I'm trying to write a script that will log out users which don't have specific process running in their session.
I guess the workflow should look like:
Get usernames of all the users logged in, get list of all the processes runnning on the workstation, check if X process is running for Y user, if not, then log user Y out.
So far i managed to create object with all the users currently logged in:
((quser) -replace '^>', '') -replace '\s{2,}', ',' | ConvertFrom-Csv
And list of all the processes running with usernames:
get-process -IncludeUserName
I believe foreach with if inside should do the job, but I can't quite get my head around it. I would appreciate any help.
Thanks!
edit:
$process = get-process -IncludeUserName|Where-Object{
($_.ProcessName -Like "processIneed1*") -or
($_.ProcessName -Like "processIneed2*") -or
($_.ProcessName -Like "processIneed") -or
($_.ProcessName -like 'processIneed3*') -and
($_.username -notlike '*userIwantToSkip1*') -and
($_.username -notlike '*userIwantToSkip2*')
}
$users = Get-RDUserSession | Where-Object -Property UserName -NE 'administrator'
$ActiveUsers = $users.username
foreach ($ProcUser in $process.username){
foreach ($ActiveUser in $ActiveUsers){
if ($ProcUser -like "*$ActiveUser*"){
$ActiveUsers = $ActiveUsers -notlike "*$ActiveUser*"
}
}
}
in $activeusers we are left with inactive users.
I will most likely change username to session ID and check it this way.
Next step will be logging off disconnected users.
$process = get-process -IncludeUserName|Where-Object{
($_.ProcessName -Like "processIneed1*") -or
($_.ProcessName -Like "processIneed2*") -or
($_.ProcessName -Like "processIneed") -or
($_.ProcessName -like 'processIneed3*') -and
($_.username -notlike '*userIwantToSkip1*') -and
($_.username -notlike '*userIwantToSkip2*')
}
$users = Get-RDUserSession | Where-Object -Property UserName -NE 'administrator'
$ActiveUsers = $users.username
foreach ($ProcUser in $process.username){
foreach ($ActiveUser in $ActiveUsers){
if ($ProcUser -like "*$ActiveUser*"){
$ActiveUsers = $ActiveUsers -notlike "*$ActiveUser*"
}
}
}
foreach ($inactiveusers in $ActiveUsers){
logoff $inactiveuser
}
Related
Basically what i'm trying to achieve here is an output with 4 column/list (in this case i'm exporting as a text)
Get-MailboxPermission gives me a property of identity, user, accessrights but it doesn't give me a property of "Manager". I need to identify where that particular user reports to. So, i tried PSCustomObject and hoping i can put the results in an array. See script below
$GETMAILBOXPERM = Get-Content C:\Users\Account\Desktop\MailboxUsers\MAILBOXESUSERS.txt | ForEach-Object {Get-MailboxPermission $_ |
where {
($_.User -notlike ‘*NT AUTHORITY*’) -and
($_.User -notlike ‘*S-1-5-21-*’) -and
($_.User -notlike ‘*NAMPRD08*’) -and
($_.User -notlike ‘*PRDTSB01*’) -and
($_.User -notlike ‘*0365Admin*’) -and
($_.User -notlike ‘*Discovery Management*’) -and
($_.User -notlike ‘*NAMPR08A005*’) -and
($_.User -notlike ‘*NT AUTHORITY*’)
}
}
$Results = foreach( $Mailbox in (get-content C:\Users\Account\Desktop\MailboxUsers\MAILBOXESUSERS.txt))
{
$Users = Get-User $Mailbox
if ($Users){
foreach ($User in $Users){
[pscustomobject]#{
DisplayName = $User.name
Account = $GETMAILBOXPERM.user
Manager = $User.manager
Access = $GETMAILBOXPERM.accessrights
}
}
}
}
$Results | Format-List -Property DisplayName, Account, Manager, Access | Out-File C:\Users\Account\Desktop\MailboxUsers\mailbox4.txt
Here's the output in text file. I get the DisplayName and Manager right but the Account and Access just doesn't seem to loop from the text file.
DisplayName : MAILBOX1
Account : {user1#domain.ca, user2#domain.ca, user3#domain.ca, user4#domain.ca...}
Manager : MANAGER1
Access : {FullAccess, FullAccess, FullAccess, FullAccess...}
DisplayName : MAILBOX2
Account : {user1#domain.ca, user2#domain.ca, user3#domain.ca, user4#domain.ca...}
Manager : MANAGER2
Access : {FullAccess, FullAccess, FullAccess, FullAccess...}
The user manager attribute is normally in ADDS, not Exchange. Yet, that text file seems to be where you are getting this from vs dynamically from ADDS.
Why are you using Format-List?
PowerShell will automatically format as a list the moment you columns exceed 5.
This is untested, since I do not have an environment to try it on, but a refactor of what you have here. Give it a shot.
$GetMailboxPerm = Get-Content -Path 'C:\Users\Account\Desktop\MailboxUsers\MAILBOXESUSERS.txt' |
ForEach-Object {Get-MailboxPermission $PSitem |
where {
($PSitem.User -notlike ‘*NT AUTHORITY*|
*S-1-5-21-*|
*NAMPRD08*|
*PRDTSB01*|*0365Admin*|
*Discovery Management*|
*NAMPR08A005*|
*NT AUTHORITY*’)
}
}
foreach( $Mailbox in (Get-Content -Path 'C:\Users\Account\Desktop\MailboxUsers\MailboxUsers.txt'))
{
$Users = Get-User $Mailbox
if ($Users)
{
foreach ($User in $Users)
{
[pscustomobject]#{
DisplayName = $User.name
Account = $GetMailboxPerm.user
Manager = $User.manager
Access = $GetMailboxPerm.accessrights
} | Out-File -FilePath 'C:\Users\Account\Desktop\MailboxUsers\mailbox4.txt' -Append
}
}
}
$computers = Get-ADComputer -Filter * -Properties * | Where-Object {$_.Name -like "LT*" -or $_.Name -like "PC*" -or $_.Name -like "MC*"} | Select name,lastlogondate
"You have [{0}] computers in domain [{1}]" -f $computers.count, (get-addomain).dnsroot
$today = Get-Date
$monthago = $today.AddDays(-30)
"Looking for systems that have not logged in since $monthago"
foreach ($computer in $computers)
{
if ($computer.lastlogondate -lt $monthago)
{"Computer [$computer] suspect"
"last logon $($computer.lastlogondate)"
""}
}
returns the following result:
Computer [#{name=lt020367; lastlogondate=10/23/2019 11:45:38}] suspect
last logon 10/23/2019 11:45:38
Can someone possibly tell me why my output is resulting in [#{ and how to resolve?
by get-adcomputer [...] | Select name,lastlogondate you are creating an object. To output properties of those objects, simply use:
"Computer [$($computer.name)] suspect"
"last logon $($computer.lastlogondate)"
By the way:
Getting all * properties is not ideal. Always filter as early as you can: -properties lastlogondate (name is always returned). Same goes for -filter "name -like 'LT*' -or name -like 'PC*' -or name -like 'MC*'".
Also be careful as lastlogondate of computer objects in AD is not synced between domain controllers.
I have two powershell scripts that revolve around abandoned accounts. These scripts should exclude six specific OUs in our environment. The first reports all accounts that will require action. The second takes action and disables the accounts based on the same criteria.
For reasons I can't figure out, the disable script is leaving behind users across multiple OUs that it is not taking action on. Any help at all will be appreciated.
Here's the reporting version:
import-module activedirectory
$datestring = Get-Date -f MM-dd-yyyy
$oldDate = [DateTime]::Today.AddDays(-45)
$OUDN1 = "OU=Resource accounts,OU=Domain Users,DC=placeholder,DC=org"
$OUDN2 = "OU=Service Accounts,OU=Domain Users,DC=placeholder,DC=org"
$OUDN3 = "OU=DO NOT DELETE,OU=Disabled Accounts,DC=placeholder,DC=org"
$OUDN4 = "CN=Users,DC=placeholder,DC=org"
$OUDN5 = "OU=User Templates,OU=Domain Users,DC=placeholder,DC=org"
$OUDN6 = "CN=Microsoft Exchange System Objects,DC=placeholder,DC=org"
Get-ADUser -filter {(Enabled -eq $True) -AND ((LastLogonDate -lt $olddate) -OR ((LastLogonDate -notlike "*") -AND (WhenCreated -lt $olddate)))} -Properties DisplayName,Name,LastLogonDate,Modified,info,description,sAMAccountName,WhenCreated | Where-Object {($_.DistinguishedName -notlike "*,$OUDN1") -and ($_.DistinguishedName -notlike "*,$OUDN2") -and ($_.DistinguishedName -notlike "*,$OUDN3")-and ($_.DistinguishedName -notlike "*,$OUDN4") -and ($_.DistinguishedName -notlike "*,$OUDN5") -and ($_.DistinguishedName -notlike "*,$OUDN6")} | Select sAMAccountName,Name,description,LastLogonDate,WhenCreated,Modified,DistinguishedName | Export-CSV c:\Reports\nolog45_$datestring.csv
And here's the action version:
import-module activedirectory
$disUsers = #()
$oldDate = [DateTime]::Today.AddDays(-45)
$OUDN1 = "OU=Resource accounts,OU=Domain Users,DC=placeholder,DC=org"
$OUDN2 = "OU=Service Accounts,OU=Domain Users,DC=placeholder,DC=org"
$OUDN3 = "OU=DO NOT DELETE,OU=Disabled Accounts,DC=placeholder,DC=org"
$OUDN4 = "CN=Users,DC=placeholder,DC=org"
$OUDN5 = "OU=User Templates,OU=Domain Users,DC=placeholder,DC=org"
$OUDN6 = "CN=Microsoft Exchange System Objects,DC=placeholder,DC=org"
$disUsers = Get-ADUser -filter {(Enabled -eq $True) -AND (LastLogonDate -lt $olddate)} -Properties sAMAccountName,Name,SID,Enabled,LastLogonDate,Modified,info,description,DistinguishedName | Where-Object {($_.DistinguishedName -notlike "*,$OUDN1") -and ($_.DistinguishedName -notlike "*,$OUDN2") -and ($_.DistinguishedName -notlike "*,$OUDN3")-and ($_.DistinguishedName -notlike "*,$OUDN4") -and ($_.DistinguishedName -notlike "*,$OUDN5") -and ($_.DistinguishedName -notlike "*,$OUDN6")}
foreach ($name in $disUsers) {
$DistName = $name.DistinguishedName
Disable-ADAccount -Identity $DistName -ErrorAction Continue
}
Today's run for example left 30 accounts that the report script found still enabled. It wasn't permissions, because I could disable the same accounts manually with no problems. No red text was generated, no error output - just seemingly ignored the accounts.
Thanks in advance for your help.
The criteria in both scripts is not the same.
Your reporting script has this, which your action script does not:
-OR ((LastLogonDate -notlike "*") -AND (WhenCreated -lt $olddate))
$results = foreach ($Mailbox in (Get-Mailbox -ResultSize Unlimited))
{
get-MailboxFolderPermission -identity "$($Mailbox.Name):\Calendar" -ErrorAction SilentlyContinue |
Where-Object {$_.User -notlike "Default" -and
$_.User -notlike "Anonymous" -and
$_.AccessRights -notlike "None" -and
$_.AccessRights } |
Select #{N="Mailbox";E={$Mailbox.SamAccountName}}, FolderName, User, AccessRights
}
$results
I am still learning powershell (only 1 full year of experience). I'm using this code to report on calendar permissions for all end user mailboxes in our environment. The code works well but it only reports on the Calendar object. I need to run three separate reports to get the Calendar, Contacts, and Inbox permissions.
I have tried creating an array but it throws multiple values all on one line. (Some end users have more than one person with access to their Calendar/Contacts/Inbox. Does anyone have a good idea of how to combine these results?
thanks
Here is an example of what results I would like:
Iterating Mailboxes only once with an additional
ForEach ($Folder in 'Contents','Calendar','Inbox')
Should be more efficient:
#Date
$date = (Get-Date -f yyyy-MM-dd)
#Pull Permissions
$Permissions = ForEach ($Mailbox in (Get-Mailbox -ResultSize Unlimited )) {
ForEach ($Folder in 'Contents','Calendar','Inbox'){
Get-MailboxFolderPermission -identity "$($Mailbox.Name):\$($Folder)" -ErrorAction SilentlyContinue |
Where-Object {$_.User -notlike "Default" -and $_.User -notlike "Anonymous" -and $_.AccessRights -notlike "None" -and $_.AccessRights } |
Select #{N="Mailbox";E={$Mailbox.SamAccountName}},
#{N="Folder";E={$_.FolderName}},
#{N="User With Access";E={$_.User}},
#{N="Access";E={$_.AccessRights}}
}
}
#Export to Desktop
$Permissions | Sort User | Export-Csv "$env:USERPROFILE\Desktop\ExchangePermissions-$Date.csv" -NoTypeInformation
#Date
$date = (Get-Date -f yyyy-MM-dd)
#Pull Permissions
$Permissions = ForEach ($Mailbox in (Get-Mailbox -ResultSize Unlimited )) {
$userInfo = get-user $Mailbox.name | select Title
ForEach ($Folder in 'Contacts','Calendar','Inbox'){
Get-MailboxFolderPermission -identity "$($Mailbox.Name):\$($Folder)" -ErrorAction SilentlyContinue |
Where-Object {$_.User -notlike "Default" -and $_.User -notlike "Anonymous" -and $_.AccessRights -notlike "None" -and $_.AccessRights } |
Select #{N="Mailbox";E={$Mailbox.SamAccountName}},
#{N="Office";E={$Mailbox.Office}},
#{N="Title";E={$userInfo.Title}},
#{N="Folder";E={$_.FolderName}},
#{N="User With Access";E={$_.User}},
#{N="Access";E={$_.AccessRights}}
}
}
#Export to Desktop
$Permissions | Sort User | Export-Csv
"$env:USERPROFILE\Desktop\ExchangePermissions-$Date.csv" -NoTypeInformation
I'm using the following in a do-until block to loop until a specified Exchange Online migration status is present:
(Get-Migrationbatch -Identity $MigrationBatchName | Where {$_.Status -like "Completed" -or "CompletedWithErrors" -or "Corrupted" -or "Failed" -or "Stopped"})
However, the above still returns a job with the status of "Syncing" and so continues the script regardless.
I've tried -match, -eq but still the same.
What am I missing?
You have to write it like this:
(Get-Migrationbatch -Identity $MigrationBatchName | Where {($_.Status -like "Completed") -or ($_.Status -like "CompletedWithErrors") -or ($_.Status -like "Corrupted") -or ($_.Status -like "Failed") -or ($_.Status -like "Stopped")})
Here's another way to do it:
$valuesToLookFor = #(
'Completed',
'CompletedWithErrors',
'Corrupted',
'Failed',
'Stopped')
(Get-Migrationbatch -Identity $MigrationBatchName |
Where-Object { $valuesToLookFor -contains $_.Status })
It would be simpler using -in operator, given that you are not using wildcards:
(Get-Migrationbatch -Identity $MigrationBatchName | Where Status -in "Completed","CompletedWithErrors","Corrupted","Failed","Stopped")
another option convert filter array to regex string...
$filter_status = #("Completed", "CompletedWithErrors","Curropted","Failed", "Stopped")
(Get-Migrationbatch -Identity $MigrationBatchName | Where Status -Match ($filter_status -Join "|")