The property OnlineVoiceRoutingPolicy returned in powershell is inconsistent. Either i'm doing something wrong with when selecting based on identity, or theres a bug i'm unaware of.
When not selecting from identity i get something like this:
Get-CsOnlineUser | Select-Object -Property OnlineVoiceRoutingPolicy, UserPrincipalName
OnlineVoiceRoutingPolicy UserPrincipalName
------------------------ -----------------
DK user1#test.it
...//other similar users
But when i use the -Identity argument:
Get-CsOnlineUser -Identity user1#test.it | Select-Object -Property OnlineVoiceRoutingPolicy, UserPrincipalName
OnlineVoiceRoutingPolicy UserPrincipalName
------------------------ -----------------
user1#test.it
This happens fo all users, if i get the collection of users, OnlineVoiceRoutingPolicy is correctly set, but if i get a specific user, it's blank.
Any suggestions as to why this happens ?
Related
I have an application that has never had old users cleaned out of it. I exported all the LastName, FirstName to a .CSV, but would like to have it add the SAM Account Name as well. This is so I know whether the person even still exists in the company. The below script works perfectly, but...if there is no existing SAM name, it doesn't bother to include the display name. I would like to have the field called SamAccountName just put in some text like "To be removed" if there is no matching AD account. I sure it's a simple conditional check, but my PowerShell game is weak.
Import-Csv c:\temp\DisplayName.csv | ForEach {
Get-ADUser -Filter "DisplayName -eq '$($_.DisplayName)'" -Properties Name, SamAccountName, Company |
Select Name, SamAccountName, Company
} | Export-CSV -path C:\temp\SamAccountName.csv -NoTypeInformation
You can use a calculated property for that. That way you pass everything from the original CSV, and just add in the samaccountname you want.
Import-Csv c:\temp\DisplayName.csv | Select *,#{l='samAccountName';e={Get-ADUser -Filter "DisplayName -eq '$($_.DisplayName)'" -Properties Name, SamAccountName, Company | Select -Expand SamAccountName}} | Export-CSV -path C:\temp\SamAccountName.csv -NoTypeInformation
Is there any simple way to just filter user group member like this:
$abcgroup = (Get-ADUser -Identity username –Properties MemberOf) | where {$_.MemberOf -like "*ABC*"}| Select-Object -ExpandProperty MemberOf | FT MemberOf -AutoSize
And return user group just the ABC-XYZ instead of every single group as output, otherwise any easy method to process all the group name and just extract the any group name start with ABC-*
Thanks
I would make it a little bit simpler, both in server and local processing:
Get-ADGroup -LDAPFilter "(&(member=$((Get-ADUser username).distinguishedName))(sAMAccountName=abc-*))"
This would get all the groups that include selected user and their name matches the pattern. This would only include two LDAP requests (one for getting user DN, one for getting all the groups). All the selection will be done on the server and only interesting values will be returned, meaning less data transfer and less post-processing (i.e. filtering) on the client side.
Untested, but this might work:
$abcgroup = (Get-ADUser -Identity username –Properties MemberOf).MemberOf |
Where-Object {$_ -match '^cn=ABC-'} | ForEach-Object {(Get-ADGroup -Identity $_).Name}
$abcgroup | Format-Table
I'd like to get a list of users that haven't used their account in the past 90 days. And I'd like to see in which OU/DC they are without getting the CN. is this possible? I'm using PowerShell ISE for this
I currently have
Search-ADAccount -UsersOnly –AccountInActive –TimeSpan 90:00:00:00
–ResultPageSize 2000 –ResultSetSize $null
| ?{$_.Enabled –eq $True}
| Select-Object Name, SamAccountName, DistinguishedName, LastLogonDate
| Export-CSV “C:\Temp\InActiveUsers.CSV” –NoTypeInformation
This returns the full distinguished name and I have to remove the CN in Excel afterwards, which is an annoying mess - I'd rather not deal with that repeatedly.
The solution doesn't have to be based on search-adaccount, but I do want it to be in a single code, so I don't have to get a list of users and then use that list with another bit of code to get their OU/DC.
You can grab the superior DN by splitting the string on the first non-escaped comma and discard the CN part:
# ...
| Select-Object Name,SamAccountName,#{Name='OU';Expression={($_.DistinguishedName -split '(?<!\\),',2)[1]}}, LastLogonDate
If your domain is running at least Windows 2012, you can ask for the msDS-parentdistname attribute, which will give you the DN of the parent object. It's a constructed attribute, which means it's calculated at the time you ask for it. You have to specifically ask for it, which means in this case I think you'll have to pipe the result into Get-ADUser to do so. That might slow things down quite a bit (there are faster ways to do this) but it should work.
Search-ADAccount -UsersOnly –AccountInActive –TimeSpan 90:00:00:00
–ResultPageSize 2000 –ResultSetSize $null
| ?{$_.Enabled –eq $True}
| Get-AdUser -Properties Name, SamAccountName, "msDS-parentdistname", LastLogonDate
| Select-Object Name, SamAccountName, "msDS-parentdistname", LastLogonDate
| Export-CSV "C:\Temp\InActiveUsers.CSV" –NoTypeInformation
In Powershell you can use the Get-ADUser commandlet to get all users in Active Directory. You can then pipe this to Format-Table to list some of the values in a table.
However, some of the values returned are also objects, for example the users manager.
How do I display a property of this child-object alongside properties of the parent - e.g. manager's name or email address?
I tried the following, but no joy:
Get-ADUser -Properties name, mail, manager | Format-table name, mail manager.name
Is there are simple way to do this?
The manager property is just a string (not an object with sub-properties). Two options:
1) Extract the name from the manager's DN (faster):
... | select Name,mail,#{n='manager';e={$_.manager -replace '^CN=([^,]+).+$','$1'}}
2) Get the name with an additional Get-ADUser call (slower):
... | select Name,mail,#{n='manager';e={(Get-ADUser $_.manager).Name}}
And you can always pipe to Foreach-Object and create a custom object for each user.
Maybe with calculated properties? Try something like that:
Get-ADUser -Properties name,mail,manager | Format-Table #{n="Manager Name";e={(Get-Aduser -Filter { DistinguishedName -eq $_.manager }).Name}}
I am very new to Powershell and am having an issue when using the Get-ADUser and GetADComputer cmdlets.
I am trying to use the Get-ADComputer and Get-ADUser to retrieve the memberOf from Active-Directory of all the users and computers. It only appears to be retrieving information from users and computers that are in 2 or more groups. Any users/computers that are only in 1 group display nothing.
For example: If UserA is in group Administrators I get no output when I use MemberOf. But if User2 is in both Administrators and Domains Administrators I get some output. However it will only output one of those groups.
Get-ADGroup does the same thing.
Is this normal? I can't imagine it is.
Here is my code:
Get-ADUser -Filter * -Properties * | Select-Object -Property Name,MemberOf | Sort-Object -Property Name
Thanks
Your trouble comes from the fact that the primary group is not part of the memberOf attribute.
So try this :
Get-ADUser -Filter * -Properties * | Select-Object -Property Name,MemberOf,PrimaryGroup | Sort-Object -Property Name
You'll find a deeper explanation in this answer.