I was just wondering, it would be cool to know all the atributes used in powershell commands so i can list them all and be more efficient when I have to query something, instead of looking online for the command I need.
I'm probably explaining too bad, I mean this options:
Get-ADUser -Filter "name -like '*ldap*'" -Properties * | select Name,SamAccountName,LastLogonDate,PasswordLastSet,EmailAddress,Enabled
The options that go after the option -Filter... Name, SamAccountName, enabled, etc.
I would be really grateful, thanks in advice ü
To find the options for a command, use Get-Help «command» -detailed or look up the command on-line at Microsoft Docs. To find out what methods and properties an object returned from a command might have, pipe the object to Get-Member.
Related
I would like to change the Active Directory Group tab ManagedBy user to another one. With PowerShell script, I exported the groups with the old owner (>150) to a csv file. Now I need to change the owner of those groups using the csv file as input.
I don`t have much experience with scripting, I appreciate any help.
Thanks!
The task is very easy with PowerShell. You didn't show an example of the CSV data you exported so an example may not be exact. However, I assume you exported the default output of Get-ADGroup it might look something like this
(Import-Csv C:\temp\managedBy.csv).DistinguishedName| Set-ADGroup -ManagedBy <NewManager's DN>
Note: I like to use the DistinguishedName for these things but samAccountName should also work.
(Import-Csv C:\temp\managedBy.csv).samAccountName | Set-ADGroup -ManagedBy <NewsamAccountName>
Note: Again with the assumption that your Csv data is a direct export Get-ADGroups's output. You cannot pipe Import-Csv directly to Get/Set-ADGroup as the latter will have trouble determining which property to bind to the -Identity parameter.
However, I would point out you really don't need the intermediate Csv file. You can query AD directly for groups managed by the old manager and pipe that to a command to change the owner.
Get-ADGroup -Filter "ManagedBy -eq '<OldOwner'sDN>'" |
Set-ADGroup -ManagedBy "<NewOwner'sDN"
Note: Again you may be able to get away with using the samAccountName instead of the DN.
Note: You can add the WhatIf parameter to the Set-ADGroup` command to preview what will happen before actually running it.
This is a two-fold question.
First, I'm trying to get this PS command to work (trying to pull accounts with certain characters in their description and replace those characters), and it keeps giving me the "Unexpected token 'Set-ADUser' in expression or statement." error:
Get-ADUser -Filter {description -like "*Example*"} -Properties description | ForEach-Object {$newDescription = $_.Description.Replace("Example", "Example2") Set-ADUser -Identity $_ -Description $newDescription}
I'm basing this off of what I found here (Second Answer - by Ansgar Wiechers) How to Replace Description Text for All Users in an Organizational Unit using Powershell
Any Help is much appreciated! Never used a site like this before but don't want to spend Way too much time on this.
My second question relates to the first one, with examples on the link mentioned previously. Is there a way to move to the next line in PS without hitting Enter?
The reason I ask is when I copied the code from the above link into Word, edited it, then copied into PS and ran it, it ran fine--didn't actually change anything, but it ran. When I try to run it all as one line, it throws the error.
Are people building the commands in another program when they do it like this?
You almost got it right. The only mistake was that you needed to use $_.DistinguishedName or $_.SamAccountName for the -Identity parameter of Set-ADUser.
These things happen quite often when you try and put everything on one single line like you did. This makes reading the code very hard to do.
I also have changed the .Replace into -replace. This makes it case-insensitive (same as your -Filter),so now also 'example' will be replaced by 'Example2'.
Here's the new code.
Get-ADUser -Filter { Description -like "*Example*"} -Properties Description |
ForEach-Object {
$newDescription = $_.Description -replace "Example", "Example2"
Set-ADUser -Identity $_.DistinguishedName -Description $newDescription
}
So, I have a Powershell script that I use to see if usernames in an array are Smartcard Enabled. A lot of the scripts that are used to automate my company use VBS. Unfortunately my VBS is VERY rusty and I need to convert this powershell into VBS so my lead programmer can use it in a larger script. The script is below. I am leaving out the ADUC Hierarchy for my company's safety. It will be written in the code as "OU=,DC=" Thanks for the assist.
$Array="C:\UserNames.csv"
ForEach($Name in $Array)
{
Get-ADUser -SearchBase "OU=,DC=" -Filter * -Properties * | Where {$_.CN -like "*$Name*"} | Where {$_.SmartcardLogonRequired -eg %False} | Select SamAccountName,GivenName,Surname,SmartcardLogonRequired
}
Turns out he didn't actually want this translated. He needed the UserAccountControl Code for SMARTCARD_REQUIRED (262144). Well, I can scrap the last 3 days of work. Thanks for the comments.
Okay, sorry for the probably noobish question.
I've been studying PowerShell for a while now, and have run into something I can't quite figure out how to word correctly for google.
In the most basic sense, here is what I'm trying to do.
Get-Process -id 76*
Now I understand that -id will not handle wildcard * characters.
If I wanted to in theory use
Get-Process -id
and create a wildcard script for this purpose, how would I do this? Do i need to create my own function?
I'd like to add as well that PS says specifically the * is not a usable character for the -Name Parameter, yet I can use this. Is this an error with MS?
Thank you for any advice in advance!
Use a (Where-Object) filter over the Get-Process output.
In this case:
Get-Process | where { $_.Id -like '76*' }
(where is an alias for Where-Object cmdlet.)
I have a very simple question but for some reason I can't seem to get my head around it.
I need a line of code that could be ran as a user from a client and lists all the "memeber of" groups from the AD (ONLY FOR THIS CURRENT USER). similar to
Get-ADGroupMember -identity "domain admins" -Recursive | foreach{ get-aduser $_} | select SamAccountName,objectclass,name
I would like the result to be listed.
I either need a way to import the AD module on a client computer or another way to contact the DC and get the users current "memeber of" groups.
/Niklas
I found the best way for my needs but CB.'s answer worked as well!
[ADSISEARCHER]"samaccountname=$($env:USERNAME)").Findone().Properties.memberof -replace '^CN=([^,]+).+$','$1'
I can then keep using this output in my code
you can use dos command line:
net user /domain %username%
The easiest way to do this would be with
Get-ADPrincipalGroupMembership -identity "Username"
Now this also means that you would have to have the active directory module loaded which you can find more information on its use on Technet Get-ADPrincipalGroupMember
If you simply want to produce a list, make a call to the command prompt as I find this works well, although it does truncate group names:
net user %username% /DOMAIN
If you want to programmatically get them and easily do something with that data, you'll want to rely on the Active Directory cmdlets.
To determine if you have these readily available in Powershell, you'll need to run the following command:
Get-Module –ListAvailable
If you don't see ActiveDirectory in the list you will need to first download and install the Windows Management Framework and import the module yourself:
Import-Module ActiveDirectory
Once that's done I believe this command should do the trick:
(Get-ADUser userName –Properties MemberOf | Select-Object MemberOf).MemberOf
Hopefully that gets you started. I'm fairly certain that there's more than one way to accomplish this with Powershell. Take a look at the Microsoft TechNet documentation to see if you can find something that better suits your needs.
Personally I have only ever needed to query AD group memberships ad-hoc for diagnostic purposes and have always relied on Get-ADUser or the command line call, depending on the target audience of the resulting data.