Because “Manager” is an extended attribute in Active Directory you can’t use -Filter {Manager -notlike “*”} like you would with basic attributes

September 22, 2017
To delete an entire tree structure with objects (typically Organizational Units) with the flag “ProtectedFromAccidentialDeletion” we first need to remove the flag. We can then select the top node and delete the entire tree. Needless to say, you should probably use this with caution. If you don’t want to remove the protection from every OU in the specified SearchBase you need to split up and run the command multiple times with different values for the SearchBase-argument
July 17, 2017
1Get-ADUser -Filter "*" -SearchBase "ou=Users,dc=contoso,dc=com" -Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
2    Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}