Posts

Adam Bertram

Three Ways to Keep Active Directory Clean

Active Directory is one of those products that tend to get bloated. It’s a product where lots of people are making changes every day to and ultimately ends up being this enormous pile of stuff that somehow still works. Even the most well-intentioned IT department always seems to end up with an Active Directory environment that’s got lots of user accounts no longer needed, GPOs attached to OUs people didn’t even know existed and computer accounts that represented computers long gone. This state seems to creep up on people. One day, someone sits down in front of Active Directory Users and Computers (ADUC) and has that moment where they go, “Wow! This needs cleaned up.”.

Once someone in your organization has that moment, it’s probably going to be a daunting and overwhelming task. You may start a project to “clean up stuff” but you’ll soon find that right-clicking and deleting isn’t going to cut it. There are lots of ways to make this project a success with the first task being to define what exactly “clean up” means. For this article, we’re going to focus on unused user accounts. More specifically, we’re going to focus on three attributes that a user account might have that would deem it “deletable.” Those attributes are disabled accounts, accounts that haven’t been used in X days and accounts with expired passwords.

Read more

Adam Bertram

Syncing a CSV with Active Directory

This series of PowerShell tips and tricks is an on-going collaboration between NinjaRMM and Adam Bertram, Microsoft MVP.

One of the most common applications of PowerShell that I see IT professional is syncing information with Active Directory (AD). It seems like everyone has some external data source that correlates to some employees that we need to get into AD. This is to be expected because AD typically is the most used IT service in an organization and provides an excellent feature not just as authentication but as a repository of employee information.

Whether you’ve got data stored in a custom SQL database or some fancy HR system, it sucks to have to check two spots if you need information like employee department, groups that employee should be a member of and so on. When you do begin to sync that data, the source system may change its schema, may change APIs, servers and so on which means a code rework. To ensure the data source you’re syncing from always stays the same and can easily be created from any number of systems, it’s a good idea to get that data into a CSV file.

A simple CSV file can be exported from just about any software or database and when in this format, gives the administrator a copy that can be tweaked as well as necessary foregoing the requests from another team to change up a database somewhere.

Read more