Creating New FTP User on Active Directory with Powershell

02/03/2010 12:43, Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comments »

Creates a new user on Active Directory and sets “Password never expires”

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Function Add-FTPUser
{
Param ($FTPUsername, $FTPPassword)
 
    $ADDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    $ADDomainName = $ADDomain.Name
    $ADServer = ($ADDomain.InfrastructureRoleOwner.Name.Split(".")[0])
    $FQDN = "DC=" + $ADDomain.Name -Replace("\.",",DC=")
    $ADDomain = [ADSI] "LDAP://$ADServer/$FQDN"
    $CustomerOU = [ADSI] "LDAP://$CustomerOU,$FQDN"
    $User = [ADSI] "LDAP://CN=$FTPUsername,$CustomerOU,$FQDN"
    $PrincipalName = $FTPUsername + "@" + $ADDomainName
    $AddADUser = $CustomerOU.Create("User","CN=$FTPUsername")
    $AddADUser.Put("Description", "$FTPUsername")
    $AddADUser.Put("sAMAccountName", "$FTPUsername")
    $AddADUser.Put("userPrincipalName", "$PrincipalName")
    $AddADUser.Put("DisplayName", "$FTPUsername")
    $AddADUser.SetInfo()
    $AddADUser.SetPassword($FTPPassword)
    $AddADUser.SetInfo()
    $AddADUser.Psbase.Invokeset("AccountDisabled", "False")
    $AddADUser.SetInfo()
    $AddADUser.Put("userAccountControl", "65536")
    $AddADUser.SetInfo()
}

I didn’t change Primary Group of my FTP user. Because I don’t need for ACL.

Tags: , ,

AddThis Social Bookmark Button

Creating New IIS User on Active Directory with Powershell

02/03/2010 12:40, Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comments »

Creates a new user on Active Directory, sets “Password never expires” and changes primary group of user.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Function Add-IISUser
{
Param ($Username, $Password)
 
    $ADDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    $ADDomainName = $ADDomain.Name
    $ADServer = ($ADDomain.InfrastructureRoleOwner.Name.Split(".")[0])
    $FQDN = "DC=" + $ADDomain.Name -Replace("\.",",DC=")
    $ADDomain = [ADSI] "LDAP://$ADServer/$FQDN"
    $CustomerOU = [ADSI] "LDAP://$CustomerOU,$FQDN"
    $User = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
    $PrincipalName = $Username + "@" + $ADDomainName
    $AddADUser = $CustomerOU.Create("User","CN=$Username")
    $AddADUser.Put("Description", "$Username")
    $AddADUser.Put("sAMAccountName", "$Username")
    $AddADUser.Put("userPrincipalName", "$PrincipalName")
    $AddADUser.Put("DisplayName", "$Username")
    $AddADUser.SetInfo()
    $AddADUser.SetPassword($Password)
    $AddADUser.SetInfo()
    $AddADUser.Psbase.Invokeset("AccountDisabled", "False")
    $AddADUser.SetInfo()
    $AddADUser.Put("userAccountControl", "65536")
    $AddADUser.SetInfo()
    $DomainNC = ([ADSI]"LDAP://RootDSE").DefaultNamingContext
    $DomainUsers = [ADSI]"LDAP://CN=Domain Users,CN=Users,$DomainNC"
    $DomainUsers.GetInfoEx(@("primaryGroupToken"), 0)
    $OldGroupToken = $DomainUsers.Get("primaryGroupToken")
    $DomainGuests = [ADSI]"LDAP://CN=IIS_USERS,CN=Users,$DomainNC"
    $DomainGuests.GetInfoEx(@("primaryGroupToken"), 0)
    $NewGroupToken = $DomainGuests.Get("primaryGroupToken")
    $DomainGuests.Add([String]($AddADUser.AdsPath))
    $AddADUser.Put("primaryGroupId", $NewGroupToken)
    $AddADUser.SetInfo()
    $DomainUsers.Remove([String]($AddADUser.AdsPath))
}

Our new Primary Group is IIS_USERS as you see. You can change that group name.

Tags: , ,

AddThis Social Bookmark Button

Getting Active Directory Information with Powershell

02/03/2010 12:35, Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comments »

My script works on all Active Directory Infrastructures without any change on script.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Function Get-ADInfo
{
    $ADDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    $ADDomainName = $ADDomain.Name
    $Netbios = $ADDomain.Name.Split(".")[0].ToUpper()
    $ADServer = ($ADDomain.InfrastructureRoleOwner.Name.Split(".")[0])
    $FQDN = "DC=" + $ADDomain.Name -Replace("\.",",DC=")
 
    $Results = New-Object Psobject
    $Results | Add-Member Noteproperty Domain $ADDomainName
    $Results | Add-Member Noteproperty FQDN $FQDN
    $Results | Add-Member Noteproperty Server $ADServer
    $Results | Add-Member Noteproperty Netbios $Netbios
    Write-Output $Results
}

Usage is pretty simple:

Get-ADInfo

Thats all! :)

Getting Netbios name:

(Get-ADInfo).Netbios

Getting FQDN:

(Get-ADInfo).FQDN

Getting Active Directory Domain Name:

(Get-ADInfo).$ADDomainName

Getting Active Directory Primary Server Name:

(Get-ADInfo).$ADServer

You can use this in your all scripts. You no longer need any active directory information.

Tags: , , , ,

AddThis Social Bookmark Button

Removing Active Directory User with Powershell

02/03/2010 12:26, Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comments »

It’s very easy to remove an Active Directory user with Powershell.

1
2
$CustomerOU = [ADSI] "LDAP://$CustomerOU,$FQDN"
$RemoveADUser = $CustomerOU.Delete("User", "CN=$Username")

Again and again, please be sure about your LDAP path.

Tags: , ,

AddThis Social Bookmark Button

Changing Active Directory User Password with Powershell

02/03/2010 12:23, Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comments »

You see how easy to change ad user password with Powershell.

1
2
3
$ADUser = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$ADUser.SetPassword($Password)
$ADUser.SetInfo()

Again, be careful to LDAP name. Have fun!

Tags: , ,

AddThis Social Bookmark Button

Setting Primary Groups of Active Directory Users with Powershell

02/03/2010 12:19, Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comments »

As you know, changing Primary Group of Active Directory users is a difficult job for system administrators.
You need to set a new one, then assign that as a primary, after all you can remove old group.
But that’s easy if you know Powershell.

1
2
3
4
5
6
7
8
9
10
11
12
$User = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$DomainNC = ([ADSI]"LDAP://RootDSE").DefaultNamingContext
$DomainUsers = [ADSI]"LDAP://CN=Domain Users,CN=Users,$DomainNC"
$DomainUsers.GetInfoEx(@("primaryGroupToken"), 0)
$OldGroupToken = $DomainUsers.Get("primaryGroupToken")
$DomainGuests = [ADSI]"LDAP://CN=IIS_USERS,CN=Users,$DomainNC"
$DomainGuests.GetInfoEx(@("primaryGroupToken"), 0)
$NewGroupToken = $DomainGuests.Get("primaryGroupToken")
$DomainGuests.Add([String]($User.AdsPath))
$User.Put("primaryGroupId", $NewGroupToken)
$User.SetInfo()
$DomainUsers.Remove([String]($User.AdsPath))

This script simply set IIS_USERS as a primary group of Active Directory users.

Tags: , , ,

AddThis Social Bookmark Button

Setting “Password never expires” for Active Directory Users with Powershell

02/03/2010 12:13, Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comments »

You have to set “Password never expires” for some active directory users like IIS or SCVMM users. To do this with Powershell, we’ll simply use “userAccountControl” property with Powershell.

1
2
3
$User = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$User.Put("userAccountControl", "65536")
$User.SetInfo()

65536 means “Password never expires”. Be careful with LDAP name.

Tags: , , ,

AddThis Social Bookmark Button

Checking Active Directory User with Powershell

02/03/2010 12:06, Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comments »

This is another way to check active directory user with Powershell. I made a function.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Function Check-ADUser
{
Param ($Username)
 
    $ADRoot = [ADSI]''
    $ADSearch = New-Object System.DirectoryServices.DirectorySearcher($ADRoot) 
    $SAMAccountName = "$Username"
    $ADSearch.Filter = "(&(objectClass=user)(sAMAccountName=$SAMAccountName))"
    $Result = $ADSearch.FindAll()
 
    If($Result.Count -eq 0)
    {
        Write-Host "No such user on the Server" | Out-Null
        $Status = "0"
    }
    Else
    {
        Write-Host "User exist on the Server" | Out-Null
        $Status = "1"
    }
 
    $Results = New-Object Psobject
    $Results | Add-Member Noteproperty Status $Status
    Write-Output $Results    
}

Usage:

Check-ADUser -Username "yusufozturk"

You can use this function with Status property. It’s useful.

Tags: , , ,

AddThis Social Bookmark Button

Creating a Quota Limit for IIS7.5 FTP Sites with Powershell

27/02/2010 16:40, Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comments »

You should install Windows File Services to use DirQuota cmdlet in Powershell.

DirQuota Quota Add /Path:"$LogDir" /Limit:$FTPQuota

Usage of $FTPQuota is like “100mb”. You can use help to find out more.

Tags: , ,

AddThis Social Bookmark Button

Clearing Default Security Settings of FTP on IIS7.5 with Powershell

27/02/2010 16:30, Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comments »

First you need to clear default security settings to create your own settings.

Clear-WebConfiguration -Filter /System.FtpServer/Security/Authorization -PSPath IIS: -Location "Default FTP Site/$FTPUserDir"

As I said in earlier posts, $FTPUserDir is the name of the FTP Virtual Site.

Tags: , ,

AddThis Social Bookmark Button