Export all GPO’s across domains in html file.

Below are the AD-PowerShell commands to Export all GPO's across domains in html file.

Syntax:
Import-Module Grouppolicy
Get-GPOReport -All -ReportType html -path c:\gpo.htm

OR


Get-GPOReport -Name "GPO Name" -Server domain.com -ReportType html
-path c:\GPO.html


Help about –Module:
get-command –module grouppolicy
get-command –module grouppolicy | get-help


---Being handy sometime ;)

Forest Wide Object Search

==========================================================

With the below command script you can dig out or search the domain objects forestwide by using Quest AD Powershell.

$Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()

$domain.forest.domains | foreach {get-qaduser -service
"$($_.name):389" "User Name"} | ft
Name,DN,Email,Description,SamAccountName

OR

$domain.forest.domains | foreach {get-content -path c:\Users.txt |
get-qaduser -service "$($_.name):389"} | ft
Name,DN,Email,Description,SamAccountName

OR

$domain.forest.domains | foreach {get-content -path c:\Users.txt |
get-qaduser -service "$($_.name):389"} | Select-Object
Name,Email,Description,DN,SamAccountName | Export-Csv -path
Users.csv

OR

$domain.forest.domains | foreach {get-content -path c:\Users.txt |
get-qaduser -service "$($_.name):389"} -ErrorAction:SilentlyContinue |
Select-Object Name,Email,Description,DN,SamAccountName | Export-Csv
-path Users.csv

============================================================

Logparser : Export - View EventLogs by Logparser.

ID Created Logs


logparser.exe -o:CSV >> C:\IDCreation.csv "SELECT
TimeGenerated,EventTypeName,EventCategoryName,
extract_token(strings,0,'|') AS UserName, EXTRACT_TOKEN(Strings,1,'|')
AS Domain,EXTRACT_TOKEN(Strings,3,'|') AS IDCreatedby, message,
eventid FROM D:\EvtLogs\*.evt where eventid=624"


ID Disabled Logs
logparser.exe -o:CSV >> C:\ID-Disable.csv "SELECT
TimeGenerated,EventTypeName,EventCategoryName,
extract_token(strings,0,'|') AS UserName, EXTRACT_TOKEN(Strings,1,'|')
AS Domain,EXTRACT_TOKEN(Strings,3,'|') AS IDDisabledby, message,
eventid FROM D:\EvtLogs\*.evt where eventid=629"


ID Enabled Logs
logparser.exe -o:CSV >> C:\ID-Enabled.csv "SELECT
TimeGenerated,EventTypeName,EventCategoryName,
extract_token(strings,0,'|') AS UserName, EXTRACT_TOKEN(Strings,1,'|')
AS Domain,EXTRACT_TOKEN(Strings,3,'|') AS IDEnabledby, message,
eventid FROM D:\EvtLogs\*.evt where eventid=626"