I'm trying to run this PowerShell script that I found but it's not working for me and I'm getting an error could someone else check it and tell me if there is an issue here?
$CopyFromUser = Get-ADUser userName -Server domainName -Properties MemberOf
$CopyToUser = Get-ADUser userName -Server domainName -Properties MemberOf
$CopyFromUser.MemberOf | Where{$CopyToUser.MemberOf -notcontains $_} | Add-ADGroupMember -Members $CopyToUser
pause
This is the error that I'm getting.
| A positional parameter cannot be found that accepts argument
| 'Microsoft.ActiveDirectory.Management.ADPropertyValueCollection'.
Add the group memberships one at a time, explicitly pass the target DN to the -Identity parameter:
$CopyFromUser = Get-ADUser userName -Server domainName -Properties MemberOf
$CopyToUser = Get-ADUser userName -Server domainName -Properties MemberOf
$CopyFromUser.MemberOf |Where-Object {$CopyToUser.MemberOf -notcontains $_} |ForEach-Object {
Add-ADGroupMember -Identity $_ -Members $CopyToUser
}
Related
I have an issue with the following script:
get-aduser -filter * -searchbase "dc=domain,dc=global" -ResultSetSize $null | where-object {((get-aduser $_.samaccountname -properties memberof).memberof -ne "Mimecast Remote Access Exceptions")} | ForEach {add-adgroupmember -identity "Mimecast Internal Access" -member $_.samaccountname}
It is still adding all users but not filtering out users who are members of the remote access exceptions group. Any idea what I am doing wrong?
First of all, you don't need to perform Get-ADUser twice.
Then, the MemberOf user property is a collection, not a single string, so you need to use -notcontains instead of -ne
Try:
# get the DistinguishedName property of the group
$groupDN = (Get-ADGroup -Identity "Mimecast Remote Access Exceptions").DistinguishedName
Get-ADUser -Filter * -SearchBase "dc=domain,dc=global" -Properties MemberOf |
Where-Object {$_.MemberOf -notcontains $groupDN} |
ForEach-Object { Add-ADGroupMember -Identity "Mimecast Internal Access" -Members $_ }
Building on #Theo's Answer
.memberOf will return distinguished name strings. -notcontains won't work unless you change the left hand side to the DN. That might look something like:
$DN = 'CN=Mimecast Remote Access Exceptions,OU=SomeOU,DC=domain,DC=global'
Get-ADUser -Filter * -SearchBase "dc=domain,dc=global" -Properties MemberOf |
Where-Object {$_.MemberOf -notcontains $DN } |
ForEach-Object { Add-ADGroupMember -Identity $DN -Members $_ }
Obviously correct $DN for your environment etc...
I am trying to get some information for an audit. here's the code that i used but the output is empty except for the name. Can anyone point me in the right direction?
Thanks in advance!
$ou = Get-ADGroup -Identity Administrators -Properties member
$user = Get-ADGroupmember -Identity $ou
foreach ($user in $ou){
Get-ADGroupmember -Identity Administrators | Select-Object name, lastlogondate,passwordlastset
}
Try this
$members = Get-ADGroupMember -Identity Administrators -recursive | select samaccountname
foreach ($user in $members){
Get-ADUser -Identity $user.samaccountname -Properties name, lastlogondate,passwordlastset| Select-Object name, lastlogondate,passwordlastset
}
By default the properties lastlogondate and passwordlastset are not returned, you have to specify those (or all by using a *) using the -properties argument
Get-ADGroupmember -Identity Administrators -properties name,lastlogondate,passwordlastset | Select-Object name, lastlogondate,passwordlastset
or
Get-ADGroupmember -Identity Administrators -properties * | Select-Object name, lastlogondate,passwordlastset
Is there a way to get the distribution groups of a contact/user in Office365? I can't see memberof attribute.
Get-MailContact -Identity Username | Format-List
You can get it with Get-ADObject:
$Contact = Get-MailContact -Identity Username
(Get-ADObject -Identity $Contact.DistinguishedName -Properties 'MemberOf').MemberOf
Or (might take a bit more time) without AD-Module:
$Contact = Get-MailContact -Identity Username
Get-DistributionGroup | ? {Get-DistributionGroupMember -Identity $_ | ? {$_.PrimarySmtpAddress -eq $Contact.PrimarySmtpAddress}}
Im tyring to build a script which will copy group memberships from one user to another in AD. Im trying to use powershell to automate this task. However im stuck while creating a check for the user. In other words when i copy group membership from one user to another i want to be able to run a check to see if the user is already a member of the group before adding them, bu doing this i can avoid errors which such as " this user is already a member of the group and cannot be added again" Any help or advice would be appreciated. Im using the following to script at the moment.
$copy = Read-host "Enter user to copy from"
$Sam = Read-host " Enter user to copy to"
Function Copymembership {
$members = Get-ADUser -Identity $copyp -Properties memberof
foreach ($groups in $members.memberof){
if ($members -notcontains $groups.sAMAccountname)
{Add-ADGroupMember -Identity $groups -Member $sam -ErrorAction SilentlyContinue
Write-Output $groups}
}
}
copymembership
Use Get-ADUser for both users. Then use the -notcontains operator to filter groups.
$CopyFromUser = Get-ADUser JSmith -prop MemberOf
$CopyToUser = Get-ADUser MAdams -prop MemberOf
$CopyFromUser.MemberOf | Where{$CopyToUser.MemberOf -notcontains $_} | Add-ADGroupMember -Member $CopyToUser
One line to get what the user member of.
Get-ADUser -Identity alan0 -Properties memberof | Select-Object -ExpandProperty memberof
One line to copy the membership from one user to another.
Get-ADUser -Identity <UserID> -Properties memberof | Select-Object -ExpandProperty memberof | Add-ADGroupMember -Members <New UserID>
Your code is too complicated for this idea. Not sure if it can be done without the import-Module AciveDirectory cmdlet.
It is much easer to do that when you import the ActiveDirectory tool and use the built-in cmdlet. Check my code:
# import the Active Directory module in order to be able to use get-ADuser and Add-AdGroupMembe cmdlet
import-Module ActiveDirectory
# enter login name of the first user
$copy = Read-host "Enter username to copy from: "
# enter login name of the second user
$paste = Read-host "Enter username to copy to: "
# copy-paste process. Get-ADuser membership | then selecting membership | and add it to the second user
get-ADuser -identity $copy -properties memberof | select-object memberof -expandproperty memberof | Add-AdGroupMember -Members $paste
Something like this should tell you if a group contains a specific member:
If ((Get-ADGroup "Domain Admins" -Properties Members).Members -Contains (Get-ADUser "AdminBob").DistinguishedName) {write-host "Yes"}
There might be something simpler but this was the first thing that came to mind.
param
(
[Parameter(Mandatory=$true)][string]$CopyFromUser,
[Parameter(Mandatory=$true)][string]$CopyToUser
)
$FromUserGroups = (Get-ADUser $CopyFromUser -Properties MemberOf).MemberOf
$CopyToUser = Get-ADUser $CopyToUser -Properties MemberOf
$FromUserGroups | Add-ADGroupMember -Members $CopyToUser
In case you want to have manual control on what groups are added, then this is perfect example for Out-GridView. Procedure is the same as explained by TheMadTechnician above, just before passing it to Add-ADGroupMember, you insert Out-GridView. You can even include group descriptions or other parameters.
$CopyFromUser = Get-ADUser JSmith -prop MemberOf
$CopyToUser = Get-ADUser MAdams -prop MemberOf
$MissingGroups = Compare-Object $CopyFromUser $CopyToUser -Property MemberOf | ? SideIndicator -eq '<='
$GroupsObj = $MissingGroups.MemberOf | Get-ADGroup –prop Description | Select Name,Description
$GroupsObj | Out-GridView -PassThru | Add-ADGroupMember -Member $CopyToUser
am trying build script to Copy group membership from one user to another in AD
i have one domain and 3 different subdomains, can you please check if there is anything in the script must be changed, because it doesn't work thanks
$From = Read-Host -Prompt "From User"
$to = Read-Host -Prompt "To User"
$CopyFromUser = Get-ADUser -Server "de.isringhausen.net" -Identity $From -Properties MemberOf
$Group = $CopyFromUser.MemberOf
$confirmation = Read-Host "Do you want to Copy Group Membership from $From to $to ? Press 'y' to Proceed or any key to Cancel"
if ($confirmation -eq 'y') {
$Group | Add-ADGroupMember -Members $to
clear
echo "($From) User's Group Memership has been Copied to User ($to)"
Pause
}
else {
Write-Host 'Task Cancelled'
}
I'm trying to update the email address listed in AD for all the users in a particular OU. This is the powershell script I'm using, but it's not working properly
Import-Module ActiveDirectory
Get-ADUser -Filter * -SearchBase "OU=OtherOU,OU=SomeOu,DC=Domain,DC=local" | Set-ADUser -email $_.samaccountname#domain.com
I think it's because $_.samaccountname isn't returning anything when I try to do Set-ADUser.
Can anyone point me in the right direction for fixing this? Thanks!
Create a csv file with SamAccountName & email address
"SamAccountName","EmailAddress"
"john","john#xyz.com"
step 1: import to a variable
$users = Import-Csv .\email.csv
step 2: Call the variable
foreach ($user in $users) {
Set-ADUser -Identity $user.SamAccountName -EmailAddress $user.EmailAddress
}
In the current context $_ is null. You need to use Foreach-Object in order for $_ to be available.
Get-ADUser -Filter * ... | Foreach-Object{
Set-ADUser -Identity $_ -Email "$($_.samaccountname)#domain.com"
}
I suspect you'll need to use a subexpression for that:
"$($_.samaccountname)#domain.com"
Assuming username is domain\user1 or user1#domain.com
$user = "user1"
Set-ADUser $user -emailaddress "firtname.lastname#xyz.com"
Get-ADUser -Identity $user -Properties emailaddress
Get-ADUser -Filter * -SearchScope Subtree -SearchBase "OU=OUName,DC=domain,DC=com" |
Foreach-Object { Set-ADUser -Identity $_ -Email "$($_.samaccountname)#domain.com" }
This is from:
https://social.technet.microsoft.com/wiki/contents/articles/33311.powershell-update-mail-and-mailnickname-for-all-users-in-ou.aspx