Get-aduser issue - powershell

hope you are doing well
I normally use this script to return the value of extensionattribute1
$a = read-host "enter badge"
get-aduser -Filter {extensionattribute1 -eq $a } -Properties * -server "Server" | format-list extensionattribute1,Title,AccountExpirationDate,DistinguishedName,SamAccountName,enabled,Description,Orginizations,extensionattributeies
and i get the results. but sometimes i get this strange error
get-aduser : Object reference not set to an instance of an object.
At line:2 char:1
get-aduser -Filter {extensionattribute1 -eq $a } -Properties * -serve ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : NotSpecified: (:) [Get-ADUser], NullReferenceException
FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.NullReferenceException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
normally it will be solved after a restart, but I want to fix it without restarting if possible.
thanks

Related

PS Script to export AD Data

I am looking for all accounts that have “(FUR)” in the begging of their AD account description. I need these for any and all OUs under Office/Users. All of these accounts that Have “(FUR)” in the description, I need the following exported;
User Logon Name
Description
extensionattribute11
This is what I have come up with so far:
Import-Module ActiveDirectory;
$creds = Get-Credential
$OUPath = 'OU=Standard Users,OU=NY,OU=users,OU=Offices,DC=US,DC=FLN,DC=NET'
Get-ADUser -Properties Description -Filter "(FUR)" -SearchBase $OUPath
This is the error I get:
Get-ADUser : Error parsing query: '(FUR)' Error Message: 'syntax
error' at position: '5'. At line:2 char:1
+ Get-ADUser -Properties Description -Filter "(FUR)" -SearchBase $OUPat ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Get-ADUser], ADFilterParsingException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

When using the -Filter parameter, you must pass a string that contains the syntax propertyName -operator value.
Get-ADUser -Properties Description -Filter "Description -like '(FUR)*'" -SearchBase $OUPath
(FUR)* would match a value that begins with (FUR). You would need to use *(FUR)* if you do not know where (FUR) exists within the value.
See Get-ADUser for a more in-depth description.

PowerShell - problem with substring in a pipeline

I am trying to replace users description with a substring of his description. I want it to be just the first 10 letters. I try like this:
Get-ADUser abc -Properties description | Set-ADUser -Description "($($PSItem.Description).substring(0,10))"
Can you give me a hint how to make it work?

You never mentioned in what way it doesn't work for you but I assume it's because your SubString method never gets called but instead gets interpreted as text in your string. Try changing your line to the following instead and see if it does what you expect.
You could try it out first by just writing the output to screen rather than (potentially) updating your AD object with the wrong value.
Get-ADUser -abc -Properties Description | foreach { Write-Output "$($PSItem.Description.SubString(0,10))" }
And then run your line once you've made sure you have what you need.
Get-ADUser -abc -Properties Description | Set-ADUser -Description "$($PSItem.Description.SubString(0,10))"

this one gives good output:
Get-ADUser abc -Properties Description | foreach { Write-Output "$($PSItem.Description.SubString(0,10))" }
But this one not:
Get-ADUser abc -Properties Description | Set-ADUser -Description "$($PSItem.Description.SubString(0,10))"
it is giving error like this:
You cannot call a method on a null-valued expression. At line:1
char:71
+ ... on | Set-ADUser -description "$($PSItem.description.SubString(0,10))"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull Set-ADUser : replace At line:1 char:44
+ ... scription | Set-ADUser -description "$($PSItem.description.SubString( ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (CN=abc...C=DOMAIN,DC=com:ADUser) [Set-ADUser],
ADInvalidOperationException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser

Listing information for all computers in an OU using PowerShell

For a lab working on PowerShell, I have to target a specific OU and list the following information in a text file.
DistinguishedName
DNSHostName
Enabled
Name
ObjectClass
ObjectGUID
SamAccountName
SID
UserPrincipleName
I've found a ton of resources online on how to do this and continuously get an error no matter how I format it.
Here is my code:
$ou = 'OU=Testing,OU=Labs,OU=UWEC Computers DC=uwec, DC=edu'
$Computers = Get-ADComputer -Filter '*' -SearchBase $ou
$Computers | foreach {
$_.DNSHostName
} | Out-File -Filepath "C:\Windows\Temp\Lab7.txt"
I continuously get this error no matter what syntax I use:
Get-ADComputer : The object name has bad syntax
At line:1 char:1
+ Get-ADComputer -Filter '*' -SearchBase 'OU=Testing,OU=Labs,OU=UWEC Co ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ADComputer], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8335,Microsoft.ActiveDirectory.Management.Commands.GetADComputer

The code you posted does not match the error you posted. However, the most likely reason for the error is a missing comma in your OU:
$ou = 'OU=Testing,OU=Labs,OU=UWEC Computers DC=uwec, DC=edu'
# ^right here
Change that into
$ou = 'OU=Testing,OU=Labs,OU=UWEC Computers,DC=uwec, DC=edu'
and the problem should disappear.

Extended Attribute Unresolvable, Powershell

I am trying to set up a method in which a user can tell me there username, I plug it in and it will return me their computerName.
//Get the Username
$username = Read-Host -prompt 'Username'
//Get the DistinguishedName and store it
$usernameDN = Get-ADUser $username -properties * | SELECT DistinguishedName
//Get the ComputerName
//This one fails everytime
Get-ADComputer -Filter {ManagedBy -eq $usernameDN} -properties * | SELECT CN,ManagedBy
//Error I receive...almost as if it has to be a string
Get-ADComputer : Invalid value: '' specified for extended attribute:
'ManagedBy'. At line:1 char:1
+ Get-ADComputer -Filter {ManagedBy -eq $usernamedn} -properties * | SE ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-ADComputer], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Comm
ands.GetADComputer
//So you put it as a string
PS C:\WINDOWS\system32> Get-ADComputer -Filter {ManagedBy -eq '$usernamedn'} -properties * | SELECT CN,ManagedBy
//Error
Get-ADComputer : Identity info provided in the extended attribute:
'ManagedBy' could not be resolved. Reason: 'Cannot find an object with
identity: '$usernamedn' under: 'DC=****,DC=*****'.'. At line:1 char:1
+ Get-ADComputer -Filter {ManagedBy -eq '$usernamedn'} -properties * | ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-ADComputer], ADIdentityResolutionException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityResolutionException
,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
//However if you replace the variable with the literal DistinguishedName...it will work
PS C:\WINDOWS\system32> Get-ADComputer -Filter {ManagedBy -eq 'CN=*******\, ***** *.,OU=********,OU=*****,OU=******,DC=*****,DC=******'} -properties * | SELECT CN,ManagedBy
//Result
CN ManagedBy
-- ---------
********* CN=**\, ** *.,OU=***,OU=***,OU=***,DC=***,DC=**
********* CN=**\, ** *.,OU=***,OU=***,OU=***,DC=***,DC=**
So I'm thinking my issue is that the Filter requires it to be string, but I can't figure out the right escape to make the variable read that way.
I tried to do the string formatting as well, but I don't completely understand that yet
Thanks,

I recommend using -LDAPFilter instead of -Filter and using an LDAP filter string:
Get-ADUser -LDAPFilter "(managedBy=$usernameDN)"
It is worth your while to learn the LDAP search filter syntax, since that's what PowerShell has to "translate" the -Filter into anyway.

This was simply an expression problem, your example works fine for me. You are just missing the () inside the {}.
Get-ADComputer -Filter {(ManagedBy -eq $usernameDN)} -properties * | SELECT CN,ManagedBy

How to update user attributes?

I'm trying to write a script that updates every user's msIIS-FTPRoot attribute where the user's description = ‘FTPuser’.
import-module activedirectory
$users = Get-ADUser -SearchBase "dc=NAME,dc=com" -Filter {Description -eq "FTPUser"}
Set-ADUser $users -Replace #{msIIS-FTPRoot='NewTEXT'}
I get the following error:
Missing '=' operator after key in hash literal.
At line:1 char:60
+ Set-ADUser $users -Replace #{msIIS-FTPRoot='\\SOMETEXT\' <<<< }
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MissingEqualsInHashLiteral

Using quotation marks on the attribute name solves your problem.

Set-ADUser $users -Replace #{'msIIS-FTPRoot'='NewTEXT'}