I need a powershell script to move computer objects from Computers in Active directory according to the following conditions
It will check the username written in the description in the computer object (Username is written on each computer)
Moves the computer to the OU where the user is located.
I used the -SearchBase command while preparing the script but without success;
$ComputerObject = Read-Host "CN=$ComputerObject,OU=Computers,DC=domain,DC=com"
Get-ADComputer -Filter -SearchBase "OU=Computers,DC=domain,DC=com"
Move-ADObject –Identity (I don't know what to write here.)
Is there anyone who can help?
Related
Currently my AD has about 20 or so Computer OUs across the various depts within my organization. These Computer OUs contain both Servers and Workstations I would like a script that will search the entire AD domain to find any servers and then move them to the new "Servers" OU. We are working on some new tooling and need the servers to be in their own OU separate from workstations.
You can try to filter by OperatingSystem
Get-ADComputer -Filter "OperatingSystem -like '*server*'" -SearchBase "CN=Computers,DC=mydomain,DC=local" |
Move-ADObject -TargetPath "OU=Servers,DC=mydomain,DC=local"
I am using powershell to extract all users from an OU who have not signed into their account in 365 number of days.
import-module activedirectory
get-aduser -SearchBase 'ou=staff,ou=brummitt,dc=DUNELAND,dc=LOCAL' -filter 'enabled -eq $true' -Properties samaccountname,lastlogondate |
Where-object {$_.lastlogondate -lt (get-date).AddDays(-365)} |
Select-Object -ExpandProperty samaccountname >>'C:\stale\brummitt.txt'
In attempt to organize the folder these are stored in I have created a folder in my servers C: drive called stale and have a folder called scripts in which the powershell scripts are stored.
When I run the script with powershell and the save extension is C:\stale\brummitt.txt it outputs all users in that OU. When the save location is C:\brummitt.txt it returns the correct users who have not signed in for over a year. Why would the results be changing based on the save location and how can this be combated?
Added:
I am running the powershell script from within the scripts folder.
Did you try using Tee-Object as a part of the pipeline?, that will give you the opotunity to check the stream to the file on console,
I am currently using a powershell script to return last active computers and the respective domain hosts on AD as shown below:
Get-ADComputer -Filter {enabled -eq $true} -properties *|select Name, DNSHostName, OperatingSystem, LastLogonDate
What I want to do next is to list all the computers/servers within the subnet of 255.255.251.0 that use the username "Administrator." How would I go about achieving this through editing my above script?
I have recently deployed LAPS (Local admin password service) on our domain, and would now like to create a script I can run to find machines that have not yet communicated with AD to install the group policy extension and update their local admin password.
I can see that if I run:
Get-AdComputer -Identity Computer_Name -Properties *
I am presented with a computer that has updated its password, and shows the two properties:
ms-Mcs-AdmPwd
ms-Mcs-AdmPwdExpirationTime
My powershell is not great, so I may have the syntax wrong, but when trying to run:
Get-AdComputer -Filter {ms-Mcs-AdmPwd -ne ''}
I get an error that says:
The search filter cannot be recognised
Can anyone advise how I can filter on these two properties? Do I have to pipe into a Where-Object or perhaps even use LDAP filters?
The most appropriate way to do this is with an LDAP filter rather than a PowerShell filter. LDAP filters can test for existence, rather than comparing to a value that could be there (even if it's only remotely possible).
To get a list of computers WITH a password:
Get-ADComputer -LDAPFilter "(ms-mcs-AdmPwd=*)"
And to find computers without one:
Get-ADComputer -LDAPFilter "(!(ms-mcs-AdmPwd=*))"
You can combine that with other parameters to Get-ADComputer if you want to search a specific OU etc.
Ok so I think my issue was to do with me looking for attributes that had not yet been set.
I suspect there may be an ever so slightly more elegant way to filter, but the below works just fine for me:
Get-ADComputer -Filter {ms-Mcs-AdmPwd -notlike "*"}
If I run the command
Get-ADComputer -Filter {ms-Mcs-AdmPwd -notlike '<not set>'}
on my 2016 DC I get a list with all the computers with a password set.
Admittedly, I am not a PowerShell monster, so I'm going to punt...
I am working with a client who is pulling a list of all his user shares on his CIFS server to help redirect AD HomeDirectory paths in a major file server migration. This list is being compared to the list of AD users home directories as AD currently sees them.
The problem is that some user directories use old NT Usernames (NAMEI$) and some use SAMAACCOUNTNAME$. To Additionally complicate, the share SERVER differs in AD due to an elaborate history of DNS aliases over the past 10-15 years - so even though all the users home directories currently exist on SERVERA they could be mapped to OLDSERVER3, OLDERSERVER01, or OLDESTSERVERNT4 - resulting in home directories that are all over the map.
I need to write a script that can use the SAMACCOUNTNAME from a list, then change all the server information in the home directory to \NEWSEVERNAME\CURRENTSHARE$ - hopefully using something like this:
Use UserList
From UserList, get-ADuser -Identity $_ -HomeDrive "U:" -HomeDirectory
in HomeDirectory replace \\*\ with \\NewServer\ while leaving the Share$ untouched.
Set-ADuser -Identity $_ -HomeDrive "U:" -HomeDirectory
I'm fairly certain that this can be accomplished with regular expressions, for/each loops, etc... but I can't put it together.
Thank you for your help!
I went through the same migration a short while ago. Here is what you can use to set the new server while leaving the share folder untouched.
Import-Module activedirectory
$samAccountNameList = get-content "c:\userIds.txt"
$newServer = "newFps01"
foreach ($user in $samAccountNameList) {
$adProperties = get-aduser -Identity $user -Properties homeDirectory, homeDrive
$homeDrive = $adProperties.HomeDrive
# Split original homedirectory path and grab just the share folder portion
$shareFolder = ($adProperties.homeDirectory).Split("\")[3]
$newHomeDirectory = "\\$newServer\$shareFolder"
set-aduser -Identity $user -HomeDrive $homeDrive -HomeDirectory $newHomeDirectory
}