I am hoping someone can help me here. I was able, thanks to help of Google, find a PowerShell script online that displayed all empty DLs in our environment since we are trying to do a cleanup. Here is that script:
Get-DistributionGroup -ResultSize Unlimited |? {!(Get-DistributionGroupMember $_.PrimarySMTPAddress).Count} | select DisplayName,PrimarySMTPAddress | Export-Csv DLsToRemove3.csv
I added an Export-Csv to it in order to get the list into a file. I started looking through the list and noticed that some of the DLs listed actually have one member in them. At this point I tried to run another script against my CSV file to get a list of any if the DLs with one member in it and the that one member. Here is that script:
Import-Csv "C:\Users\177626\DLsToRemove3.csv" | foreach {$Group=$_.PrimarySmtpAddress; Get-DistributionGroupMember -Identity $Group | select #{Name="Group";Expression={$Group}}, DisplayName | Export-Csv Members.csv -NoType}
When I ran that, there was no information at all populating in my CSV. I am looking for help with either being able to add the second step to the first step and combine both scripts into one or at least being able to get the second script to work to view the DLs with that one member in them.
Thanks!
This never failed me to get the empty DL's
$emptyGroups = foreach ($grp in Get-DistributionGroup -ResultSize Unlimited) {
if (#(Get-DistributionGroupMember –Identity $grp.DistinguishedName -ResultSize Unlimited).Count –eq 0 ) {
[PsCustomObject]#{
DisplayName = $grp.DisplayName
PrimarySMTPAddress = $grp.PrimarySMTPAddress
DistinguishedName = $grp.DistinguishedName
}
}
}
$emptyGroups | Export-Csv 'C:\Users\177626\DLsToRemove4.csv' -NoTypeInformation
The #() forces the Get-DistributionGroupMember results into an array to get an accurat .Count property
Try this instead.
Get-DistributionGroup -ResultSize Unlimited | ? { (Get-DistributionGroupMember $_.PrimarySMTPAddress | Measure-Object).Count -eq 0 } | select DisplayName,PrimarySMTPAddress | Export-Csv DLsToRemove3.csv
Measure-Object is more reliable when counting objects in an array.
There's the attribute msExchGroupMemberCount which is maintained by Exchange, so a quicker way is to filter on that attribute using get-adgroup.
get-adgroup -Filter "msExchGroupMemberCount -eq 0" -Properties DisplayName,mail | select DisplayName,mail
Related
I've been writing powershell since powershell 2, and I've run into something odd I've never seen before.
$groups = get-adgroup -filter {name -like 'SomeGroup*'} | select name | sort name
foreach ($group in $groups){
$groupsid = $group.name
write-host $groupsid
Get-ADGroupMember $groupsid | select name | sort name
write-host "`n`n"
}
The get-adgroupmember in the foreach loop is only enumerating members in certain groups and not in others.
If "$groupsid" = "DeveloperGroup" and I use
get-adgroupmember DeveloperGroup | select name | sort name in the shell,
then I get back what I expected to see: a list of group members. But for several groups that are enumerated by the first line, I get nothing back when the exact same cmdlet is executed within the foreach loop. I know some of the cmdlets are still a little buggy, just no idea why this is being intermittent in what the loop decides to fetch.
I have edited few lines of your cmdlet and it is working fine for me. Please use the below formatted PowerShell command to get your desire output.
$groups = get-adgroup -filter {name -like 'Group*'} | sort name
$results = foreach ($group in $groups) {
Get-ADGroupMember $group | select samaccountname, name, #{n='GroupName';e={$group}}, #{n='Description';e={(Get-ADGroup $group -Properties description).description}} | sort name
}
$results
$results | Export-csv C:\GroupMemberShip.txt -NoTypeInformation
#Doug Maurer comment is helpful and may be part of the issue.
Another problem: avoid using the name of the group.
Either use the group object directly as input of the Get-ADGroupMember cmdlet like below, or use the DistinguishedName property of the group.
foreach ($group in $groups){
Get-ADGroupMember $group | select name | sort name
write-host "`n`n"
}
I have the following script, already working well:
$mailboxes = Get-Content "D:\powershell\Permmisions\mailboxes.txt"
foreach ($user in $mailboxes){
get-mailboxpermission -identity $user -ResultSize Unlimited |
where {$_.user -notlike "*NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} |
select #{Name="Displayname"; Expression={(Get-Recipient $_.user.ToString()).Displayname.ToString()}}, #{Name="primarysmtpaddress"; Expression={(Get-Recipient $_.user.ToString()).primarysmtpaddress.ToString()}}, user, #{Name="AccessRights";Expression={$_.AccessRights}} | Export-Csv "D:\powershell\Mailboxes\Mailbox_Permmisions.csv" -Append
}
Output on the csv, looks like this:
What i wish to do next is to add three more columns to the CSV output:
Member user`s - samaccountname
Shared/Target Mailbox`es - Display Name
Shared/Target Mailbox`es - Smtp Address
Target Mailbox = Mailbox id i read from mailboxes.csv file, on the start of the script.
Thanks in advance , everyone's help is most appreciate.
You're going to have add more properties to the psobject and query the data via the Get-Mailbox cmdlet.
You're already doing something similar here:
#{Name="Displayname"; Expression={(Get-Recipient $_.user.ToString()).Displayname.ToString()}}
I am trying to create a script to take care of a repetitive task I have. Basically I need to get the person's ID that manages a particular folder.
My first script tells me the various security groups assigned to a specified folder. The second script takes a specified AD group and tells me who manages it. Ideally I want to just run the script, input my folder name and have it tell me who manages the various AD groups assigned. I can then go and do the rest. But I am having an issue with the output of the first script. I have it so it displays in the console correctly, but I cannot figure out how to get those results into the filter in the second script.
Script one:
$FN = Read-Host -Prompt "Please enter Folder name"
$ADG = (Get-Acl $FN).Access |
Select IdentityReference |
Where-Object IdentityReference -like '*SL*'
foreach ($ACL in $ADG) {
$Group.Fullname + ($ACL.IdentityReference.Value.Split('\'))[1] | Out-String
}
Script two:
Get-ADGroup -Filter {Name -like "use output here"} -Properties managedby |
Select managedby
I would be most appreciative of any assistance. ESPECIALLY if I am barking up the wrong PowerShell command! My first foray into using multiple queries in a script.
It's not quite clear to me what the $Group.Fullname + (...)[1] | Out-String is supposed to do, but assuming that you want to run the second command for each identity reference from your first command you could do something like this:
Get-Acl $FN |
Select-Object -Expand Access |
Select-Object -Expand IdentityReference |
Where-Object { $_.Value -like '*SL*' } |
ForEach-Object {
$name = $_.Value.Split('\', 2)[-1]
Get-ADGroup -Filter "Name -like '*${name}*'" -Property ManagedBy
} |
Select-Object -Expand ManagedBy |
Get-ADUser
I've put together a simple script to output a list of computers that are members of AD groups for WSUS Patching. The problem is that when I use this list of computer names to compare in Excel, there are a load of spaces/tab in the results. I don't want to have to manually edit the results, so I was wondering if there was a more graceful way to do this within the script?
$groups = Get-Content D:\WSUS\grouplist.txt
$result =#()
foreach($group in $groups){$result += Get-ADGroupMember $Group | select name}
$result | Out-File D:\WSUS\WSUS-All-AD-Members.txt
I've had a look at other options, but can't seem to get something that works.
Thanks a lot
Fixed it, added the -ExpandProperty option....
$groups = Get-Content D:\WSUS\grouplist.txt
$result =#()
foreach($group in $groups){$result += Get-ADGroupMember $Group | select -ExpandProperty name}
$result | Out-File D:\WSUS\WSUS-All-AD-Members.txt
I Am trying to get a csv of computers that are in a security group "Security Group A" and then filter based on LastlogonTimestamp so that any computers that haven't logged on for 60 days will not be in the result. I have tried a few different ways but i am not having any luck.
I was wondering if anybody can assist.
Currently I have tried
`$lastlogon = (get-date).adddays(-60).ToFileTime()
Get-ADGroupmember "Security Group A" | Select Name
I am not sure how I can pipe this out from here. I have tried using a variable of $comp but i get an error about not being an ad object but rather a system object.
The other option is
$lastlogon = (get-date).adddays(-60).ToFileTime()
Get-ADGroup "Security Group A" -properties members | %{$_.members} | %{get-adcomputer $_ |select name | out-file C:\temp\output.csv
With the last one i have tried to add
-filter {Lastlogontimestamp -gt $lastlogon}
after the $_ and before but that seems to return an empty CSV (i know there are results).
I am doing something wrong...any ideas?
Thanks
Try this
[DateTime]$lastlogon = (get-date).adddays(-60).ToFileTime()
$Computers = Get-ADGroupmember "Security Group A" | Select-Object Name,#{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}}
$Computers | where {$_.lastLogonTimestamp -gt $lastlogon} | select name | out-file C:\temp\output.csv -Force
Tested with a Distribution Group, but should also work in a security group