Robocopy - copy only folder structure

 

To use Robocopy to clone a directory without files, use the following syntax:

robocopy "C:\Your Folder" "C:\New Folder" /e /xf *

same as above but without displaying the status:

robocopy "C:\Your Folder" "C:\New Folder" /e /xf * >nul

same as first example and creates a log (overwrites existing log):

robocopy "C:\Your Folder" "C:\New Folder" /e /xf * /log:yourlogfile.log

same as first example and appends to log (appends to existing log):

robocopy "C:\Your Folder" "C:\New Folder" /e /xf * /log+:yourlogfile.log

Copy only the top level sub-folders (sub-folders in the source directory)

robocopy "C:\Your Folder" "C:\New Folder" /e /LEV:2 /xf *

/e = Copies subdirectories, including empty ones.

/LEV: n = Copy only the n LEVels of the source. For n=2, only the top level sub-folders will be copied

/xf = Excludes files matching the specified names or paths. Wildcards “*” and “?” are accepted

List folders and files

 

List folders and files:

dir ..\myfolder /b /s /o:gn>list.txt

  

When you do not want to list the folders, only the files in the subfolders, use /A-D switch like this:

dir ..\myfolder /b /s /A-D /o:gn>list.txt

 

Entire OU set password never expires

 

dsquery user “OU={your target OU},DC={your domain},DC={your domain extension}” | dsmod user -pwdneverexpires yes

Update: Note: If your OU has more than 100 users in it you need to add the ‘-limit’ flag, and set it to a number greater than your actual amount of users, e.g.

dsquery user “OU={your target OU},DC={your domain},DC={your domain extension}” -limit 2000 | dsmod user -pwdneverexpires yes

 

Finding Stale User and Computer Accounts

Find Users Who Have Never Logged On

Use the following PowerShell Command;

Get-ADUser -Filter { LastLogonDate -notlike "*" -and Enabled -eq $true } -Properties LastLogonDate | Select-Object @{ Name="Username"; Expression={$_.SamAccountName} }, Name, LastLogonDate, DistinguishedName | Export-Csv C:\temp\Users-Never-Logged-On.csv

Note: This will output the users to a csv file, and requires you to have a C:\Temp directory.

Find Users Who Have Not Logged On In ‘x‘ Days

I’m going to use the value of 90 days (remember some staff might be on long term sick/maternity so check with HR!) Execute the following three commands;

$DaysInactive = 90
$TrueInactiveDate = (Get-Date).Adddays(-($DaysInactive))
Get-ADUser -Filter { LastLogonDate -lt $TrueInactiveDate -and Enabled -eq $true } -Properties LastLogonDate | Select-Object @{ Name="Username"; Expression={$_.SamAccountName} }, Name, LastLogonDate, DistinguishedName | Export-Csv C:\temp\Users-Inactive-90-days.csv

Note: This will output the users to a csv file, and requires you to have a C:\Temp directory.

Find Computers Who Have Not Logged On In ‘x‘ Days

Again I’m using 90 days.

$DaysInactive = 90
$TrueInactiveDate = (Get-Date).Adddays(-($DaysInactive))
Get-ADComputer -Filter { PasswordLastSet -lt $TrueInactiveDate} -properties PasswordLastSet | Select-Object Name, PasswordLastSet, DistinguishedName | Export-Csv C:\temp\Computers-Inactive-90-days.csv

Note: This will output the users to a csv file, and requires you to have a C:\Temp directory.

Add All Members of an OU to a Security Group

 

Get-ADUser -SearchBase ‘OU=Source-OU,OU=PNL,DC=pnl,DC=com’ -Filter * | 

ForEach-Object {Add-ADGroupMember -Identity ‘SG-Test-Group’ -Members $_ }

 

 

Getting Object Numbers From Active Directory

Users:
(Get-ADUser -Filter *).Count

Computers:
(Get-ADComputer -Filter *).Count

Groups:
(Get-ADGroup -Filter *).Count

Enabled or disabled users:
(Get-AdUser -filter 'Enabled -eq $true').count
(Get-AdUser -filter 'Enabled -eq $false').count

Group users:
(Get-ADGroup GS-VPN-Users -Properties *).Member.Count

OU users:
(Get-ADUser -Filter * -SearchBase "OU=Users, OU=PNL,DC=pnl,DC=com").Count

 

 

Network masks