Release date for my Active Directory Health Check script is set!


As some of you may know, over the last year I’ve been working on a PowerShell script that performs an Active Directory Health Check.
Taking my queue from Carl Webster’s Citrix Documentation scripts and Iain Brighton’s collaboration with Carl on improving the Word generation code, it has finally become time to release my little monster to the world.
I know that I’ve said it before, and every time something came in between… feedback from tester(s), improving the Word file generation part of the script, my customers, a holiday and a couple of events…
No more excuses!
–> On the 17th of Thursday 7/17/2014 I’ll do an online presentation for the Florida PowerShell User Group presenting version 1.0 of the script. :-)
During that session, I’ll release the script on my blog… :-)

The checks in this script are based on my personal best practices. Some of the checks may not be applicable to your environment.

The following fundamental guidelines apply to the script:

1) Must work for all domains in a forest tree.
2) Must work on PowerShell v3 and above.
3) Must work without module dependencies, except for the PowerShell core modules.
4) Must work without Administrator privileges.
5) Must work with Microsoft Word 2007 and above.

The following languages are supported for both Word and the operating system the script runs on:

Catalan Danish Dutch
English Finnish French
German Norwegian Portuguese
Spanish Swedish

The following checks are currently included in the script:

Users Direct member of Domain Local group
Users Password never expires
Users Password not required
Users Password change at next logon
Users Account without expiration date
Users Do not require Kerberos pre-authentication
Users Disabled
Groups Privileged with many members
Groups Privileged with no members
Sites Empty description
Sites No subnet
Sites No server
Sites No connection
Sitelinks With one site
Sitelinks More than two sites
Sitelinks Empty description
Subnets Available but not used
Domain Controllers No contact in last 3 months
Member servers Password never expires
Member servers Password older than 6 months
Member servers Account never expires
Member servers Account disabled
Organisational Unit GPO inheritance blocked


Note that these are just the first checks… there will be more, many more :-)
At this time I will not accept any feature requests since I’ll need to work through the current list of feature requests before taking any new ones.
The checks that have been requested so far:

Trusts Stale trusts
SYSVOL Orphaned GPT’s
NETLOGON Subnets with ‘No client side’ errors
NETLOGON Subnets with any other error
Group Policy Unlinked
Group Policy Empty
Group Policy No userdata but status not set to UserSettingsDisabled
Group Policy No computerdata but status not set to ComputerSettingsDisabled
Group Policy Status set to AllSettingsDisabled
Group Policy All settings disabled
Group Domain Local Group member of Domain Local Group
Sites Incorrect Domain Controller in site
Sitelinks Change notification disabled
Replication Any replication issues
Member Servers Local administrator account not renamed
Member Servers Local administrator account password not required
Member Servers Local administrator account password never expires

Jeffrey Snover at DuPSUG on the Monad Manifesto Revisited


This week we had the honor and pleasure to welcome Jeffrey Snover, Microsoft Distinguished Engineer, at the Dutch PowerShell User Group.
He gave us a choice… he could either talk about Just=Enough-Admin… or about the Monad Manifesto Revisited.
We chose the Monad Manifesto.
Also, for the first time we were able to record a session. This due the high demand both from the Dutch and the international PowerShell community.
So without any further ado, here are the recordings from Jeffrey’s session!

Jeffrey Snover at the Dutch PowerShell User Group – Part 1

Jeffrey Snover at the Dutch PowerShell User Group meeting – Part 2

Jeffrey Snover at the Dutch PowerShell User Group meeting – Part 3

Convert European date format to US standard


Whenever I get a file from an HR department with a date in there, formatted like “21/12/2012″ there could be problems…
When I receive this from HR, it’s in a file… it’s a string.
So when converting this to a datetime format, one could do the following:


Well, this will give you an error, screaming that it’s an impossible date:

Cannot convert value "21/12/2014" to type "System.DateTime". Error: "String was not recognized as a valid DateTime."
At line:1 char:1
+ [datetime]("21/12/2014")
+ ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvalidCastParseTargetInvocationWithFormatProvider

This is because of the standard in which dates are formatted. In case of my country, it’s: dd/mm/yyyy.
But in case of the USA, which for Windows systems is the standard, it’s: mm/dd/yyyy
So I’ve written a small function to convert this format to the format the datetime type accelerator accepts :-)

function Convert-DateEuropeToUS {
    Converts the date in a string from the European to the US format.

    Converts the date in a string from the European, or Dutch specific (i don't know) to the US format.
    Accepts a date in the dd-mm-yyyy or dd/mm/yyyy format.
    .Example> "12/03/1985","03-12-1985" | Convert-DateEuropeToUS
    .Example> Convert-DateEuropeToUS "12/03/1985","03-12-1985"
    param (
    begin {
    } process {
        foreach ($D in $Date) {
        $D = $D.replace('-','/')
        $a= [regex]::Replace($D,"(\w)(\w)(/)(\w)(\w)(/)(\w)(\w)(\w)(\w)",'$4$5/$1$2/$7$8$9$10')
    } end {

That means you can use it like so:

[datetime](Convert-DateEuropeToUS "12/03/1985")
Go to Top