PowerShell Oneliners

17 May 2017
Powershell / ActiveDirectory
Just a list of useful oneliners for powershell server and AD management. Obviously some are not actually oneliners, but hey they’re quick!
#Retrieve the PDC AD Object using ADSI
$PDC = [adsi]([adsi]"LDAP://$(([adsi]"LDAP://$(([adsi]"LDAP://rootdse").defaultNamingContext)").fsmoroleowner)").parent 

#PDC name to the clipboard
([adsi]([adsi]"LDAP://$(([adsi]"LDAP://$(([adsi]"LDAP://rootdse").defaultNamingContext)").fsmoroleowner)").parent ).dnshostname | clip

#List all PDCs in the forest (Requires ActiveDirectory powershell module)
get-adforest | select -expand domains | %{Resolve-DnsName "_ldap._tcp.pdc._msdcs.$_" -Type SRV} | ?{$_.querytype -eq 'A'} | select name,Address

#On the PDC - check to see if SDPropogation is in progress (if numbers are greater than 0 it is in progress)
get-counter -counter '\directoryservices(ntds)\ds security descriptor propagator runtime queue','\directoryservices(ntds)\ds security descriptor propagations events'

#Quickly list dnshostname of all DCs in the forest
(New-Object adsisearcher([adsi]"LDAP://$(([adsi]"LDAP://rootdse").configurationNamingContext)","(objectClass=nTDSDSA)")).findall() | %{($_.properties.distinguishedname[0] -replace 'cn=NTDS Settings,','')} | %{[adsi]"LDAP://$_"} | select -expand dnshostname

#get the last executed command to the clipboard
(get-history)[-1].commandline | clip

#Get the last boot time to a date/time object
wmic os get lastbootuptime | ?{$_ -match '^(?<year>\d\d\d\d)(?<month>\d\d)(?<day>\d\d)'} | %{ (get-date -year $matches.year -month $matches.month -day $matches.day)} 
(get-wmiobject Win32_OperatingSystem -Property lastbootuptime).lastbootuptime 

#get the last boot time to the clipboard
wmic os get lastbootuptime | ?{$_ -match '^(?<year>\d\d\d\d)(?<month>\d\d)(?<day>\d\d)'} | %{ (get-date -year $matches.year -month $matches.month -day $matches.day).tostring()} | clip

#Create a scheduled task to restart the server in x hours 
$hours = 1
schtasks /Create /RU "NT AUTHORITY\SYSTEM" /SC ONCE /st $((get-date).addhours($hours).tostring('HH:mm')) /TN My-ScheduledRestart /RL HIGHEST /TR "%windir%\system32\Shutdown.exe /r /t 10" /SD $((get-date).addhours($hours).tostring($([System.Globalization.DateTimeFormatInfo]::CurrentInfo.ShortDatePattern).replace('M+', 'MM').replace('d+', 'dd')))

#Create a scheduled task to restart at a specific date and time
$date = get-date -hour 21 -minute 30 -day 20
schtasks /Create /RU "NT AUTHORITY\SYSTEM" /SC ONCE /st $(($date).tostring('HH:mm')) /TN My-ScheduledRestart /RL HIGHEST /TR "%windir%\system32\Shutdown.exe /r /t 10" /SD $(($date).tostring($([System.Globalization.DateTimeFormatInfo]::CurrentInfo.ShortDatePattern).replace('M+', 'MM').replace('d+', 'dd')))

#Seize all roles
ntdsutil "roles" con "con to dom $((get-addomain).name)" q "Sei PDC" "Sei Inf ma" "sei sch ma" "sei na ma" "sei rid ma" q q

#find deleted computer objects
get-adobject -SearchBase (get-addomain).deletedobjectscontainer -IncludeDeletedObjects -filter {samaccountname -eq 'MyServer$'} -properties *

#find deleted computer user
get-adobject -SearchBase (get-addomain).deletedobjectscontainer -IncludeDeletedObjects -filter {samaccountname -eq 'SmithJ'} -properties *

#Get the Active Directory object of the current computer
[ADSI]"LDAP://<SID=$((new-object System.Security.Principal.NTAccount("$(&hostname)`$")).Translate( [System.Security.Principal.SecurityIdentifier] ).toString())>"

#list the AD Groups of the current computer
([ADSI]"LDAP://<SID=$((new-object System.Security.Principal.NTAccount("$(&hostname)`$")).Translate( [System.Security.Principal.SecurityIdentifier] ).toString())>").properties.memberof

#Get a random SCOM server
get-adobject -ldapfilter '(&(objectclass=ServiceConnectionPoint)(serviceBindinginformation=*))' -searchbase "cn=operationsmanager,$(([adsi]"LDAP://rootdse").defaultNamingContext)" -properties serviceBindinginformation,ServiceClassName,ServiceDNSName | Get-Random