I'm completely new to Powershell and trying to learn as I go. I have a requirement to find all AD users whose passwords have not been reset within the last 365 days, I also need to pull various other fields such as lastlogontimestamp, manager, cn, distinguishedname etc. I have tried the code below and it will show some results in the powershell window but as I have quite a few columns I really need to export - however whenever I try to export I get the following error:
Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At line:6 char:12
+ $outList | Export-Csv -path D:\scripts\test.xml -NoTypeInformation
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ExportCsvCommand
Code I am using displayed below. Any help much appreciated.
`Get-AdUser -Filter 'Enabled -eq $True' -Properties Name, PasswordLastSet, PasswordNeverExpires, SamAccountName, accountExpires, Company, Description, cn, distinguishedName, info,lastLogonTimestamp, manager |
Where-Object {
$_.PasswordLastSet -lt (Get-Date).AddDays(-365)
} |
Format-Table Name, SamAccountName, PasswordLastSet, PasswordNeverExpires, Company, Description, cn, distinguishedName, info, lastLogonTimestamp, manager
$outList | Export-Csv -path D:\scripts\test.xml -NoTypeInformation
When you run the Get-ADUser command it returns certain properties by default - you only need to specify the non-standard properties that you require. In your case there is no need to specify name and SamAccountName.
$outList = Get-AdUser -Filter 'Enabled -eq $True' -Properties PasswordLastSet, PasswordNeverExpires, accountExpires, Company, Description, cn, distinguishedName, info,lastLogonTimestamp, manager | Where-Object { $_.PasswordLastSet -lt (Get-Date).AddDays(-365)}
The command Format-Table only refers screen output. To select properties from an object, use Select-Object
$outList | Select-Object Name, SamAccountName, PasswordLastSet, PasswordNeverExpires, Company, Description, cn, distinguishedName, info, lastLogonTimestamp, manager | Export-Csv -Path D:\scripts\test.csv -NoTypeInformation
TThe above as a one-line command:
Get-AdUser -Filter 'Enabled -eq $True' -Properties PasswordLastSet, PasswordNeverExpires, accountExpires, Company, Description, cn, distinguishedName, info,lastLogonTimestamp, manager | Where-Object { $_.PasswordLastSet -lt (Get-Date).AddDays(-365)} | Select-Object Name, SamAccountName, PasswordLastSet, PasswordNeverExpires, Company, Description, cn, distinguishedName, info, lastLogonTimestamp, manager | Export-Csv -Path C:\temp\test.csv -NoTypeInformation
Related
I have a script that uploads data about a PC with the last activity more than 100 days, I can’t upload it as a normal table and I don’t understand how to add 2 distributionname + description fields
Get-ADComputer -Filter * -Properties OperatingSystem, LastLogonDate | Where { $_.LastLogonDate -LT (Get-Date).AddDays(-100) } | Select-Object Name, OperatingSystem, LastLogonDate | Out-File "\\Client\C$\Users\computer_ad.csv" -encoding Unicode -Delimiter ";"
You should not use Out-File to save as CSV. There is a special cmdlet for that called Export-Csv
Also, it is better to set the reference date to midnight using .Date when comparing to the LastLogonDate.
By default, Get-ADComputer returns these properties:
DistinguishedName, DNSHostName, Enabled, Name, ObjectClass, ObjectGUID, SamAccountName, SID, UserPrincipalName and for anything on top of that you need to specify it in the -Properties parameter.
As for attribute Description, that's easy enough, but what do you mean by distributionname ??
I'm guessing you want the DistinguishedName name there:
$refDate = (Get-Date).AddDays(-100).Date # set this to midnight
Get-ADComputer -Filter * -Properties OperatingSystem, LastLogonDate, Description |
Where-Object { $_.LastLogonDate -lt $refDate } |
Select-Object Name, OperatingSystem, LastLogonDate, Description, DistinguishedName |
Export-Csv -Path "\\Client\C$\Users\computer_ad.csv" -Delimiter ';' -NoTypeInformation
If you really want the file to be encoded in UTF16-LE (Unicode), you can add that to the Export-Csv line: -Encoding Unicode, although UTF8 is more commonly used.
We have few groups in AD for the O365 license.
what powershell script I can get to export all the users under E3 groups.
I was using below, but it only give me information for 365 E3 user only
Get-AdGroupMember -Identity "AZ-APP-Office 365 E3" -recursive | Where objectClass -eq "user" | Get-ADUser -Properties * | select-object displayName,samAccountName,UserPrincipalName,Mail,Manager,Department,Enabled | export-csv c:\temp\365\O365visioLicenseOctober.csv
what powershell script I can get to export all the users from the group which contains "E3.
As Abraham suggested, first get the groups with names starting with 'AZ-APP-Office 365 E3'.
Then use a loop to get the info you need:
Get-ADGroup -Filter "Name -like 'AZ-APP-Office 365 E3*'" | ForEach-Object {
$group = $_.Name
$_ | Get-AdGroupMember -Recursive |
Where-Object {$_.objectClass -eq "user"} |
# Get-ADUser returns these properties by default:
# DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
# so only ask for the extra attributes with parameter '-Properties'
Get-ADUser -Properties DisplayName, EmailAddress, Manager, Department |
Select-Object #{Name = 'Group'; Expression = {$group}},
DisplayName,SamAccountName,UserPrincipalName,EmailAddress,Manager,Department,Enabled
} | Export-Csv -Path 'c:\temp\365\O365visioLicenseOctober.csv' -NoTypeInformation
Quick question guys, I'm updating a PS script that notifies users when their AD password is about to expire to exclude/Omit certain OUs from the notification. Example: Exclude "RemoteUsers" and "AppUsers" I have created a variable $Searchxyzbase="DC=example,DC=com" at the beginning of the script followed by the following:
# Get Enabled Users From AD RemoteUsers and AppUsers OU
Import-Module ActiveDirectory
$users = get-aduser -SearchBase $Searchxyzbase -Filter {(enabled -eq $true) -and (passwordNeverExpires -eq $false)} | -properties sAMAccountName, displayName, PasswordNeverExpires, PasswordExpired,
PasswordLastSet, EmailAddress, lastLogon, whenCreated
$DefaultmaxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
I know I suppose to be passing the following but not sure exactly where in the code.
? {$_.distinguishedname -notmatch 'OU=RemoteUsers|OU=AppUsers'}
I added it as follows:
# Get Enabled Users From AD RemoteUsers and AppUsers OU
Import-Module ActiveDirectory
$users = get-aduser -SearchBase $Searchxyzbase -Filter {(enabled -eq $true) -and
(passwordNeverExpires -eq $false)} | ? {$_.distinguishedname -notmatch 'OU=RemoteUsers|OU=AppUsers'} -properties sAMAccountName, displayName, PasswordNeverExpires,
PasswordExpired,
PasswordLastSet, EmailAddress, lastLogon, whenCreated
$DefaultmaxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
When I execute the code, it runs and return the following error:
`Where-Object : A parameter cannot be found that matches parameter name 'properties'.
At C:\code\ps.ps1:69 char:176
+ ... inguishedname -notmatch 'OU=RemoteUsers|OU=AppUsers'} -properties sAMAcco ...
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommand`
Doug suggestion worked. Thanks
This are the lines where Powershell gets all the groups in AD
Get-ADGroup -Filter * -Properties SamAccountName, managedBy, Name, Description, GroupCategory |
Select-Object SamAccountName, #{Name = 'ManagedBy'; Expression = { (Get-ADUser -Identity $_.managedBy -Properties DisplayName).DisplayName }},Name, Description, GroupCategory
What I'm trying to accomplish is to get only the AD groups where the owner Enabled property is set to disabled, something like the following but I cannot complete the logic
Get-ADGroup -Filter * -Properties SamAccountName, managedBy, Name, Description, GroupCategory |
Where (Get-ADUser -Filter "DisplayName -eq '$($_.DisplayName)'" | Select SamAccountName, Enabled -eq "false") |
Select-Object SamAccountName, #{Name = 'ManagedBy'; Expression = { (Get-ADUser -Identity $_.managedBy -Properties DisplayName).DisplayName }},Name, Description, GroupCategory
EDIT:
Applying jfrmilner's answer I get the following error
Get-ADUser : Cannot find an object with identity: 'CN=example,OU=example,OU=User Archive,DC=example,DC=example' under: 'DC=example,DC=example'.
At line:2 char:18
+ Where-Object { !(Get-ADUser -Identity $_.ManagedBy).Enabled } |
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (CN=exampl...,DC=example,DC=nexample:ADUser) [Get-ADUser], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
This will return only AD Groups where the ManagedBy User is Disabled:
Get-ADGroup -LDAPFilter "(ManagedBy=*)" -Properties ManagedBy, Description | Where-Object { !(Get-ADUser -Identity $_.ManagedBy).Enabled }
I've been trying to get a list of all the groups in our AD environment (with the description) and their members and output it to a CSV file. Ideally the users would be shown under their group. The script I've been trying to use is:
Import-Module ActiveDirectory
Get-ADGroup -Filter * -Properties Description |
Select-Object Name, Description |
ForEach-Object {
Get-ADGroupMember -Identity $_.DistinguishedName -Recursive |
Get-ADObject -Properties SamAccountname, Title, Department |
Select-Object Name, SamAccountName, Title, Department, DistinguishedName, ObjectClass
} | Export-Csv -Path c:\temp\ADGrab.csv -NoTypeInformation
The error I keep getting is as follows:
Get-ADGroupMember : Cannot validate argument on parameter 'Identity'. The argument
is null or empty. Supply an argument that is not null or empty and then try the
command again.
At C:\Users\j_kennedy_ta\AppData\Local\Temp\9\2898ceb2-a6cf-4fbf-9341-e651dad2145d.ps1:4 char:28
+ Get-ADGroupMember -Identity <<<< $_.distinguishedname -Recursive |
+ CategoryInfo : InvalidData: (:) [Get-ADGroupMember], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Without the nasty Select-Object and with group information in the CSV file:
Import-Module ActiveDirectory
Get-ADGroup -Filter * -Properties Description |
ForEach-Object {
# Store for later use
$groupName = $_.Name
$groupDescription = $_.Description
Get-ADGroupMember -Identity $_.DistinguishedName -Recursive |
Get-ADObject -Properties SamAccountname, Title, Department |
Select-Object Name, SamAccountName, Title, Department, DistinguishedName, ObjectClass, ` # Mind the gap
# Calculated properties with group information
#{ name = "GroupName"; expression = $groupName }, `
#{ name = "GroupDescription"; expression = $groupDescription }
} | Export-Csv -Path c:\temp\ADGrab.csv -NoTypeInformation