Hi I want to write a powershell scrip that creates a folder for groups in a specific OU where I have set the extensionAttribute1.
Get-ADGroup -filter * -SearchBase "OU=Groups,OU=Test,DC=test,DC=Domain,DC=en" -properties * | where {$_.extensionAttribute1}| select-object samaccountname, extensionAttribute1
so I get the list of groups with extensionAttribute1 and with
Get-ChildItem D:\Test
I get the list of already created folders.
What is the best way to compare these two lists and create one for the groups for which no folder is created yet?
Given you're scenario, you don't have to use Get-ChildItem if you just want to see if the folder already exists. Then, you would only need Test-Path and use a loop to test for each folder.
Get-ADGroup -filter * -SearchBase "OU=Groups,OU=Test,DC=test,DC=Domain,DC=en" -properties "extensionAttribute1" |
Where-Object -FilterScript { $_.extensionAttribute1 -eq "Folder" } |
ForEach-Object `
-Begin { $path = "D:\Test\" } `
-Process {
if (-not (Test-Path -LiteralPath ($path + $_.Name))) {
New-Item -Path $path -Name $_.Name -ItemType "Directory" | Out-Null
}
}
Related
I want to compress a directory in a specific place.
The source path is : \\$Computers\Users\$Names
I want than for each computers a copy of each users directory in the sources path of each computers
I tried to use a foreach loop like :
$Computers = Get-ADComputer -Filter "Name -like 'PC*'" | Select-Object -ExpandProperty Name
$Names = Get-aduser -filter * | Select-Object -ExpandProperty givenname
Foreach($Computer in $Computers)
{
Compress-Archive -Path \\$Computer\Users\* -DestinationPath C:\Saves\\$Computer\Test.zip -Force
}
This actually work, but I don't know how can I add a second loop inside the loop.
If anyone can just explain me the function or just some advises please for trying to do that.
Thank you for your time.
You're approaching the problem with the wrong logic, you do need an inner loop, however, instead of attempting to compress a user profile that you don't know for sure is there you can instead query the remote computer's Users folder to see which ones are there and compress only those ones:
$Computers = (Get-ADComputer -Filter "Name -like 'PC*'").Name
# Add the profiles you want to exclude here:
$toExclude = 'Administrator', 'Public'
$params = #{
Force = $true
CompressionLevel = 'Optimal'
}
foreach($Computer in $Computers)
{
$source = "\\$Computer\Users"
Get-ChildItem $source -Exclude $toExclude -Directory | ForEach-Object {
$params.LiteralPath = $_.FullName
# Name of the zipped file would be "ComputerExample - UserExample.zip"
$params.DestinationPath = "C:\Saves\$computer - {0}.zip" -f $_.Name
Compress-Archive #params
}
}
Okay so we are setting up a card access system that looks at the Active Directory Users thumbnailPhoto attribute. I am creating an audit system that exports the Users and compares them with the JPG images. If the image exists but there isn't a correlating user, it moves the image into an archive to be reviewed. The goal is to remove old employee photos into a folder incase of later hire. I can't get the image to move into another folder if it matches a name in the CSV. Here is the entire code:
<#Write Users to a CSV File #>
$adUsers = get-aduser -filter * -properties displayname | select displayname | export-csv -path PATHWAY.CSV -notypeinformation -encoding unicode
$keepImages = #()
$removeImages = #()
[System.Collections.ArrayList]$arrA = (Get-Childitem -Filter * -path PATHWAY).Basename
[System.Collections.ArrayList]$arrB = Get-Content PATHWAY.CSV
foreach ($itemA in $arrA) {
if ($arrB -ne $itemA) {
$arrB.Remove($itemA)
$removeImages += $itemA }}
$removeImages |out-file -FilePath PATH.csv
<# PUT THE FILES INTO AN ARCHIVE #>
--Cant get it to move here, note I am brand new to Powershell, its not like python at all--
You can try this. I have added inline comments to hopefully explain how it works:
$ImagesFolder = 'D:\UserImages'
$OldUserImages = 'D:\UserImages\OldUsers'
# test if the path to move old images exists and if not create it
if (!(Test-Path -Path $OldUserImages -PathType Container)) {
$null = New-Item -Path $OldUserImages -ItemType Directory
}
# get a list of ADUser display names
$adUsers = Get-ADUser -Filter * -Properties DisplayName | Select-Object -ExpandProperty DisplayName
# get an array of FileInfo objects of the user images currently in the $ImagesFolder.
# filter out only those that do not have a basename that correlates to any of the users DisplayName
# and move these to the $OldUserImages folder.
# Tip: if for instance all are of type JPG, add -Filter '*.jpg' to the Get-ChildItem cmdlet.
Get-ChildItem -Path $ImagesFolder -File |
Where-Object { $adUsers -notcontains $_.BaseName } |
Move-Item -Destination $OldUserImages -Force
If you want to keep track of the images you have moved, you can extend the above like:
$moved = Get-ChildItem -Path $ImagesFolder -File |
Where-Object { $adUsers -notcontains $_.BaseName } |
ForEach-Object {
$file = $_.FullName
$_ | Move-Item -Destination $OldUserImages -Force
[PsCustomObject]#{
'File' = $file
'MovedTo' = $OldUserImages
}
}
# show result on screen
$moved | Format-Table -AutoSize
# write to CSV file
$out = '{0:yyyy-MM-dd}_MovedImages.csv' -f (Get-Date)
$moved | Export-Csv -Path (Join-Path -Path $ImagesFolder -ChildPath $out) -NoTypeInformation
I need to create a script to iterate through a list of user samaccountnames and identify network directories matching their samaccountname on the network. It doesn't seem to work though. Users home folders on the network use their samaccountname in the path. Here is what I have so far:
$userList = "C:\Users\sfp01\My
Documents\Data_Deletion_Testing\User_SamAccountName.csv"
$userDirectory = foreach ($user in $userList)
{
Get-ChildItem -Path "\\ceoii\" -Directory -Recurse | ? {}
}
Export-Csv -Path "C:\Users\sfp01\My
Documents\Data_Deletion_Testing\User_Directory.csv"
First, you need to import the csv as your first line just saves the location of the file in the variable rather than the contents of the file.
Second, you didn't provide the column name of the csv file that contains the user's saMAccountName. You'll need to set up your Where-Object to filter using that information. I am using -match on saMAccountName, but edit this to reflect your requirements.
And I don't think that \\servername\ isn't a valid share name, it should be a share like \\servername\share\ If you want to get all the shares from a server you could enumerate them with something like this invoke-command -ComputerName ceoii -ScriptBlock {Get-SmbShare}
You also probably want to only pull the list of folders once and then filter for each user.
Lastly, you save the information in $userDirectory so you'll want to pipe that information into your export-csv.
$userList = Import-CSV 'C:\Users\sfp01\My Documents\Data_Deletion_Testing\User_SamAccountName.csv'
$folders = Get-ChildItem -Path "\\ceoii\sharename" -Directory -Recurse
$userDirectory = foreach ($user in $userList) {
$folders | Where-Object {$_.name -match $user.saMAcountName}
}
$userDirectory | Export-Csv -Path 'C:\Users\sfp01\My Documents\Data_Deletion_Testing\User_Directory.csv'
More efficient than that would be to use -in or -contains if you know that the folder names exactly match.
$folders = Get-ChildItem -Path "\\ceoii\sharename" -Directory -Recurse
$userList = Import-CSV 'C:\Users\sfp01\My Documents\Data_Deletion_Testing\User_SamAccountName.csv' |
Select-Object -ExpandProperty saMAccountName
$folders |
Where-Object {$_.name -in $userList} |
Export-Csv -Path 'C:\Users\sfp01\My Documents\Data_Deletion_Testing\User_Directory.csv'
At our company file server we used to have loose permissions several years ago.
Meaning, there are folders where users tend to have full permission. This is a bad thing (user playing with rights, locking out the system (and the backup with it) and only giving themselves access.
My goal:
Scan the fileserver folder by folder (files would be too much) and output
folder full path
Security Identity Reference
if someone has fullaccess besides domain admins or system.
The output would be fine as:
Path, ACL
E:\share\projectfolder, Domain\10JohnDoe
E:\share\commonfolder, Domain\Everyone
...
This is what I have, but it is not nearly enough:
##define variable
$path = "E:\Share"
## begin script
foreach ($file in Get-Childitem $path -Recurse -Directory) {
if (Get-Acl $file.FullName |
select -ExpandProperty Access |
where {$_.IdentityReference -notlike "AT\Domain Admins" -and
$_.IdentityReference -notlike "NT AUTHORITY\SYSTEM" -and
$_.AccessControlType -like "Allow" -and
$_.FileSystemRights -like "FullControl"}
) {
Write-Host $file.FullName >> e:\check_acl.txt
Get-Acl $file.FullName |
select -ExpandProperty Access |
where {$_.IdentityReference -notlike "AT\Domain Admins" -and
$_.IdentityReference -notlike "NT AUTHORITY\SYSTEM" -and
$_.AccessControlType -like "Allow" -and
$_.FileSystemRights -like "FullControl"
} >> e:\check_acl.txt
}
}
But I guess, I cannot get the output (into file!) like that.
Write-Host only displays text to the console, it can't be saved. Get-Acl >> check_acl.txt will write the whole "object" and not just the identityreference. What you want is to create a custom object with a Path and ACL (identityreference)-property and export it to csv.
I've also simplified your identity-exclusion and changed the if-test to a foreach-loop so you don't have to run the whole Get-ACL-line twice.
Try this:
##define variable
$path = "E:\Share"
$ExcludeUsers = 'AT\Domain Admins','NT AUTHORITY\SYSTEM','AT\AT-IT','AT\01STREW','AT\01BRUND','AT\01KNAFP','AT\01BECKC'
## begin script
#Create regex-pattern to match all excluded users
$ExcludeUsersRegex = ($ExcludeUsers | % { [regex]::Escape($_) }) -join '|'
Get-Childitem $path -Recurse -Directory | ForEach-Object {
$file = $_
Get-Acl -Path $file.FullName |
Select-Object -ExpandProperty Access |
Where-Object {$_.IdentityReference -notmatch $ExcludeUsersRegex -and $_.AccessControlType -eq "Allow" -and $_.FileSystemRights -eq "FullControl"} |
ForEach-Object {
#Foreach ACL
New-Object psobject -Property #{
Path = $file.FullName
ACL = $_.IdentityReference
}
}
} | Select-Object -Property Path, ACL | Export-Csv e:\check_acl.csv -NoTypeInformation
Sample output:
"Path","ACL"
"C:\Users\frode\Desktop\TEST\YES","CONTOSO\frode"
"C:\Users\frode\Desktop\TEST\YES","CONTOSO\FrodesOtherAccount"
I need some help with script that will delete AD Disabled users Home Folders and Roaming Profiles folders on the Server (DC).
Steps That I already done, I create a powershell command:
Import-Module ActiveDirectory
Get-ADUser -SearchBase "OU=Marked for Deletion,OU=Disable Users,DC=******,DC=com" -Filter * -Property * |
Select-Object -Property homeDirectory,profilePath | Export-CSV -Path .\Remove.csv
This Command export the properties of home folders and roaming profile folders of disabled users.
Now' the CSV file contains two colmuns, one is "homeDirectory" and second "profilePath"
The Problem is, when i execute this script, i get error.
$folders = Get-Content "C:\lab\remove.csv"
foreach ($homeDirectory in $folders) {
Remove-Item -Path $homeDirectory -force -Recurse
}
foreach ($profilePath in $folders) {
Remove-Item -Path $profilePath -force -Recurse
}
write-host -foregroundcolor yellow "Delete action complete"
Can somebody help me with this, I will appreciate it.
First I would remove the type information from your CSV like so:
Import-Module ActiveDirectory
Get-ADUser -SearchBase "OU=Marked for Deletion,OU=Disable Users,DC=******,DC=com" -Filter * -Property * |
Select-Object -Property homeDirectory,profilePath |
Export-CSV -Path .\Remove.csv -NoTypeInformation
Then for your delete code I would use this:
Import-Csv "C:\lab\remove.csv" | % {
Remove-Item -Path $_.homeDirectory -force -Recurse
Remove-Item -Path $_.profilePath -force -Recurse
}
write-host -foregroundcolor yellow "Delete action complete"
The problem with your code is that you are not looping through a column, you looping by line and then doing it twice. To do it your way you would need to split the line at the comma.