I am trying to delegate control of specific OU to admin group for those attributes:
msRTCSIP-PrimaryUserAddress
ProxyAddresses
msRTCSIP-Line
However, this attributes are NOT listen in Active Directory Delegation Wizard.
I tried to find another way to do that with Powershell here. But i can't figure out how to set or pass those attributes in the command line.
Any help would be appreciated.
Related
I using the TimeBasedGroupmemberships in Active Directory for pretty much everything. For example I want to add the User "MrJones" to the mailbox "Daily.News#contoso.com" until 08/31/2022, so I use the following command: TimeBasedGroupmembership mrjones Daily.News 08 31 2022
In this case I created the AD-Group "Daily.News" with full access to the mailbox. That works very well so far. So for automapping the mailbox to the users Outlook, I add the distinguishedName from the user by hand in the Attribute Editor under msExchDelegateListLink.
Is there any opportunity to create a powershell command, ideally a combined one, to do that automatically? So that it is automatically set and remove.
In Azure AAD, I want to use Powershell to clear the value for a user's extension attribute named "employeeId". When I try to Set-AzureAdUserExtension to $null or "", it gives a binding error. Will Remove-AzureAdUserExtension do this? All the help files, docs and internet searches about this command say that it "Removes a user extension from Azure Active Directory". I'm pretty sure that means it will clear the attribute value for one user, as I want. But I'm afraid it might try to remove the user extension attribute from the schema, which is absolutely what I don't want.
Please help me confirm this command's effect before I blow up my customer's directory.
It will just remove the attribute value for one user, rather than remove the user extension attribute from the schema, feel free to use it.
Test sample:
Get-AzureADUserExtension -ObjectId <user-object-id>
Remove-AzureADUserExtension -ObjectId <user-object-id> -ExtensionName employeeId
I need to create entry to Windows Event Log (e.g. application log). I know how to do all the stuff beside filling in the user who performed the action.
Example:
I need to create a script, that writes some message into application log. I used this tutorial, which worked fine: http://blogs.technet.com/b/heyscriptingguy/archive/2013/06/20/how-to-use-powershell-to-write-to-event-logs.aspx
But I am not able to influence the "user". When adding entry in windows log, it always fills "User: N/A".
Any idea how to pass "user" argument to the "write-eventlog" cmdlet?
Thank you for your help.
Even though (as far as I'm aware) Write-EventLog does not provide an option to write directly to the "User" field, you have two workarounds:
Use built-in standalone exec "EventCreate.exe" (type in eventcreate /? to see the manual)
This one does support providing the username field. I'm not sure, but it may require a password for that user too.
Second workaround would be to pass $env:USERNAME to the "message" field of Write-EventLog. This way you will still obtain the environment's current user.
I hope that helped.
I have a problem with some old apps and I need to set an environment variable from AD (hurray)
I'm quite new to PS scripting, so I can use some help.
In my AD I have filled the attribute departmentNumber with information, that part works fine.
Now I need to create a logon script which reads this field from the current user (attribute: departmentNumber, derived from: inetOrgPersonUser) and set this as an environment variable called AFDELING.
I know this can be done using a VB script, but I prefer PS. Can anyone help me with this one?
Thanks in advance for your help,
Peter
Working with environment variables in PowerShell involves the special variable $Env and unfortunately you need to use a .NET method to set environment variables as no cmdlet exists (at least as of v2):
[Environment]::SetEnvironmentVariable("AFDELING", "DeptNo", "User")
The first string parameter is the variable name, the second is the value and the third is basically the persistance level requested for the variable: Machine, User or Process - both machine and user will survive a reboot and future applications will have access to them, though you will need to be running PowerShell with an administrative account to modify the machine-level variables.
Getting the user info should be equally easy. There are a variety of ways that you can access Active Directory, though one of the simplest in your case would be to use the System.DirectoryServices.DirectoryEntry class:
$de = New-Object System.DirectoryServices.DirectoryEntry
$DeptNo = $de.Properties["departmentNumber"]
That should query the current user record from a domain controller, and assign the value from the departmentNumber attribute to the $DeptNo variable. You can then just pop that variable into the second parameter from the first example.
When I run get-user|get-member in powershell with the exchange add-in I noticed there is no description property.
Does anyone know if it has been renamed to something else or another way of accessing it?
If you aren't looking to change the description this should work:
[PS] C:\>$ANR = "testuser#example.com"
[PS] C:\>$foo = [adsi]("LDAP://" + (get-user $ANR).DistinguishedName)
[PS] C:\>$foo.description
My Description
If you are wanting to edit, you will need to get further into System.DirectoryServices & look at how to write objects back to AD. It would likely be simpler to use quest of another package that does some wrapping. If you want to roll your own there are gobs of blogs on AD programming in Powershell.
Exchange itself provides minimal interaction with AD - essentially, it gives you some AD stuff because AD and Exchange are so connected, but it doesn't try to expose all of AD's functionality.
Check out quest.com/powershell; that is an add-in library (it's free), and it has a cmdlet called Get-QADUser which will get you what you need - somewhat more easily, and in a more PowerShell-ish fashion, than using ADSI (which is also completely legit for what you're after).
get-user? do you mean get-qaduser from the quest cmdlet suite?
if so, I believe not all properties are retrieved by default. There's an -Include parameter that lets you specify additional properties to retrieve from AD, IIRC.
It works on the console; however in the CSV file, it keeps appending
System.DirectoryServices.PropertyValueCollection
to the end of each line instead of the value
When I run it on the prompt by typing out the distinguishedname, the ldap query works..
$tmp =adsi
$tmp.description
bill
any ideas?
solved it.. its just $tmp.description.value