In Azure AAD, I want to use Powershell to clear the value for a user's extension attribute named "employeeId". When I try to Set-AzureAdUserExtension to $null or "", it gives a binding error. Will Remove-AzureAdUserExtension do this? All the help files, docs and internet searches about this command say that it "Removes a user extension from Azure Active Directory". I'm pretty sure that means it will clear the attribute value for one user, as I want. But I'm afraid it might try to remove the user extension attribute from the schema, which is absolutely what I don't want.
Please help me confirm this command's effect before I blow up my customer's directory.
It will just remove the attribute value for one user, rather than remove the user extension attribute from the schema, feel free to use it.
Test sample:
Get-AzureADUserExtension -ObjectId <user-object-id>
Remove-AzureADUserExtension -ObjectId <user-object-id> -ExtensionName employeeId
Related
First of all, i'm sorry if this question has been posted before.
I couldn't seem to find and answer we could work with, so here goes..
Backstory:
Every 90 days all password of the NT-accounts will expire.
The office staff gets a notification when they're signing in into Windows 10.
However our iPad users (salesmen and technicians who are on the road) don't get a notification about the expiration.
They use an app which requires a NT-account to sign into our sales system.
Now we've found a Powershell script which would e-mail the user about the expiration of his password, but unfortunately we keep getting the following error:
"The parameter "testing" is declared in parameter-set "__AllParameterSets" multiple times."
As we do not have any Powershell programming skills, we have no idea what going wrong in the script.
Could you guys help us?
The following script is being used (ofcourse edited with our SMTP server and e-mail addresses).
https://gallery.technet.microsoft.com/scriptcenter/Password-Expiry-Email-177c3e27
Much obliged :-)
the code you 1st linked to never, EVER mentions parameter sets. not once. [grin]
the code in your 2nd link mentions it # 106 = __AllParameterSets.
that it IS NOT a parameter set attribute, but is some "other thing". it looks like a call to something in python.
there is no other mention anywhere in your linked code of that __AllParameterSets thing.
so, the fix is to remove it OR to rename it something that does not use a powershell keyword. [grin]
I would like to update the netbootmachinefilepath attribute after clearing it.
Because this attribute can be either non blank or deleted, I need to create it again after the value has been "cleared" because "clearing" it actually deletes it.
How can I recreate this attribute using Powershell?
I was hoping there would be something like
$directoryEntry.Properties.Create("netbootmachinefilepath")
$directoryEntry.CommitChanges()
EDIT Due to software issues on our servers I'm not able to use the ActiveDirectory module.
This should work no matter the attribute has or does not have a value before.
$directoryEntry.Properties["netbootmachinefilepath"].Value = "yourvalue"
$directoryEntry.CommitChanges()
Even $directoryEntry.Properties.Contains("netbootmachinefilepath") is false
$directoryEntry.Properties["netbootmachinefilepath"] will never return null. It return an empty PropertyValueCollection.
Tested the code above and it successfully set the value, even it has no value before.
I need to create entry to Windows Event Log (e.g. application log). I know how to do all the stuff beside filling in the user who performed the action.
Example:
I need to create a script, that writes some message into application log. I used this tutorial, which worked fine: http://blogs.technet.com/b/heyscriptingguy/archive/2013/06/20/how-to-use-powershell-to-write-to-event-logs.aspx
But I am not able to influence the "user". When adding entry in windows log, it always fills "User: N/A".
Any idea how to pass "user" argument to the "write-eventlog" cmdlet?
Thank you for your help.
Even though (as far as I'm aware) Write-EventLog does not provide an option to write directly to the "User" field, you have two workarounds:
Use built-in standalone exec "EventCreate.exe" (type in eventcreate /? to see the manual)
This one does support providing the username field. I'm not sure, but it may require a password for that user too.
Second workaround would be to pass $env:USERNAME to the "message" field of Write-EventLog. This way you will still obtain the environment's current user.
I hope that helped.
I have a problem with some old apps and I need to set an environment variable from AD (hurray)
I'm quite new to PS scripting, so I can use some help.
In my AD I have filled the attribute departmentNumber with information, that part works fine.
Now I need to create a logon script which reads this field from the current user (attribute: departmentNumber, derived from: inetOrgPersonUser) and set this as an environment variable called AFDELING.
I know this can be done using a VB script, but I prefer PS. Can anyone help me with this one?
Thanks in advance for your help,
Peter
Working with environment variables in PowerShell involves the special variable $Env and unfortunately you need to use a .NET method to set environment variables as no cmdlet exists (at least as of v2):
[Environment]::SetEnvironmentVariable("AFDELING", "DeptNo", "User")
The first string parameter is the variable name, the second is the value and the third is basically the persistance level requested for the variable: Machine, User or Process - both machine and user will survive a reboot and future applications will have access to them, though you will need to be running PowerShell with an administrative account to modify the machine-level variables.
Getting the user info should be equally easy. There are a variety of ways that you can access Active Directory, though one of the simplest in your case would be to use the System.DirectoryServices.DirectoryEntry class:
$de = New-Object System.DirectoryServices.DirectoryEntry
$DeptNo = $de.Properties["departmentNumber"]
That should query the current user record from a domain controller, and assign the value from the departmentNumber attribute to the $DeptNo variable. You can then just pop that variable into the second parameter from the first example.
When I run get-user|get-member in powershell with the exchange add-in I noticed there is no description property.
Does anyone know if it has been renamed to something else or another way of accessing it?
If you aren't looking to change the description this should work:
[PS] C:\>$ANR = "testuser#example.com"
[PS] C:\>$foo = [adsi]("LDAP://" + (get-user $ANR).DistinguishedName)
[PS] C:\>$foo.description
My Description
If you are wanting to edit, you will need to get further into System.DirectoryServices & look at how to write objects back to AD. It would likely be simpler to use quest of another package that does some wrapping. If you want to roll your own there are gobs of blogs on AD programming in Powershell.
Exchange itself provides minimal interaction with AD - essentially, it gives you some AD stuff because AD and Exchange are so connected, but it doesn't try to expose all of AD's functionality.
Check out quest.com/powershell; that is an add-in library (it's free), and it has a cmdlet called Get-QADUser which will get you what you need - somewhat more easily, and in a more PowerShell-ish fashion, than using ADSI (which is also completely legit for what you're after).
get-user? do you mean get-qaduser from the quest cmdlet suite?
if so, I believe not all properties are retrieved by default. There's an -Include parameter that lets you specify additional properties to retrieve from AD, IIRC.
It works on the console; however in the CSV file, it keeps appending
System.DirectoryServices.PropertyValueCollection
to the end of each line instead of the value
When I run it on the prompt by typing out the distinguishedname, the ldap query works..
$tmp =adsi
$tmp.description
bill
any ideas?
solved it.. its just $tmp.description.value