PowerShell List all Enabled Accounts that have an Expired Password

Took longer then expected to work this out, here it is Get-ADUser -filter * -properties * | Where-Object {$_.Enabled -eq $true} |where-object {$_.Passw ordExpired -eq $true} |select name,passwordexpired,mail You can see where there are 2 properties being checked, and I think is should be easy to add a third.  wonder if there is a cleaner […]


New Powershell command Get-PerimeterMessageTrace

  So I want to put this out there, because I googled the crap out to this hand got zero information. When doing an exchange message trace, it was used to see incoming email.  going to have to explore this more, and find out what it really can do.   PS C:\Windows\system32> PS C:\Windows\system32> Get-PerimeterMessageTrace […]


Show all Domain Computers that are Online

Quickie one liner; get-adcomputer -filter * | Where { Test-Connection $_.name -count 1 -quiet } | Select @{Name=”Computername”;Expression={$_.Name}} Reference : https://www.petri.com/test-network-connectivity-powershell-test-connection-cmdlet


Convert LDAP Time

This is the reference and an online converter.   EpochConverter.com The 18-digit Active Directory timestamps, also named ‘Windows NT time format’,’Win32 FILETIME or SYSTEMTIME’ or NTFS file time. These are used in Microsoft Active Directory for pwdLastSet, accountExpires, LastLogon, LastLogonTimestamp and LastPwdSet. The timestamp is the number of 100-nanoseconds intervals (1 nanosecond = one billionth of […]


Powershell fun for the System Monitor

So, I like my monitors to do more then just blink.  Also, its good for people to come by and see something happening in IT, as most of the stuff we do is invisible.  I started out this script so I could do functions on ranges of IP’s, and it turned into this fun little […]


Office 365 Brute Force Attack

If the Office.com accounts are being constantly locked out, you can’t really tell by the ADFS logs if it is an email account that is being attacked, or if it is the general Office account.  In my case, it was email, and so with MS new rules, we were able to turn off Basic authentication.  […]