Tag Archives: powershell

PowerShell and DNS

Here is a quick one liner to show how you can pull DNS information and filter it using powershell.  Replace zonename with the name of the zone you want to pull information from and replace computername with the name of the computer you are searching for.

dnscmd.exe /zoneprint zonename | where{$_ -like "*computername*"}


Powershell Remove Unknown User Permission

Below is powershell code to remove unknown user permissions.  These permissions show up as a SID in the file or folder’s ACL.  These are created when a user is deleted but the users permissions remain as a SID in the ACLs.  This code is designed to recursively remove them.

$location = "\\server\share";
#Search recursivly through location defined;
get-childitem -r $location | foreach{
     $tempLocation = $_.FullName;
     #Get ACL for tempLocation;
     $acl = get-acl $tempLocation;
     #Get SID of unknown user from ACL;
     $acl.Access | where{
          $_.IdentityReference -like "*S-1*" -and $_.isinherited -like $false} | foreach{
          #Foreach SID purge the SID from the ACL;
          #Reapply ACL to file or folder with out SID;
          Set-Acl -AclObject $acl -path $tempLocation;

PS Script Pull Event Log data

Below is a script I wrote to help identify computers that had a trust relationship issue with the Active Directory domain.  This script searches for an event on the domain controller that you run this on(please use caution).  It looks for an event that has an event ID of 5723, and that happened today.  Then it pulls the name of the computer identified in the event.  This script allows me to know and address the computers with issues before I get a support call.

#Get todays date;
$today = get-date -uformat "%m/%d/%Y"; 
#Create array for computers;
$cName = @();
#Pull events from system event log that are errors;
$events = Get-EventLog -log system -entrytype Error 
#Filter the events where eventID is 5723 and the time written is today;
$events = $events | where { 
 $_.eventID -eq 5723 -and $_.timewritten -like "$today*" 
#Select computer name property;
$events = $events | select ReplacementStrings;
#Add computer names to array;
$events | foreach { $cName += $_.replacementstrings[0];}; 
#Print array leaving out duplicates
$cName | select -uniq;

Simple Powershell Ping Sweep

Below is code for a very simple powershell ping sweep.  I used this code to automate a process that needed to know which hosts were alive on a subnet.

$ping = New-Object System.Net.NetworkInformation.Ping

$IPScope = "192.168.1";

$IPNode = 1;

while ( $IPNode -le 255 ) {

 $IPtoPing = "$IPScope.$IPNode";
 $stat = $ping.send($IPtoPing) | select status;
 $result = "$IPtoPing $stat";
 $IPNode = $IPNode + 1;


Delete User Profile

The other day I was in need of deleting over 100 profiles and found the built-in Windows tool to be inefficient for this task.  I came across some PowerShell code that was a life saver.  Using the code below I was able to write a script and automate the task.

Finding the User Profile:

$username = "user"

$computername = “computer”

$userProfile = Get-WmiObject -computer $computername win32_userprofile -filter “LocalPath like `’%\\$username`'”

Note: Edit $computername variable with the name of the computer with the profile on it.  Yes this can be done remotely.  Also edit the $username variable with the user you are looking for.

Verify Correct User Profile:


Note: You do not want to delete the wrong user profile.  Always double check.

Deleting the User Profile:

$userProfile | Remove-WmiObject

Note: This code is only for users that have been properly logged off and their registry hive has been unloaded.  If you see an error, one of those two reasons may be the problem.   Restarting before you delete is one way to make sure the registry hive is unloaded.

Recovering AD Users and Computers

Periodically I find myself needing to recover a user or computer that has been deleted from Active Directory, and every time I go Googling.  When I finally find the solution, I have to sit back and ask myself, why do I not document this.  So here it is, my documentation on recovering a deleted user or computer.  Enjoy.


  • Windows Server 2008 or 2008 R2
  • Active Directory 2008 or 2008 R2
  • Active Directory Module for Windows PowerShell (obtained through the Add Features in the Server Manager tool on Domain Controller)


  • Open Active Directory Module for Windows Powershell as administrator.
  • Now utilize the Get-ADObject command.

Searching for Users or Computers:

Search for a particular user

Get-ADObject -Filter {Deleted -eq $True -and Name -like "username" -and ObjectClass -eq "User"} -IncludeDeletedObjects

Search for a particular computer

Get-ADObject -Filter {Deleted -eq $True -and Name -like "computername" -and ObjectClass -eq "Computer"} -IncludeDeletedObjects

Note: Asterisks can used in the filter.  “*username*” and your filter can be as simple or as complex as you need.  As long as you include the -IncludeDeletedObjects parameter you should be good to go.

Restoring a User or Computer:

Once you use one of the above commands to locate the user or computer you want to restore, then pipe Restore-ADObject to the end of the statement.  Examples below.  Please make sure your results in your search are the only objects you want restored.

Restore a particular user

Get-ADObject -Filter {Deleted -eq $True -and Name -like "username" -and ObjectClass -eq "User"} -IncludeDeletedObjects | Restore-ADObject

Restore a particular computer

Get-ADObject -Filter {Deleted -eq $True -and Name -like "computername" -and ObjectClass -eq "Computer"} -IncludeDeletedObjects | Restore-ADObject

Restoring other AD Objects:

This method can also be used to restore other deleted objects in AD.  In order to do that you will need to edit the filter to return the needed object.