I am working on a powershell script together which will
query an existing OU
select the first and last name, samaccountname, and objectguid, of all users in the OU
Take the objectguid of each user and convert it to a base64string (immutableid)
output the results in a table format with users' first and last name, samaccountname, objectguid, and immutableid, sorted in alphabetical order by users' firstname.
The below script works just fine if I wanted to pull the base64string for one user at a time:
Import-module ActiveDirectory
$UserSamAccount = Read-Host "Provide SamAccountName of a user"
$User = Get-ADuser $UserSamAccount -Properties * | select ObjectGUID
$ImmutableID = [convert]::ToBase64String(([GUID]($User.ObjectGUID)).tobytearray())
Write-Host "ImmutableID for user $UserSamAccount is:" -ForegroundColor Cyan
$ImmutableID
Any help with this will be most appreciated. Thank you in advance!
If I understand correctly your need the following should do the trick. It uses [pscustomobject] to construct your desired output and a ForEach-Object to process each object from the pipeline:
Get-ADUser -Filter * -SearchBase "OU=myOU,DC=myDomain,DC=xyz" -SearchScope OneLevel |
Sort-Object GivenName |
ForEach-Object {
[pscustomobject]#{
GivenName = $_.GivenName
Surname = $_.Surname
SamAccountName = $_.SamAccountName
ObjectGuid = $_.ObjectGuid
ImmutableId = [convert]::ToBase64String($_.ObjectGuid.ToByteArray())
}
} # | Export-Csv path\to\myExport.Csv -NoTypeInformation <= Can pipe this to export later :)
You could also use Select-Object with a calculated property (might be simpler but harder to read):
Get-ADUser -Filter * -SearchBase "OU=myOU,DC=myDomain,DC=xyz" -SearchScope OneLevel |
Sort-Object GivenName |
Select-Object GivenName, Surname, SamAccountName, ObjectGuid, #{ N='ImmutableId'; E={ [convert]::ToBase64String($_.ObjectGuid.ToByteArray()) }}
Related
This is what I have so far:
Get-ADUser -Filter 'Department -like "*"' -Properties * |
Select -Property DisplayName,GivenName,Surname,Title,Department,Office,OfficePhone |
Export-CSV "C:\ad-users.csv"
You can use a Where-Object clause to filter on the users OU
# fill in the DistinguishedName of the 'Disabled Users' OU here
$ouToExclude = 'OU=...'
# Get-ADUser by default returns these properties:
# DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
# so you only need to ask for extra properties not already in this list
Get-ADUser -Filter "Department -like '*'" -Properties DisplayName,Title,Department,Office,OfficePhone |
Where-Object { $_.DistinguishedName -notlike "*$ouToExclude" } |
Select-Object DisplayName,GivenName,Surname,Title,Department,Office,OfficePhone |
Export-Csv "C:\ad-users.csv" -NoTypeInformation
I believe you could do it this way using -LDAPFilter, first you need to query the OU to Exclude and get it's DistinguishedName then you can query all users and filter them where their DistinguishedName does not contain the OU to exclude.
NOTE: This assumes there is only 1 OU with Name Disabled Users. If there are more OUs with the same I would recommend you to hardcode the DistinguishedName of the excluded OU in $ouDN.
It's also worth noting that querying all attributes (-Properties *) for all users is highly inefficient, you should always query only the attributes of interest (-Properties attrib1, attrib2, etc).
$properties = #(
'DisplayName'
'GivenName'
'Surname'
'Title'
'Department'
'Office'
'OfficePhone'
)
$ouToExclude = 'Disabled Users'
$ouDN = (Get-ADOrganizationalUnit -LDAPFilter "(Name=$ouToExclude)").DistinguishedName
Get-ADUser -LDAPFilter "(Department=*)" -Properties $properties | & {
process {
if($_.DistinguishedName -notlike "*$ouDN") { $_ }
}
} | Select-Object $properties | Export-Csv "C:\ad-users.csv" -NoTypeInformation
I've been looking online for ways of doing this and I'm at a loss here. I'm looking for a way to look up a particular user within a particular group in AD through powershell. Here's what I've tried.
(Get-ADUser userName –Properties MemberOf).MemberOf
I get a bunch of groups
(Get-ADGroupMember "groupname").name
I get a bunch of usernames
I tried this command but it's taking forever to get results.
(Get-ADGroupMember 'groupname' | Get-ADUser -Property DisplayName | Where-Object { $_.Name -eq 'username'})
Is there a way where I can get a command that both fast and efficient. I'm also looking for their email address and surname and last name.
Thanks in advance
As commented, it is best not use the Name property, but if you have it use the SamAccountName or DistinguishedName of the user you seek to rule out ambiguous names.
$user = Get-ADGroupMember -Identity 'GroupName' |
Where-Object { $_.objectClass -eq 'user' -and $_.SamAccountName -eq 'userSamAccountName' } |
Get-ADUser -Properties DisplayName, EmailAddress, GivenName, Surname # add more properties if you need them
# display the user object on screen
$user
Or do this way:
$user = $null
$member = Get-ADGroupMember -Identity 'TheGroupName' |
Where-Object { $_.objectClass -eq 'user' -and $_.SamAccountName -eq 'TheuserSamAccountName' }
if ($member) {
# add more properties if you need them
$user = Get-ADUser -Identity $member.DistinguishedName -Properties DisplayName, EmailAddress, GivenName, Surname
}
else {
Write-Host "User 'TheuserSamAccountName' is not a member of group 'TheGroupName'"
}
# display the user object on screen
$user
The resulting $user object will also contain these properties:
DistinguishedName, Enabled, Name, ObjectClass, ObjectGUID, SamAccountName, SID, UserPrincipalName
If you don't need all of these properties simply filter them out using
$user | Select-Object DisplayName, EmailAddress, GivenName, Surname
I've got some logic/formatting brain block here.
I have a CSV with GivenName and Surname Property to use
I need to pipe that info against the AD User Estate and Return the information on the users in the list with a few properties including their name, Office, SamAccountName and Email address. I've got as far as this:
$employees = import-csv 'c:\employees\employeelist.csv'
$UserInfo = ForEach ($user in $employees) { Get-ADUser -Filter * | `
Where-Object { $_.GivenName -like
$employee.GivenName -and $_.Surname -like $employee.Surname
}
The information is returned but not in a table form and i can't believe i cant seem to figure how to pipe it to a CSV, it's not working out, it is returned like this:
Reference : 201111
Surname : Smith
GivenName : Name
Effective from : 24-Sep-13
Business Area : Client Ops
Department : ATE
Organisation Unit : ATE Ops
Any Ideas why when i | export-csv i don't get the correct format?
As commented, you are using the wrong variable name in your foreach loop.
($employee should be $user) since that is the variable you define in the loop.
Something like this:
$employees = Import-Csv 'c:\employees\employeelist.csv'
$UserInfo = foreach ($user in $employees) {
Get-ADUser -Filter * -Properties GivenName, Surname, Office, SamAccountName, EmailAddress |
Where-Object { $user.GivenName -eq $_.GivenName -and $user.Surname -eq $_.Surname } |
Select-Object GivenName, Surname, Office, SamAccountName, EmailAddress
}
$UserInfo | Export-Csv -Path 'c:\employees\employees.csv' -NoTypeInformation
As you can see, I'm also naming the properties you want returned, because Get-ADUser by default returns a subset of properties and withour it, you won't get the Office and EmailAddress properties.
Also, I have changed the -like operator into -eq to fetch exact matches.
P.S. Instead of using the Where-Object construction, the code would be more optimized if you use the -Filter like:
$UserInfo = foreach ($user in $employees) {
Get-ADUser -Filter "GivenName -eq '$($user.GivenName)' -and Surname -eq '$($user.Surname)'" -Properties GivenName, Surname, Office, SamAccountName, EmailAddress |
Select-Object GivenName, Surname, Office, SamAccountName, EmailAddress
}
I have this Powershell code
$offices = get-qadobject -Type 'organizationalUnit' -SearchRoot 'ou=Test_OU,dc=domain,dc=org'
Foreach($office in $offices)
{
$line = $office | select Name,Description,ManagedBy
$line
}
It is grabbing everything except for ManagedBy which ends up blank. How do I get the email and name of the ManagedBy object? The AD object contains this data.
Note there's some Quest (https://jschofield22.wordpress.com/tag/get-qadobject/) use in here, but it's similar to Get-ADObject.
How about something like:
Get-ADOrganizationalUnit -Filter * -SearchBase "OU=Base,DC=fabrikam,DC=com" -Properties Description |
Select-Object DistinguishedName,
Name,
Description,
ManagedBy,
#{Name="ManagedBy_mail"; Expression={(Get-ADObject $_.ManagedBy -Properties mail).mail}}
I have a script to output names for a report so I'm trying to use
Get-ADUser -Filter * -SearchBase "OU=Staff,DC=solutions,DC=local"
-Properties GivenName, Surname | Export-Csv -NoType $filepath;
It works fine but it returns a csv file with extra unwanted fields
It should only return GivenName and Surname, however it returns:
DistinguishedName
Enabled
GivenName
Name
ObjectClass
ObjectGUID
SamAccountName
SID
Surname
UserPrincipalName
Some properties are returned by defualt. -Properties is used to specify the properties you need to make sure that they are included if they're not part of the default properties.
To only export the properties you need, run your data through Select-Object before exporting, like:
Get-ADUser -Filter * -SearchBase "OU=Staff,DC=solutions,DC=local" -Properties GivenName, Surname |
Select-Object GivenName, Surname |
Export-Csv -NoType $filepath
I usually use a pattern like this:
$Props = #(
'GivenName',
'SurName'
)
Get-ADUser -Filter * -SearchBase "OU=Staff,DC=solutions,DC=local" -Properties $Props |
Select $Props | Export-Csv -NoType $filepath
Then just change/rearrange the properties to select and the order to output them in the $Props array.