SCCMF12TWICE
  • Blog
    • Submit A Blog
  • Consulting
  • Modern Operations
    • Leverage Windows Analytics for Modern Ops – Part 1
    • Leverage Windows Analytics for Modern Ops – Part 2
  • Menu
  • Twitter
  • Linkedin

Archive for category: Login Script

Domain Discovery – Finding Login Scripts

Active Directory, Discovery, Login Script, Powershell, Script

Domain Discovery

Background

     With my current contract, I’m helping a company in the process of collapsing multiple domains into one new domain while also tidying up their OU structure, Group Policy Objects, and converting old login scripts to Group Policy Preferences.  A quick query of the SYSVOL and NETLOGON folders show hundreds of login scripts, some dating back to the early 2000’s.  Early on, I suspected that we weren’t actually using all of them, so here’s the process for discovering exactly what you need to concern yourself with.
The Tools
    All you need to make this work is the ActiveDirectory module. Specifically, we can do almost all of this with the get-aduser command.
Domain Discovery
This command pulls a list of all users that are Enabled and have a login script specified. This can take quite a while to run if you have a large domain, but this gives us the data set we need to get started.
Domain Discovery
What this does is take just the ScriptPath value, convert it to uppercase (which is important later), and assign those to a new array.
Domain Discovery
Now what we’re doing is taking the $allScripts array and querying it for unique values. The ToUpper() from earlier is important here because “select -unique” is case sensitive. Had we not converted everything to uppercase, we’d get a ton more unique values because LoginScript.bat, LOGINSCRIPT.bat, and loginscript.bat would all have unique entries.
This isn’t necessary, but it lets you do a quick “does this sound right” check.  In a healthy domain, your count of unique scripts should be very small compared to your amount of users with scripts.
Domain Discovery
This piece counts through every unique script we found and tallies up the number of users with that script applied.  From there, you have options for how you want to output it. For example:
$all | sort -property Instances -descending | ft
Will output the array, sorted from highest to lowest number of instances.  This gives you an immediate look at what your most common, and therefore most important, scripts are to migrate over. Alternatively, it can be extremely helpful to see what scripts only have one or two users assigned to them. In the case of my domain, most of those appear to be typos (i.e. LoginScirpt.bat).
If you need to present a report to your manager, it’s a nothing task to run
$all | export-csv -notypeinformation -path C:LoginScripts.csv
and fire that off in an email.
I hope this has been useful. Let me know if there’s anything else you’d like to see.
April 6, 2017/0 Comments/by Peter Vanhaverbeke
https://i2.wp.com/sccmf12twice.com/wp-content/uploads/2017/04/1-2B-2Bget-2Ball-2Busers-2Bwith-2Bscripts.png?fit=874%2C21&ssl=1 21 874 Peter Vanhaverbeke https://sccmf12twice.com/wp-content/uploads/2018/08/SCCM-logo.png Peter Vanhaverbeke2017-04-06 14:17:002019-02-01 18:25:02Domain Discovery - Finding Login Scripts

SCCMF12TWICE

Our team has several decades of systems management and configmgr experience. We can  easily identify potential problems within your SCCM infrastructure as well as help you to create a more efficient environment. Please check out our consulting page for more information on our hourly packages and retainer services.

SCCMF12TWICE

13194 US HWY 301 S STE 325 Riverview, FL. 33578
Call: (813)-575-7955
cbuck@sccmf12twice.com
M-F 8am - 8pm
2019 © SSCMF12TWICE , All rights reserved.
  • Twitter
  • Linkedin
Scroll to top