You get used to tools that are created to make your life easier.
Life is great, until you run into an environment that is too old for those tools to work.
In this case, I’m referring to the ability to do some PowerShell against an old active directory domain running on a 2003 functional level.
Here comes the savior, a tool called Quest ActiveRoles Management Shell. This tool was developed by Quest Software a while back (before Dell acquired them). It used to be free (up until version 1.5.1). Dell decided to change that and start charging.
There is a site that kindly still provide access to the last free version that was released.
To give an example of what can be accomplished;
let’s say you want to get a list of users from active directory who are currently configured to have their password never expire. You simply run the following:
you can also add “
-SizeLimit 0” in order to get more than the normal 1000 maximum results. You can also pipe the results into a a change by using “
| Set-QADUser” followed by the attributes you want to change.
This is just a tiny example of what can be done, all against a 2003 active directory domain that would normally not support it.