Why is the the exported file blank?

Why is the the exported file blank? - powershell

I found this Powershell line that returns a list of users and password expiry dates:
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",#{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
I have tried to pipe the out put to:
Export-Csv -Path .\Passwrd.csv -NoTypeInformation
So now it looks like this:
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",#{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | Export-Csv -Path .\Passwrd.csv -NoTypeInformation
This completes but the output file is empty.
Can anyone help please?

Related

How can I list all ad users that are disabled and still have ad groups?

I need to provide a report of accounts that are disabled, but still have security groups in their account so I can purge them. Can you help me with this? In my file, it doesnt show groups Name. I only get Microsoft.ActiveDirectory.Management.ADPropertyValueCollection
$path = "c:\temp\DisabledUsers_ContainGroups ($(Get-Date -Format "yyyy-MM-dd")).xlsx"
$date = Get-Date -Format yyyy-MM-dd
Get-ADUser -Filter ({enabled -eq $false -and memberof -like '*'}) -properties Name, Samaccountname, memberof | select Name, Samaccountname, memberof | Export-excel -Path $path -WorksheetName $date -AutoSize -AutoFilter -TableStyle Medium2

I got what im looking for. Not sure how i can add a new line instead of -join ';' but it works fine. Thanks for your help.
$path = "c:\temp\DisabledUsers_GroupMembership ($(Get-Date -Format "yyyy-MM-dd")).xlsx"
$date = Get-Date -Format yyyy-MM-dd
GET-ADUSER -Filter {Enabled -eq $false} –Properties name, samaccountname, MemberOf |
where {$_.MemberOf.Count -gt 1} |
select name, samaccountname, #{N= "Groups"; E ={(($_.MemberOf).split(",") |
where-object {$_.contains("CN=")}).replace("CN=","") -join ';'}} |
Export-excel -Path $path -WorksheetName $date -AutoSize -AutoFilter -TableStyle Medium2

This should get you going...
Get-AdUser -Filter {Enabled -eq $false} |
select *, #{l='MemberOf'; e={Get-AdPrincipalGroupMemberShip $_}} |
where {$_.MemberOf.Count -gt 1}
Then you can filter out the properties you would like to keep
Get-AdUser -Filter {Enabled -eq $false} |
select *, #{l='MemberOf'; e={Get-AdPrincipalGroupMemberShip $_}} |
where {$_.MemberOf.Count -gt 1} |
SamAccountName, MemberOf
or if you don't like to get all properties of the groups
Get-AdUser -Filter {Enabled -eq $false} |
select *, #{
l='MemberOf';
e={Get-AdPrincipalGroupMemberShip $_ | Select Name}
} |
where {$_.MemberOf.Count -gt 1} |
SamAccountName, MemberOf

Powershell last logon query. Help setting up array to go thought all my domain controllers

This script below works, but every attempt I make to have it cycle through all my domain controllers fail. How do I add a array to go through all these OUs on all my domain controllers. Thanks in advance!
$OUs= “OU=Test1,OU=Test1,OU=Test1,OU=Test1,OU=All Users,DC=domain,DC=local",
"OU=Test2,OU=Test2,OU=Test2,OU=All Users,OU=Test2,DC=domain,DC=local",
"OU=Test3,OU=Test3,OU=Test3,OU=All Users,OU=Test3,DC=domain,DC=local",
"OU=test4,OU=test4,OU=test4,OU=All Users,OU=test4,DC=domain,DC=local",
"OU=Test5,OU=test5,OU=Test5,OU=All Users,OU=test5,DC=domain,DC=local”
$OUs | ForEach-Object
{
Get-ADUser -Filter {Enabled -eq $TRUE} -SearchBase $_ -Properties Name,SamAccountName,LastLogonDate |
Where-Object {($_.LastLogonDate -lt (Get-Date).AddDays(-7)) -and ($_.LastLogonDate -ne $NULL)}
} |
Sort LastLogonDate |
Format-Table -Property Name,SamAccountName,LastLogonDate, DistinguishedName |
Out-String

Below you have now an array of your OUs. Please try whether that works for you now.
$OUs= #(
“OU=Test1,OU=Test1,OU=Test1,OU=Test1,OU=All Users,DC=domain,DC=local",
"OU=Test2,OU=Test2,OU=Test2,OU=All Users,OU=Test2,DC=domain,DC=local",
"OU=Test3,OU=Test3,OU=Test3,OU=All Users,OU=Test3,DC=domain,DC=local",
"OU=test4,OU=test4,OU=test4,OU=All Users,OU=test4,DC=domain,DC=local",
"OU=Test5,OU=test5,OU=Test5,OU=All Users,OU=test5,DC=domain,DC=local”
)
I would also suggest to break your line after every pipe in order to cut the line. That makes it far easier to read for you, plus your colleagues.
$OUs | ForEach-Object
{
Get-ADUser -Filter {Enabled -eq $TRUE} -SearchBase $_ -Properties Name,SamAccountName,LastLogonDate |
Where-Object {($_.LastLogonDate -lt (Get-Date).AddDays(-7)) -and ($_.LastLogonDate -ne $NULL)}
} |
Sort LastLogonDate |
Format-Table -Property Name,SamAccountName,LastLogonDate, DistinguishedName |
Out-String

You mention cycling through your domain controllers, but then you go on to ask about OUs. I suspect you want DC's, because each DC might have a different Last Logon Time for the user.
You can omit the -SearchBase and search all OU's, if you're looking to get this data for all users.
$Domains = Get-ADDomainController -Filter * #Note, this shows all DCs- you may have some without ADWS Installed, which won't handle the WHERE.
foreach ($domain in $Domains) {
Get-ADUser -Filter {Enabled -eq $TRUE} -Server $domain -Properties Name,SamAccountName,LastLogonDate |
Where {($_.LastLogonDate -lt (Get-Date).AddDays(-7)) -and ($_.LastLogonDate -ne $NULL)} |
Export-CSV -Path 'UsersNotRecentlyLoggedIn.CSV' -Append
}
If you only want one DC, but all OUs
$Domains = Get-ADDomainController -Discover -Service ADWS
foreach ($domain in $Domains) {
Get-ADUser -Filter {Enabled -eq $TRUE} -Server $domain -Properties Name,SamAccountName,LastLogonDate |
Where {($_.LastLogonDate -lt (Get-Date).AddDays(-7)) -and ($_.LastLogonDate -ne $NULL)} |
Export-CSV -Path 'UsersNotRecentlyLoggedIn.CSV' -Append
}

Sorting Get-ADUser output by password expiry date

I am running a powershell script to get AD users and their password expiration date. I would like to sort the output based on their password expiration date.
Here is the script:
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} `
-Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname", #{
Name="ExpiryDate";
Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}
} > result.txt
How can I sort/display the result by the ExpiryDate field?

Use the sort-object cmdlet on the Get-ADUser output like this:
| Sort-Object -property ExpiryDate
So the whole thing would look like this:
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} `
-Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname", #{
Name="ExpiryDate";
Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}
} |
Sort-Object -property ExpiryDate > result.txt

Get-ADUser CSV file disabled true and false filter

The script below works as is, I need to add the enabled -eq $true piece so I can audit the user list to see if they are also enabled (not just disabled). I have tried various ways and the scripted error out. Can anyone help?
$userID = Import-Csv "c:\users.csv"
foreach ($user in $userID) {
$employeeID = $user.employeeID
Get-ADUser -Filter {employeeID -eq $employeeID -and Enabled -eq $false} -Properties displayName,employeeID,mail,intelOwnerID,title,"msDS-UserPasswordExpiryTimeComputed","lastLogon" |
select "Displayname", "Enabled",
#{n="PasswordExpiryDate";e={[DateTime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}},
#{n='LastLogon';e={[DateTime]::FromFileTime($_.lastLogon)}},
SamAccountName, employeeID, mail, intelOwnerID, title |
Export-Csv -Append "c:\temp\usersacct.csv"

To get both enabled and disabled users that are listed in your .csv you just need to stop filtering on Enabled -eq $false. Just change this line:
Get-ADUser -Filter {employeeID -eq $employeeID -and Enabled -eq $false} -Properties displayName,employeeID,mail,intelOwnerID,title,"msDS-UserPasswordExpiryTimeComputed","lastLogon" |
to
Get-ADUser -Filter {employeeID -eq $employeeID} -Properties displayName,employeeID,mail,intelOwnerID,title,"msDS-UserPasswordExpiryTimeComputed","lastLogon" |

Powershell script for listing specific expiring accounts

I am a bit of a powershell novice so any help is greatly appreciated. I am using the following script to get and export a list of AD accounts that are expiring, that match the specific description item. I have not been able to get it to successfully include the expiration date. This is the script as it currently works.
$users = Get-QADUser -SizeLimit 10000 -SearchRoot 'company.com/employees' -IncludedProperties "description" | where {$_.description -like "non-company*" }
#(foreach($user in $users)
{
$user | Select-Object DisplayName,LogonName,description
}) | export-Csv "C:\Users\svcacct\Documents\Steve Test Scripts\test.csv" -noType
I have tried adding -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} but it just fails.
Thanks for your help.

You can try this:
Import-Module ActiveDirectory
$users = Get-ADUser -Filter {(Enabled -eq $True -and PasswordNeverExpires -eq $False) -and (Description -like "non-company*")} -SearchBase "OU=employees,DC=Company,DC=com" -Properties Description,DisplayName,sAMAccountName
#(ForEach($user In $users){
$user | Select-Object DisplayName,sAMAccountName,Description
}) | Export-Csv "C:\Users\svcacct\Documents\Steve Test Scripts\test.csv" -noType