the following code should work for prepend an additional description before the current content but how to do the same for every user belong to specific OU? Any suggestion?
get-aduser USERNAME -properties Description | ForEach-Object { Set-ADUser $_ -Description "additional data - $($_.Description)"}
Thanks!!!
get-aduser -filter * -properties Description -searchbase "DistinguishedName_to_OU_containing_Users" | ForEach-Object { Set-ADUser $_ -Description "additional data - $($_.Description)"}
You need the -searchbase parameter to narrow down your focus
Related
I have a problem with a simple script. I need to copy attributes (STATE to CITY) on all users in my OU. I found this script, but there is an error somewhere.
Could someone help me with this?
Get-ADUser -Filter * -SearchBase "MY OU" -Properties city, state |
ForEach-Object {
Set-ADObject -Identity $_.DistinguishedName ` -Replace #{city=$($_.state)}
}
Command to grab all users where state has a value (a precaution to avoid attempting to use null values which Replace will not accept) and write that value into the city attribute (L)
PS> Get-ADUser -SearchBase "ou=test accounts,dc=domain,dc=ccTLD" -LDAPFilter '(st=*)' -Properties city, state | Select-Object * | ForEach-Object {Set-ADObject -Identity $_.DistinguishedName ` -Replace #{l=$($_.state)}}
I am new to powershell and need to search for special accounts like a developer (dev-) or admin (ad-), strip the prefix off and see if that user has an account (sAMAccountName)
Below, I am able to serach and get all the special account from my domain, but I need to script the entire process so I only get back the special accounts that do not have regular user accounts.
ForEach ($acct in "Dev-*","dev-*","rl-*","cafe-*","dev-dev-*","ad-*", `
"sa-*","AD-*","ir-*","tst-*","o365-*","te-*","la-*","vmtest-*", `
"mtep-*","EIM-*","GRT*","cbl-","DS-*","fim-*") {
Get-ADUser -Filter {sAMAccountName -like $acct} -SearchBase "DC=xxx,DC=xxx,DC=com" `
-Properties sAMAccountName | Select sAMAccountName
}
It's not pretty, but you could remove the prefix for the username that you find and search for that user. If nothing returns (no match), continue with the dev-account, else drop it. Ex:
ForEach ($acct in "Dev-*","dev-*","rl-*","cafe-*","dev-dev-*","ad-*", "sa-*","AD-*","ir-*","tst-*","o365-*","te-*","la-*","vmtest-*", "mtep-*","EIM-*","GRT*","cbl-*","DS-*","fim-*") {
Get-ADUser -Filter {sAMAccountName -like $acct} -SearchBase "DC=xxx,DC=xxx,DC=com" |
Where-Object {
$prefix = $acct.Replace("*","")
$user = $_.sAMAccountName.Replace($prefix,"")
if(-not(Get-ADUser -Filter {sAMAccountName -eq $user} -SearchBase "DC=xxx,DC=xxx,DC=com")) {
#Throw user further down the pipeline
$_
}
} |
Select sAMAccountName
}
We are looking to create a Powershell script that will automatically sort our user base by Country Code into two AD groups, one for English speakers, and one for French speakers. We are having challenges in getting this to work.
Each account should only be on one list, based on their country. The original source list of members for our list is Staff All, and we are looking into having two groups, one called Staff All EN, and the other called Staff All FR. It should also be able to exclude those in a Disabled OU for accounts that are no longer valid. (see below)
This is what we have so far:
$frenchCC = Get-Content .\CCFrench.txt
$staffAll = "CN=Staff-ALL,OU=Internal,OU=DistributionLists,OU=SFCG,DC=sfcg,DC=org"
$staffAllEn = "CN=Staff ALL EN,OU=Internal,OU=DistributionLists,OU=SFCG,DC=sfcg,DC=org"
$staffAllFr = "CN=Staff ALL FR,OU=Internal,OU=DistributionLists,OU=SFCG,DC=sfcg,DC=org"
$Target = Get-ADGroupMember -Identity $staffAll
We have tried several different approaches. The idea is to populate the French list from the AD based on the country code list. Populate the Staff-EN by copying the Staff-ALL list and then removing everyone in the French list.
And somewhere in the process, Remove everyone who is in HR-Disabled.
foreach ($Person in $Target) {
Add-ADGroupMember -Identity $staffAllEn -Members $Person.distinguishedname -confirm:$false
}
foreach ($Country in $frenchCC) {
Add-ADGroupMember -Identity $staffAllFr -Members (Get-ADUser -Filter '"$country"' -eq '") -confirm:$false
}
foreach ($Country in $frenchCC) {
Remove-ADGroupMember "Staff-ALL-EN" -Members (Get-ADUser -Filter $Country) -confirm:$false
}
$searchOU = Specify the OU where your groups are here (OU=Groups,DC=domain,DC=local)
Get-ADGroupMember Staff-ALL-EN -Properties Disabled | Remove-ADGroupMember Staff-ALL-EN
Get-ADGroupMember Staff-ALL-FR -Properties Disabled | Remove-ADGroupMember Staff-ALL-FR
In the source file for the country code, we have put the country codes in single quotes, double quotes and no quotes. with no difference.
This has really caught us in a pickle. Any suggestions would be appreciated.
I was able to work on the following for Brad, but I am not being able to make it run for each line in the text files (ex: multiple country codes). Anyone know what to change?
$frenchCC = Get-Content .\Countries.txt
$OUs = Get-Content .\OUs.txt
$userListFR = Get-ADUser -Filter {country -eq $frenchCC} -SearchBase $OUs -SearchScope OneLevel
$userListEN = Get-ADUser -Filter {country -ne $frenchCC} -SearchBase $OUs -SearchScope OneLevel
foreach($user in $userListFR) {add-adgroupmember "Staff-ALL-FR" -Members $user}
foreach($user in $userListEN) {add-adgroupmember "Staff-ALL-EN" -Members $user}
I have been searching everywhere, and have tried many different combinations, but I can't seem to figure out how to get the "Job title" from the organization part of AD.
Here are a few things that I have tried
get-aduser -Filter * -SearchBase "Bob.Barker" -Properties sAMAccountName,Title
Get-ADUser -identity "Bob.Barker" -Filter * -Properties title | group title -NoElement
Also, as a bonus question how would you set the job title.
Thank you all for your assistance.
In your example, if the user's username is Bob.Barker then use this:
get-aduser -Filter {samAccountName -eq "Bob.Barker"} -Properties sAMAccountName,Title
or if surname is Barker
get-aduser -Filter {sn -eq "Barker"} -Properties sAMAccountName,Title
(old thread I'm aware, I'm just happy I know the answer to some of these questions - hopefully help out the next guy/gal that needs this reference quickly)
These chunks of powershell are correct:
get-aduser -Filter {samAccountName -eq "Bob.Barker"} -Properties sAMAccountName,Title
(looking up by SamAccountname, a little more accurate)
get-aduser -Filter {sn -eq "Barker"} -Properties sAMAccountName,Title
(Looking up by surname/lastname, if you have a big AD you'll have a lot of results to go through)
The other question above was
Also, as a bonus question how would you set the job title.
Here it is below:
Get-aduser -identity bob.barker | set-aduser -replace #{title="New Job Title"} -whatif
I like using the -whatif, just in case something goes terribly wrong and I make the CEO the janitor or something.
And here you commit it: Notice, you find the user first with get-aduser, then in the pipe |, you set-aduser with the new value between the #{} braces
Get-aduser -identity bob.barker | set-aduser -replace #{title="New Job Title"}
And here's a bonus answer. If you want to export a whole bunch of users with the same title who need a new title, export your search results into a CSV:
Get-Aduser -filter 'Title -like "Old Job Title"' -Properties * | select samaccountname | Export-csv "C:\some_path\change_these_titles_samaccountnames.csv"
The exported CSV will only have the SamAccountnames that match that job title you're looking for (in this case "Old Job Title").
Now, create a few $variables to store the new job title, the CSV to import, and the samaccountname, and a for-loop to look at the CSV File.
$Set_Title=Import-CSV "C:\some_path\change_these_titles_samaccountnames.csv"
$New_Title="New Title for everyone in CSV file"
foreach ($User in $Set_Title) {
$User.sAMAccountName
Set-ADUser -Identity $User.sAMAccountName -Title $New_Title
}
you could even put a count variable outside the for-loop to show how many users were updated:
$total = ($Set_Title).count
$total
Write-Host "AD User Titles have been updated..."
Hope this helps the next person out!
Use this to get all the information you need, like title related or organizational info
Get-ADUser -Filter {samAccountName -like "*bla*"} -Properties *
I am trying to get the list of a specific user’s groups and the groups’ descriptions using PowerShell.
import-module activedirectory
$username = Read-Host 'Please enter Username!'
Get-ADPrincipalGroupMembership $username | select name, description
The description field returns blank.
From Get-ADPrincipalGroupMembership manual:
The Get-ADPrincipalGroupMembership cmdlet returns a default set of ADGroup property values. To retrieve additional ADGroup properties pass the ADGroups objects produced by this cmdlet through the pipline to Get-ADGroup. Specify the additional properties required from the group objects by passing the -Properties parameter to Get-ADGroup.
So, let’s do it!
import-module activedirectory
$username = Read-Host 'Please enter Username!'
Get-ADPrincipalGroupMembership $username | Get-ADGroup -Properties * | select name, description
Also, in this case it should be enough to specify name,description instead of asterisk (*). If this is a performance issue, replace it. I am leaving it at asterisk because you might later change your mind about which properties you need.
Here is a simple but effective script to get AD Group info.
Get-ADGroup -filter * -Properties * | Select Name,GroupCategory,Description | Export-Csv D:\Test\SecurityGroups.csv
Just add or remove the attributes you would like to see in the Select area. To see a list of usable attributes you can do something like this:
Get-ADGroup -filter * -Properties * | Where-Object {$_.Name -eq 'DHCP Users' }
Get-ADPrincipalGroupMembership should work but fails if any group has a NAME containing '/' (which is a legal character in names as far as I understood the MS AD documentation).
This forces a heavy workaround:
$Groups = (Get-ADUser -identity $TemplateUserName -server $TemplateUserDomain -Properties MemberOf|select memberof).MemberOf|Get-ADGroup -Server :3268
foreach ($Group in $Groups)
{
Write-Output $Group.Name
}
Notice I use a domain search for the user's properties and then a search in global catalog
(-server :3268) for each group. Else you eventually won't get all of the user's groups or you'll get an error if any group belongs to a different domain than the user.
For a list of groups a user is member of:
(get-aduser NameOfTheUser -properties *).memberof
For Users
Get-ADUser -Filter {name -eq $username} -Properties * | select name,description
For Groups
Get-ADGroup -Filter {displayname -eq $groupname} -Properties * | select name,description