Which Version Does Import-Module Import? Sept. 27, 2021, 12:20 p.m.

When you use Import-Module, run a command that triggers module auto-loading (PowerShell 3.0+), or run a script or module with a #Requires -Module directive, Windows PowerShell does not import the newest version of the module. Instead, it imports the newest version of the module that it finds in the first directory in which it finds the module. The order in which it looks for the module is determined by the value of the PSModulePath environment variable ($env:PSModulePath).


Managing Access Control with Desired State Configuration Sept. 15, 2021, 11:13 a.m.

Over the summer, the PowerShell Access Control module got some DSC resources to help manage security descriptors for for some of the supported object types. The module includes three resources: cAccessControlEntry, cSecurityDescriptorSddl, and cSecurityDescriptor.

windows powershell security dsc

Creating a Composite DSC Configuration with Parameters Jan. 6, 2020, 12:37 p.m.

When a Composite Configuration is created as an ordinary module, it seems like it behaves like an ordinary Cmdlet. This means, to pass parameters to the composite configuration I had to do:

Node localhost 
    BaseConfig Common -MyParameter "My Parameter Value" {} 
powershell dsc

PSWindowsUpdate June 7, 2019, 9:24 a.m.

This is a fork of Michal Gajda's PSWindowsUpdate PowerShell module. The original module can be found on the PowerShell Gallery.

windows powershell github

List Group Policy Client Side Extensions Sept. 4, 2018, 3:50 p.m.

The order of Client Side Extensions are the order you see in the registry, and that is the order you see in my list as well. But, yes normally there is a but as well Smile the first CSE to be applied is {35378EAC-683F-11D2-A89A-00C04FBBCFA2}, this is the one for Registry/Administrative Templates this also includes if you write an ADMX template on your own, this will be applied first.

function Get-GPClientSideExtensions {
    Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions" | foreach {
        $guid = ($_.Name).Split("\") | Select -Last 1
        $props = Get-ItemProperty $_.PSPath

        # Guessing CSE name in order (default), ProcessGroupPolicy, ProcessGroupPolicyEx
        if ($props.'(default)') {
            $description = $props.'(default)'
        } elseif ($props.ProcessGroupPolicy) {
            $description = $props.ProcessGroupPolicy
        } elseif ($props.ProcessGroupPolicyEx) {
            $description = $props.ProcessGroupPolicyEx
        } elseif ($gpeGuid = "{35378EAC-683F-11D2-A89A-00C04FBBCFA2}") {
            $description = "Administrative Templates"
        } else {
            $description = "Error guessing CSE name"

        [PSCustomObject] @{
            GUID = $guid
            Description = $description
powershell active directory group policy

Report and Edit AD Site Links From PowerShell May 24, 2018, 10:30 a.m.

Optimising AD inter-site transport settings.

powershell active directory

How to determine which .NET Framework versions are installed Jan. 25, 2018, 9:32 a.m.

In powershell:

Get-ChildItem "HKLM:SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\" | Get-ItemPropertyValue -Name Release
microsoft powershell .net

PowerShell: How to require either one parameter or the other but not both Oct. 17, 2017, 7:38 p.m.

You can do this using parameter sets. By putting each parameter in one set and not the other, PowerShell will take care of the rest.


Understanding the GPO version number Oct. 17, 2017, 7:38 p.m.

If you've ever poked around to look at the raw GPO version number, you've probably wondered why is the number so huge and how does it get displayed as a much smaller value when you view the version number using GPMC.

windows powershell active directory group policy

Get AD group membership recursively with PowerShell Sept. 26, 2017, 10:25 a.m.

The solution should retrieve not only direct group membership, but indirect (through group nesting) too. Although the question is plain and simple, the solution is very interesting from various perspectives.

programming powershell active directory

Handling Credentials with AWS Tools for Windows PowerShell Sept. 22, 2017, 9:40 a.m.

The cmdlets provided in the AWS Tools for Windows PowerShell provide three ways to express credential information. Some approaches are more secure than others.

powershell security aws

AWS Tools for PowerShell Reference Aug. 17, 2017, 2:15 p.m.

The AWS Tools for PowerShell are a set of PowerShell cmdlets that are built on top of the functionality exposed by the AWS SDK for .NET. The AWS Tools for PowerShell exposes cmdlets to support the same set of services and regions as supported by the SDK. This cmdlet reference covers cmdlets available in both the AWSPowerShell and AWSPowerShell.NetCore modules.

powershell reference aws

Carl Webster - Scripts and Other Utilities July 20, 2017, 10:05 a.m.

Library of admin scripts for Active Directory.

windows powershell active directory script

Script Windows Update PowerShell Module May 15, 2017, 4:11 p.m.

This function is a piece of PSWindowsUpdate module to manage Windows Update on a computer system running Windows. Whole module contain set of functions to check, download and install updates from PowerShell.

windows powershell security

PowerShell – Move AD FSMO Roles Feb. 24, 2017, 12:53 p.m.

Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator

powershell active directory

How to Find Specific Exceptions to Use with Try/Catch in PowerShell Feb. 23, 2017, 2:17 p.m.



Active Directory Delegation via PowerShell – May I see your ID(entity)? Feb. 22, 2017, 2:42 p.m.

The pseudo code for doing this is pretty simple:

  1. Get the current DACL on the object we desire to set permissions on.
  2. Append the existing DACL with a new ActiveDirectoryAccessRule.
  3. Re-apply the DACL.
sysadmin powershell active directory

Active Directory's Object Specific ACEs and PowerShell Feb. 22, 2017, 2:38 p.m.

Active Directory ACE (access control entries) are different from your regular ACEs (for example, NTFS), because they can be used to grant permissions only on specific types of objects, and to propagate only to specific types of child objects. My question is - how do I replicate this in PowerShell?

sysadmin powershell active directory

Dump a list of all schemaIDGUIDs with PowerShell Feb. 22, 2017, 2:26 p.m.

There are well known methods for setting Access Control Entries (ACEs) on Active Directory objects using Powershell, which rely on you knowing the schemaIDGUID of the schema object classes you are working with (e.g. User, Computer, Group). Unless you know your way around AD it’s not always immediately obvious where to find the schemaIDGUIDs that you need. To help you with this, I’ve thrown together a couple of PowerShell snippets.

sysadmin powershell active directory

Add Object Specific ACEs using Active Directory Powershell Feb. 22, 2017, 2:24 p.m.

In the example below, we are going to create two object specific ACEs with one granting the group “myGroup” the extended right “Reset Password” for all users and the other giving it permission to delete computer objects, all under the organizationUnit “myOU”.

sysadmin powershell active directory