I'm tryin to get a powershell query with two displaynames in it. It works fine with one displayname.
Get-ADUser -Filter "displayName -like '**'" -SearchBase "OU= ,OU= ,OU= AG,DC= ,DC=" -Properties * | select-object mail | sort-object
How can i insert more displayname variables to the code?
You can use OR in the filter
Get-ADUser -Filter "DisplayName -like '*user1*' -or DisplayName -like '*user2*'" -SearchBase "OU= ,OU= ,OU= AG,DC= ,DC=" -Properties Mail |
Select-Object -ExpandProperty Mail | Sort-Object
Using LDAP Filter you can do like this (using | as OR)
Get-ADUser -LDAPFilter "(|(cn=*user1*)(cn=*user2*))" -SearchBase "OU= ,OU= ,OU= AG,DC= ,DC=" -Properties Mail |
Select-Object -ExpandProperty Mail | Sort-Object
Related
Using the Get-ADComputer command I am gathering the count of the operating systems for each OU based on when the password was last set. The problem I am facing, is exporting the whole thing into a CSV file.
When I append the (Export-Csv -Path 'c:\blah') it will only take the last command and leave the others in the console.
$ou1 = 'OU=Computers,OU=Name1,DC=domain,DC=com'
$ou2 = 'OU=Computers,OU=Name2,DC=domain,DC=com'
$ou3 = 'OU=Computers,OU=name3,DC=domain,DC=com'
$prop = 'OperatingSystem -Like "Windows 10*"'
Get-ADComputer -SearchBase $ou1 -Filter $prop -Property DistinguishedName, OperatingSystem, pwdLastSet |
Select-Object DistinguishedName, OperatingSystem,
#{Name="pwdLastSet";Expression={[datetime]::FromFileTime($_.pwdLastSet)}},
#{Name="90_Days_Old";Expression={([datetime]::FromFileTime($_.pwdLastSet)).AddDays(90) -le (Get-Date)}}
Get-ADComputer -SearchBase $ou2 -Filter $prop -Property DistinguishedName, OperatingSystem, pwdLastSet |
Select-Object DistinguishedName, OperatingSystem,
#{Name="pwdLastSet";Expression={[datetime]::FromFileTime($_.pwdLastSet)}},
#{Name="90_Days_Old";Expression={([datetime]::FromFileTime($_.pwdLastSet)).AddDays(90) -le (Get-Date)}}
Get-ADComputer -SearchBase $ou3 -Filter $prop -Property DistinguishedName, OperatingSystem, pwdLastSet |
Select-Object DistinguishedName, OperatingSystem,
#{Name="pwdLastSet";Expression={[datetime]::FromFileTime($_.pwdLastSet)}},
#{Name="90_Days_Old";Expression={([datetime]::FromFileTime($_.pwdLastSet)).AddDays(90) -le (Get-Date)}}
My expected result is to have the content of all three commands into a CSV file.
You have a lot of redundant code. Use a loop to avoid that. Also, there's no need to convert the property pwdLastSet (which contains the raw value from the AD attribute) to a DateTime value. The Get-ADComputer cmdlet already does that for you (the name of the property you want is PasswordLastSet).
$ou = 'OU=Computers,OU=Name1,DC=domain,DC=com',
'OU=Computers,OU=Name2,DC=domain,DC=com',
'OU=Computers,OU=name3,DC=domain,DC=com'
$prop = 'OperatingSystem -like "Windows 10*"'
$ou | ForEach-Object {
Get-ADComputer -SearchBase $_ -Filter $prop -Property DistinguishedName, OperatingSystem, PasswordLastSet |
Select-Object DistinguishedName, OperatingSystem, PasswordLastSet,
#{Name="90_Days_Old";Expression={$_.PasswordLastSet.AddDays(90) -le (Get-Date)}}
} | Export-Csv 'C:\path\to\output.csv' -NoType
You can put all your OUs into an array then use a foreach (%) as the SearchBase. This will also allow you to pipe (|) the results to a csv:
#OUs
$OUs = #('OU=Computers,OU=Name1,DC=domain,DC=com','OU=Computers,OU=Name2,DC=domain,DC=com','OU=Computers,OU=name3,DC=domain,DC=com')
$prop = 'OperatingSystem -like "Windows 10*"'
#forach --> | CSV
$OUs | %{Get-ADComputer -Filter $prop -Properties DistinguishedName, OperatingSystem, pwdLastSet -SearchBase $_ | Select-Object DistinguishedName, OperatingSystem,
#{Name="pwdLastSet";Expression={[datetime]::FromFileTime($_.pwdLastSet)}},
#{Name="90_Days_Old";Expression={([datetime]::FromFileTime($_.pwdLastSet)).AddDays(90) -le (Get-Date)}}} | Export-Csv Test123.csv -NoTypeInformation
I'm trying to pull some information from AD but having difficulty. I'm trying to get a list of users that have the PRIMARY smtp address from the ProxyAddresses attribute (an array) in a specific format (SMTP:firstname.lastname*) only. I only want the ones that match "SMTP" (case sensitive) and of those only those that have the email address in the format of firstname.lastname.
Get-ADUser -SearchBase "DC=corp,DC=companyx,DC=com" -Filter * -Properties ProxyAddresses,sn,givenname,displayname,mail |
Where-Object {$_.ProxyAddresses -clike "SMTP:{$_.givenname+$_.sn}*"} # | Select-Object proxyaddresses,displayName,givenName,sn
Try this:
Get-ADUser -SearchBase "DC=corp,DC=companyx,DC=com" -Filter * -Properties ProxyAddresses,sn,givenname,displayname,mail |
Where-object {($_.ProxyAddresses -cmatch "SMTP:") -and ($_.ProxyAddresses -match "$($_.givenname).$($_.sn)*")}
Get-ADOrganizationalUnit -Filter * |Where-Object {$_.name -like "Users"}|ForEach-Object { Get-ADUser -SearchBase $_.DistinguishedName -Filter * -Properties *}|select name, memberof|export-csv .\output.csv
I get Microsoft.ActiveDirectory.Management.ADPropertyValueCollection as the output for memberof
Get-ADOrganizationalUnit -Filter * |Where-Object {$_.name -like "Users"}|ForEach-Object { Get-ADUser -SearchBase $_.DistinguishedName -Filter * -Properties *}|select name, #{n='memberof'; e={$_.Memberof -join '~'}} | export-csv .\output.csv
I decided to delimit the MemberOf using the tilde since there was no detail in the question regarding the result that you were actually after.
This works
Get-ADOrganizationalUnit -Filter *|Where-Object {$_.name -like "Users" -and "No GPO" }|
ForEach-Object { Get-ADUser -SearchBase $_.DistinguishedName -Filter * -Properties *}|
select Name, Office, #{n=’MemberOf’; e= {( $_.memberof | % { (Get-ADObject $_).Name }) -join “,” }}|
export-csv C:\Member_list_Output.csv -NoTypeInformation
I'm trying to stitch together two lines of PowerShell, but I just can't figure the syntax. There is a post that sounds like it might be what I need, but it isn't using -LDAPFilter.
To generate a list of AD users created in the last 100 days, I use
$now = ((Get-Date).AddDays(-100)).Date
$users = Get-ADUser -Filter {whenCreated -ge $now} -Searchbase "OU=staff,OU=SMUC_Users,DC=stmarys,DC=ac,DC=ie" |
Where-Object { $_.Enabled -eq 'True' }
And this code from "How to get ALL AD user groups (recursively) with Powershell or other tools?" does the next step, which is to find all the groups that a user is a member of:
$username = 'd.trump'
$dn = (Get-ADUser $username).DistinguishedName
Get-ADGroup -LDAPFilter ("(member:1.2.840.113556.1.4.1941:={0})" -f $dn) |
select -Expand Name
but I can't pipe the output of the first into the second to get an overall list.
Get-ADUser -Filter {whenCreated -ge $now} -Searchbase "OU=staff,OU=SMUC_Users,DC=stmarys,DC=ac,DC=ie" |
Where-Object { $_.Enabled -eq 'True' } |
Select-Object DistinguishedName |
Get-ADGroup -LDAPFilter ("(member:1.2.840.113556.1.4.1941:={0})" -f $_) |
select -expand Name
The error message is:
Get-ADGroup : The search filter cannot be recognized
I thought the second code snippet extracted the distingushed name and supplied it to the filter, and that is what I have tried to do in the pipeline.
You are missing ForEach-Object (alias %).
The following code should work:
Get-ADUser -Filter {whenCreated -ge $now} -SearchBase "OU=staff,OU=SMUC_Users,DC=stmarys,DC=ac,DC=ie" `
| Where-Object { $_.Enabled -eq 'True' } `
| %{Get-ADGroup -LDAPFilter ("(member:1.2.840.113556.1.4.1941:={0})" -f $_.DistinguishedName)} `
| Select-Object -ExpandProperty Name
If you want to output both user and group information you can expand the code like this:
Get-ADUser -Filter {whenCreated -ge $now} -SearchBase "OU=staff,OU=SMUC_Users,DC=stmarys,DC=ac,DC=ie" `
| Where-Object { $_.Enabled -eq 'True' } `
| %{$group = Get-ADGroup -LDAPFilter ("(member:1.2.840.113556.1.4.1941:={0})" -f $_.DistinguishedName);Write-Output $_.UserPrincipalName $group.Name}
I am trying to get a subset of users. I want to capture a list of groups members but only those who have a canonical name that starts with "contoso.com" Here is the code snippet hopefully someone can help me.
Get-ADGroupMember -Identity $GroupName | where{$_.ObjectClass -eq "User"} | Get-ADUser -Properties CanonicalName | Select CanonicalName | where{$_.CanonicalName -Like "contonso.com"}
Get-ADGroupMember -Identity $group | where{$_.ObjectClass -eq "User"} | Get-ADUser -Properties CanonicalName | where{$_.CanonicalName -match "contoso.com"} | select Canonicalname,name
You need to add a wildcard so that the remaining characters in the CanonicalName will match something in the -like criteria:
...where{$_.CanonicalName -Like "contonso.com*"}
# add a wildcard here ^