my apologies if this has been asked many times before but I could use a hand with the command below. I am extracting Active Directory user information to a CSV but can use a hand with the correct code to replace the telePhoneNumber field with a fixed number of "555-555-5555" if it is null. I guess our organization has a lot of users without a phone number, and when I try to use the csv for our intended project, I can't because it errors and fails to grab the user if they do not have a phone number supplied. Is this possible to do?
Get-ADGroupMember -Identity "GROUPNAME" | Get-ADUser -Properties * | select #{N='UserName';E={$_.UserPrincipalName}},#{N='FirstName';E={"" + $_.givenName}},#{N='LastName';E={"" + $_.sn}},#{N='BusPhone';E={$_.telePhoneNumber}} | Export-csv c:\intel\thegroup.csv -NoTypeInformation
You can do whatever you like in the expression block of a calculated property.
Try changing:
#{N='BusPhone';E={$_.telePhoneNumber}}
to:
#{N='BusPhone';E={if($_.telePhoneNumber){$_.telePhoneNumber}else{'555-555-5555'}}}
Related
I have an issue with Active Directory.
This is the scenario:
I have to perform some queries on a user set.
I have no access to graphical tool, only to Power Shell.
Those users are listed on a csv, one per row.
For those user, I have not the SamAccountName, but Name field, so their names and surnames.
So, I have to give this set as input to my queries.
I searched on google and I found this link, which has been very useful for most basic queries:
http://woshub.com/get-aduser-getting-active-directory-users-data-via-powershell/
Here, more or less at half page, I found something which seems usefull for me:
Task: for the list of accounts that are stored in a text file (one
account per line), you need to get the user’s company name from AD and
save it to a CSV file (you can easily import this file into Excel).
Import-Csv c:\ps\users_list.csv | ForEach {
Get-ADUser -identity $_.user -Properties Name, Company |
Select Name, Company |
Export-CSV c:\ps\users_ad_list.csv -Append -Encoding UTF8
}
So, I tried to convert this query for my needs. For Example, I don't need the company, but UserPrincipalName and SamAccountname.
The point is that when I perform the query, I got an error on -Identity parameter:
Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null or an element of the argument collection contains a null value.
So, I searched again on google but I didin't found a solution; I catch only that the problem is related with use of $_.users variable.
So, I have 2 questions:
What is the problem with the above code?
Many examples I found work giving as input file a list of SamAccountName. In case the list is filled with other value, like mines, should I change something in the code?
EDIT: as requested, I share with you few rows of my csv.The name are of course changed for security and privacy reason.
Mickey Mouse
Donald Duck
Scrooge McDuck
And so on. So, the column is filled with name and surname of people.
I wonder: may be a problem the use of this syntax on other fields?
I mean, the name and surname couple is used not only for Name field in my case, but also for other 2 fields: DisplayName and another one I don't remember exactely. May be this the root cause?
Solved thanks to #Mathias R. Jessen. Is suggestion is valid: due I have a file whit a single column filled qith name and surname,
Get-Content C:\ps\users_list.csv |ForEach-Object { Get-ADUser -LDAPFilter "(ANR=$_)"
is a valid Syntax.
We have users with minor but annoying differences in naming standards that are loosely followed making scripting a pain. The company has been around a while and depending on who was working in IT when the employee was hired the account could follow any naming convention if followed at all.
In one forest we have accounts that start with a-, the manager attribute of that account is the DN of the account owners other/main account without many other common attributes populated. I then need to look up the managers account and grab their SamAccountName. Then I need to add s- to the SamAccountName and do search for that to see if it exists.
Then I need to write the original SamAccountName, the second SamAccountName and the s-SamAccountName and something like a check box if its a valid account name all to a CSV.
without rewriting the script and passing everything to/from a var and then processing that I dont see a way to do it. This script looks up roughly 800 users and processes that three time, so it already takes a while to run without slowing it down with a bunch of var transfers.
$test = get-aduser -ldapFilter "(SamAccountName=a-*)" -Server XXX.int:3268 -Properties manager |
Select -ExpandProperty manager | Get-ADUser -Server XXX.int:3268 |
Select -ExpandProperty samaccountname
$test
You can do something like this to get you started.
$test = get-aduser -ldapFilter "(SamAccountName=a-*)" -Server XXX.int:3268 -Properties manager |
Select-Object SamAccountName,
#{n='Manager';e={Get-ADUser $_.Manager -Server XXX.int:3268 | Select -Expand SamAccountName}},
#{n='s-Manager';e={Get-ADUser "s-$($_.Manager)" -Server XXX.int:3268 | Select -Expand SamAccountName}}
$test
I am not clear if you need to add s- to the manager's or the original account's SamAccountName. The script above adds s- to the manager's SamAccountName.
In scripts where multiple AD lookups are required, sometimes it is best to do one larger lookup and then filter that result for what you need.
Explanation:
The main technique of the script makes use of delayed-script binding with the Select-Object command. Each user object found by the original Get-ADUser command is piped into Select-Object and is accessible by the pipeline variable $_. The hash table select can be updated fairly easily to meet your needs.
Im trying to export AD users to a csv file by powershell. Now one field only needs to have the first letter of the value. Eg: name - Kevin, initials - K.
I have tried with substring, but im obviously doing something wrong:
PS C:\Users\Administrator> Get-ADUser -Filter * -Properties * | Select -Property substring.surname(1,1),surname,givenName,samaccountname,givenN
ame,Mail,Department | Export-CSV "C:\Export\Users.csv" -NoTypeInformation
Obviously im still pretty new to powershell.
You have a couple of issues here:
1) You're selecting "GivenName" twice - PowerShell won't allow that:
2) you want substring (0,1) - start as position 0 and count 1 letter along.
3) this should do what you want it to do:
Get-ADUser -Filter * -Properties * | `
Select #{n='initial';e={$_.surname.substring(0,1)}},surname,givenName,samaccountname,Mail,Department | `
Export-CSV "C:\installs\Users.csv" -NoTypeInformation
essentially, you're creating and recycling a small property array each time - which allows you to set a value (the substring) which is then returned up the chain to the select and then on to your CSV file :)
(might also be worth noting, you're selecting the first letter of the surname, but in your question, you're asking to get K from Kevin - you might want to be selecting from a forename field).
Other notes:
-filter * -properties * is very computationally expensive - you're getting all fields for all users and only selecting a few. try listing properties the same way you do in your select.
select -property - the -property switch is redundant and optional - just using Select stuff,otherstuff will do the same thing and will be easier to read
If you feel the process leanthy, you can also try CJWdev tool or Lepide active directory query tool. They both are free and helps to fetch such AD reports quickly.
I am using ActiveRoles Management Shell under Windows XP , Powershell ver 2 for retreiving Group data from AD and exporting it to csv file.Everything works well apart from getting member list it is so long that the program is writing in excel cells under member column System.String[] each time.How can I make it write whole list there , is it possible ? I could actually have only the name of the member don't need whole connection path.Is there a possibility to get from group field member only name ?
get-QADGroup -SearchRoot 'ou=User,ou=Groups,ou=PL,dc=test,dc=com'| Select-Object -property name,sAMAccountName,description,groupType,member|Export-Csv -path Y:\csv\groups.csv
Ok, as Matt suggested you want an expression in your Select statement. I would use something like this:
#{l="Members";e={$_.Members -join ", "}}
Which when inserted into your one-liner looks like:
get-QADGroup -SearchRoot 'ou=User,ou=Groups,ou=PL,dc=test,dc=com'| Select-Object -property name,sAMAccountName,description,groupType,#{l='Members';e={$_.member -join ", "}}|Export-Csv -path Y:\csv\groups.csv -NoTypeInfo
I also added -NoTypeInfo to the export to skip the annoying lead line telling you it's a PSCustomObject or some such and actually just get your data (and headers).
I don't have access to the quest cmdlets so I will provide a solution based on cmdlets from the activedirectory
Get-ADUser -Filter * -SearchBase "OU=Employees,DC=Domain,DC=Local" -Properties memberof |
Select-Object name,#{Name="Groups";Expression={$_.MemberOf |
ForEach-Object{(Get-ADGroup -Identity $_).Name + ";"}}} |
Export-Csv C:\temp\TEST.CSV -Append
To make sense of this by line:
Should be self explanatory. Get all users in the OU defined. You would need to change this to suit your needs.
The select statement appears normal until you reach the calculated property Groups.
What continues from the previous line is cycling through every group that an individual user is a memberof and get the friendly name of the group (MemberOf returns DistinguishedName's). At the end of every group add a ";" as to not interfere with the CSV that will be made later.
Append to a csv file.
For brevity I didnt include all the extra properties that you included in your Select-Object statement. You would obviously need to add those back as the need fits.
Since you have the use the Quest cmdlets you could just change member in your select statement to the following:
#{Name="Groups";Expression={$_.member | ForEach-Object{"$_;"}}}
I cannot test if this will work. It is based on the assumption that member contains a simple name as supposed to a distinguishedname
I am trying to query AD for a list of users and a particular variable like so:
get-aduser -filter * -Properties * | select Samaccountname,vasco-LinkUserToDPToken | Export-Csv U:\test.csv -NoTypeInformation
However this returns the samaccountname and Microsoft.ActiveDirectory.Management.ADPropertyValueCollection.
Looking at the web I have ascertained that this property is a collection and I would need something along the lines of this to expand it and allow it to be exported to CSV:
get-aduser -filter * -Properties * | select #{name="vasco";expression={$_.vasco-LinkUserToDPToken -join}},samaccountname | Export-Csv U:\test.csv -NoTypeInformation
However I keep getting the following error:
Unexpected token '-LinkUserToDPToken' in expression or statement.
I am guessing that powershell is reading the "-" as some form of operator and dooming out. Unfortunately I cant find a way round it. I understand ` is the escape character but my blunt force usage of it has yielded no useable results. I was hoping someone might be able to help usher me in the right direction. It could well be that my frantic blog post reading has led to me misunderstanding the hash table usage syntax as well...
I have encountered this before in our environment and the trick is the use double quotes after the $_. sign variable like this. $_."vasco-LinkDPToUserToken"
get-aduser -filter * -Properties * | select #{name="vasco";expression={$_."vasco-LinkUserToDPToken" -join}},samaccountname | Export-Csv U:\test.csv -NoTypeInformation
You should be able to access the property by name like this:
$UserObject.Properties.Item("vasco-LinkUserToDPToken")
So your Hash table expression comes to look like this:
#{name="vasco";expression={$_.Properties.Item("vasco-LinkUserToDPToken") -join}}