How to enable Remote Desktop remotely using Powershell

In Windows Server 2012, remote management is enabled by default but not Remote Desktop. To enable RDP on the server, add the target server to the Server Manager and run remote Powershell console.

On the remote Powershell console, enable remote desktop and firewall using the following cmdlets:
1) Enable Remote Desktop
set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0

2) Allow incoming RDP on firewall

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

3) Enable secure RDP authentication

set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1   

Refer to "Windows 2012 Core Survival Guide – Remote Desktop" for more information.

Nice Random Password Generator

Nice random password generator for AD user account creation or reset. It's a Powershell script (Get-RandomString.ps1) available on  Generating Random Passwords in PowerShell.

If you need to reset the password of an AD user account, there is another script (AD_Password_reset_v1.0.ps1) that uses this random password generator.

How to add custom attributes to AD User Objects

We have an application that requires to store some custom user attributes on the Active Directory. Let's say we need to add a custom attribute "Gender". How should we go about it? We need to first extend the existing User Class in the AD Schema. Please refer to this detailed step-by-step guide.

Here, I would just summarize the overall steps.

Step 1: Register AD schema tool by running "regsvr32 schmmgmt.dll" on the Domain Controller with "Schema Master" role. Add the AD Schema tool on the mmc console.
Step 2: In the AD Schema Console, right-click the Attributes folder, then select Create Attribute.

Step 3: You may like to generate your own private enterprise OID (Unique X.500 Object ID) for this custom attribute on this link.
Step 4: From the Schema Console, click the Class folder. Scroll down to the User class, right-click it, and select Properties. On the user Properties dialog box, click the Attributes tab. Click Add, then choose the Gender attribute. Click OK twice, and you've successfully added the Gender attribute to the User class.

Now we have an extra gender attribute for every user object. How should we populate its values (i.e. Male or Female)? If you have an excel sheet, convert it to CSV and use Powershell script to populate it. Below is sample script.

$Users = import-csv users.csv
Foreach ($user in $Users)
{
  $sAMAccountName = $user.sAMAccountName
  $gender = $user.gender
  $Property = @{gender=$gender}
  Write-host "Setting the gender of $sAMAccountName"
  Get-ADObject -Filter 'sAMAccountName -eq $sAMAccountName' | Set-ADObject -add $Property
  Write-host "Done!"
}

Updating Powershell Help Files

When needing help in some Powershell cmdlets, the Get-Help cmdlet is the equivalent "man" command for *nix systems. The Powershell cmdlets are updated so frequently that it is worthwhile updating the help files as well. If the Windows host is connected directly to Internet, the help file would be updated automatically. What about for systems on closed network? There is a "Save-Help" cmdlet to download the help files and "Update-Help" cmdlet for systems not connected to Internet.

For example, run "Save-Help" from a Windows system with Internet connection to download help files for all modules to a file share.

PS > Save-Help -DestinationPath \\Fileserver\PSHelp

Run "Update-Help" on a Windows system without Internet connection.

PS > Update-Help -SourcePath \\Fileserver\PSHelp

Both cmdlets are available to Powershell 3.0. To verify the current version of Powershell of your system, run "$PSVersionTable" and look at the "PSVersion" property. For example:

Powershell: Quickly view installed Windows feature

To quickly view a list of installed Windows feature using Poweshell on Windows Server:

PS > Get-WindowsFeature | Where-Object {$_.Installed -eq $true}

To filter only feature name

PS > Get-WindowsFeature | Where-Object {$_.Installed -eq $true} | Select-Object -Property Name