Difference between revisions of "AD Scripts"
Jump to navigation
Jump to search
(Created page with "# Remove Sessions by User ``` # Define the username to log out and domain (adjust these values accordingly) $userToLogoff = "username" $domain = "DOMAIN" # Ensure the Active...") |
|||
| Line 32: | Line 32: | ||
# Find Processes by User | # Find Processes by User | ||
``` | ``` | ||
| − | # Define the username to | + | # Define the username to check for running processes and domain (adjust these values accordingly) |
| − | $ | + | $userToCheck = "username" |
$domain = "DOMAIN" | $domain = "DOMAIN" | ||
| Line 46: | Line 46: | ||
# Use Invoke-Command to run commands remotely on each host | # Use Invoke-Command to run commands remotely on each host | ||
Invoke-Command -ComputerName $host -ScriptBlock { | Invoke-Command -ComputerName $host -ScriptBlock { | ||
| − | # | + | # Get all processes and filter by the specified user |
| − | $ | + | $processes = Get-WmiObject Win32_Process | Where-Object { $_.GetOwner().User -eq $using:userToCheck } |
| − | foreach ($ | + | foreach ($process in $processes) { |
| − | # | + | # Output the process name and ID |
| − | $ | + | Write-Output "Process $($process.Name) with ID $($process.ProcessId) is running under user $using:userToCheck on $using:host" |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
} | } | ||
| − | } -Credential "$domain\$ | + | } -Credential "$domain\$userToCheck" -ErrorAction SilentlyContinue |
} | } | ||
``` | ``` | ||
Latest revision as of 03:20, 12 July 2024
Remove Sessions by User
# Define the username to log out and domain (adjust these values accordingly)
$userToLogoff = "username"
$domain = "DOMAIN"
# Ensure the Active Directory module is loaded
Import-Module ActiveDirectory
# Get all computer objects from Active Directory
$hosts = Get-ADComputer -Filter * | Select-Object -ExpandProperty Name
# Loop through each host
foreach ($host in $hosts) {
# Use Invoke-Command to run commands remotely on each host
Invoke-Command -ComputerName $host -ScriptBlock {
# Find the session ID of the user's session using quser
$sessions = quser /server:$using:host | Where-Object { $_ -match $using:userToLogoff }
foreach ($session in $sessions) {
# Extract the session ID
$sessionId = ($session -split '\s+')[2]
if ($sessionId -ne "SESSIONNAME") {
# Log off the session
logoff $sessionId /server:$using:host
Write-Output "Logged off $($using:userToLogoff) from session $sessionId on $using:host"
}
}
} -Credential "$domain\$userToLogoff" -ErrorAction SilentlyContinue
}
Find Processes by User
# Define the username to check for running processes and domain (adjust these values accordingly)
$userToCheck = "username"
$domain = "DOMAIN"
# Ensure the Active Directory module is loaded
Import-Module ActiveDirectory
# Get all computer objects from Active Directory
$hosts = Get-ADComputer -Filter * | Select-Object -ExpandProperty Name
# Loop through each host
foreach ($host in $hosts) {
# Use Invoke-Command to run commands remotely on each host
Invoke-Command -ComputerName $host -ScriptBlock {
# Get all processes and filter by the specified user
$processes = Get-WmiObject Win32_Process | Where-Object { $_.GetOwner().User -eq $using:userToCheck }
foreach ($process in $processes) {
# Output the process name and ID
Write-Output "Process $($process.Name) with ID $($process.ProcessId) is running under user $using:userToCheck on $using:host"
}
} -Credential "$domain\$userToCheck" -ErrorAction SilentlyContinue
}