How to list a direct reports in Powershell - powershell

How to get displayname from direct reports attribute ?
Get-ADUser $foo -Properties * | select #{Name="directreports";Expression={($_.directreports | %{(Get-ADUser $_).displayname}) -Join ";"}}
Output :
directreports
-------------
;;;;;;;;;;;;;;;;;;
ISSUE resolved :
Get-ADUser $foo -Properties * | select #{Name="directreports";Expression={($_.directreports | %{(Get-ADUser $_).name}) -Join ";"}}

Apologies for misreading your question, try out the below and let me know if this does what you want it to do?
Get-ADUser $foo -Properties * | Select-Object -ExpandProperty DirectReports | ForEach-Object { Get-ADUser -Identity $_ | Select-Object Name }
You can always add on | Export-CSV -Path "c:\temp\directreports.csv" -NoTypeInformation at the end to get this out of course.
On your original code, the easiest way I found to expand out the list of direct reports was to do the select on it's own and then pipe into a foreach, rather than trying to do it all in one as an expression.
Also, DisplayName is not a default property returned by Get-ADUser, so this is why I used the Name property instead in my suggested solution.
Thanks!

Related

Get All AD Groups That Have Blank Managed By Field

I'm trying to get all AD groups that have a blank Managed By Name and the description of the AD group. I'm currently having issues with displaying no results using my filter, but am not sure why. Any help is appreciated.
Get-ADGroup -filter * | Where-Object {$_.ManagedBy -eq ""} | Select-Object manager,description | Export-Csv -Path C:\Users\User\Desktop\AllNullManagedBy.csv -NoTypeInformation
The current script is not showing any users which it should be showing several users
The problem is that Get-ADGroup does not return an object with the ManagedBy attribute by default, you need to ask for it (-Properties ManagedBy):
Get-ADGroup -Filter * -Properties ManagedBy, Manager, Description |
Where-Object {-not $_.ManagedBy } | Select-Object samAccountName, Manager, Description |
Export-Csv -Path C:\Users\User\Desktop\AllNullManagedBy.csv -NoTypeInformation
However, this operation is quite inefficient, you can use LDAP filtering capabilities for this:
Get-ADGroup -LDAPFilter "(!managedby=*)" -Properties Manager, Description |
Select-Object samAccountName, Manager, Description |
Export-Csv -Path C:\Users\User\Desktop\AllNullManagedBy.csv -NoTypeInformation
As a side note, Where-Object { $_.ManagedBy -eq "" } is likely to not return any results, you would be querying for AD Groups where their ManagedBy attribute is set and it's value is equal to an emptry string instead of filtering for groups that don't have the attribute set or it's value is $null or empty string ({-not $_.ManagedBy }):
$null -eq '' # => False: comparison fails here
-not $null # => True
-not '' # => True

Powershell sort-by numbers at end of values

I'm looking to sort numerically my output with the numbers at the end of each.
Get-ADComputer -Filter * -SearchBase "OU=ComputerOU,DC=dc,DC=com" -Properties * | Select-Object -ExpandProperty Name
What i would like:
QCL-00010
JPL-00011
TUL-00012
TUL-00013
QCL-00014
What i have:
JPL-00011
QCL-00010
QCL-00014
TUL-00012
TUL-00013
Thank you in advance
Using the example names, where all numeric values have the same length, padded with leading zeroes, you could simply extend the code you have:
Get-ADComputer -Filter * -SearchBase "OU=ComputerOU,DC=dc,DC=com" |
Select-Object -ExpandProperty Name |
Sort-Object {($_ -split '-')[-1]}
However, to be on the safe side I'd cast to [int] as well:
Get-ADComputer -Filter * -SearchBase "OU=ComputerOU,DC=dc,DC=com" |
Select-Object -ExpandProperty Name |
Sort-Object {[int]($_ -split '-')[-1]}
Result:
QCL-00010
JPL-00011
TUL-00012
TUL-00013
QCL-00014
BTW. if all you need is the .Name property, do not ask for ALL properties with -Properties *
If every computer in the OU matches the nomenclature, I would just use a calculated property with Sort-Object and some pretty standard text munging:
Get-ADComputer -Filter * -SearchBase "OU=ComputerOU,DC=dc,DC=com" |
Sort-Object -Property #{e={$_.Name.Substring($_.Name.IndexOf('-') + 1)}} |
Select-Object -ExpandProperty Name
Also, you should avoid -Properties * with Get-AD* commands unless you absolutely have to. Name is returned by default.
There are a couple of ways to do something like this, somewhat depending on how static the format is.
$Names = #(
'JPL-00011'
'QCL-00010'
'QCL-00014'
'TUL-00012'
'TUL-00013'
)
$Names | Sort-Object {[Void]($_ -match "(\d{5}$)"); $matches[1]}
Here I used the matches collection as the sort expression.

PowerShell - Use a string in a foreach-object against the Description AD property of a computer object

I am trying to send a user name (SamAccountName) down the PowerShell Pipeline to find a computer based on the Description property in Active Directory:
The Description property is always "something-UserName"
I know I don't need to send the variable down the pipeline and can simply express it in the filter but I have s specific use case where I need to do this.
This is what I have tried:
"bloggsJ" | %{Get-ADComputer -server domain.com -Filter * -Properties Description | ?{$_.Description -eq "something-$_"}} | select Name
This produces nothing even though there is a computer with a description property of "Something-bloggsJ" on that domain.
Any advice please.
Instead of using the -eq operator, I would use -like.
Something like this:
"bloggsJ", "IanB" | ForEach-Object {
$name = $_
Get-ADComputer -Filter * -Properties Description |
Where-Object {$_.Description -like "*-$name"}
} | Select-Object Name
Inside the ForEach-Object loop, the $_ automatic variable is one of the usernames. Inside the Where-Object clause, this $_ variable represents one ADComputer object, so in order to have the username to create the -like string, you need to capture that name before entering the Where-Object clause.
I believe you are missing the underscore for $_ variable:
"ivan" | ForEach-Object -Process { Get-ADComputer -Filter * -properties description | Where-Object -Property description -eq "something-$_"}
this one is working ...

List of users based on Description in Active Directory using Powershell

I'm basically new to PowerShell. May I ask what do I need to do in Get-ADUser -filter.. to pull out users that have the same description?
Get-ADUser -Filter * -Properties Description | Select Name,Description | Sort Description
You could add another pipe to Format-List or Format-Table or export with Export-CSV or Export-CliXML
You could use the Group-Object cmdlet to group object together with the same description.
Get-ADUser -Filter * -Properties Description |
Select-Object Name,Description |
Group-Object Description |
Where-Object {$_.count -gt 1}

Getting Active Directory Domain Services Folder and/or DistingiushedName

I'm new to scripting with Powershell for Active Directory, and attempting to pull out users in a list and enumerating their groups; however when I do so the resultant information contains just the name of the group which is duplicated under many differently named OUs. Looking at them in AD Users and Computers under the Member Of tab shows the Name and the Active Directory Domain Services Folder which contains exactly the differentiating info I need, or alternately I could use the DistinguishedName which isn't as nicely formatted for readability but would also work.
Problem with simplified examples: If a group name is the same across different OUs (like "TestUsers") then the script currently dumps multiple group names without differentiation "TestUsers, TestUsers, TestUsers" instead of showing the underlying OUs in a clean format "Michigan\TestUsers, NewYork\TestUsers" or Distinguished Name format "CN=TestUsers,CN=Michigan,etc";"CN=TestUsers,CN=NewYork,etc".
$alist = "Name`tAccountName`tDescription`twhenCreated`tAcctEnabled`tGroups`n"
$userlist = Get-ADUser -SearchBase "OU=Service Accounts,OU=Information Systems,DC=conteso,DC=local" -Filter * -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,Company,whenCreated,Enabled,MemberOf | Sort-Object -Property Name
$userlist | ForEach-Object {
$grps = $_.MemberOf | Get-ADGroup | ForEach-Object {$_.Name} | Sort-Object
$arec = $_.Name,$_.SamAccountName,$_.Description,$_.whenCreated,$_.Enabled
$aline = ($arec -join "`t") + "`t" + ($grps -join "`t") + "`n"
$alist += $aline
}
$alist | Out-File C:\psscripts\service_accounts_groups.csv
Any help is appreciated!
I agree that DistinguishedName already has this information but I think it is easier to just use Get-AdGroup to get some friendlier information. A little string manipulation on the CanonicalName of the group, while not as efficient maybe, would be easier to work with.
$grps = $_.MemberOf | Get-AdGroup -Properties CanonicalName | ForEach-Object{
$CN = ($_.CanonicalName -Split "/")
"{0}\{1}" -f $CN[-2],$CN[-1]
}
or as a one liner if you prefer.
$grps = $_.MemberOf | Get-AdGroup -Properties CanonicalName | ForEach-Object{$CN = ($_.CanonicalName -Split "/"); "{0}\{1}" -f $CN[-2],$CN[-1]}
What we do is take the CanonicalName which can be considered the path of the object in Active Directory. Since you only wanted the parent container we split up the path and join only the last two parts. The group object and its container.
Same result could come from just getting the second last element from CanonicalName and appending the group name to it. Might look at little nicer
$grps = $_.MemberOf | Get-AdGroup -Properties CanonicalName | ForEach-Object{"{0}\{1}" -f ($_.CanonicalName -Split "/")[-2],$_.Name}
Since the "$_.memberof" property already has the Distinguished name, you don't need to pass it to Get-Adgroup again. so simply replace your $grps line like this
$grps = $_.MemberOf -replace "CN=","" -replace "OU=","" -replace "DC=","" -replace ",","\" | Sort-Object
Or if you still want to proceed with your approach, use it with distinguishedname property instead of name property - like this (with the text replace)
$grps = $_.MemberOf | Get-ADGroup | ForEach-Object {$_.DistinguishedName -replace "CN=","" -replace "OU=","" -replace "DC=","" -replace ",","\"} | Sort-Object
Or as suggested by Matt in the comment, simply use canonicalname property.
$grps = $_.MemberOf | Get-ADGroup -Properties canonicalname | select -ExpandProperty canonicalname
Cheers, GJ