So the task I'm facing seems harsh to me, I barely started using PowerShell too.
I need to create a detailed List of all users by their display name, which means it begins with " x- "
I need their details, including user creation date, enabled/disabled, last login date, and company
can you help a fellow beginner out?
You should try googling and providing more information. It appears you have not completed any searching.
A simple "Get all users powershell" into google would bring you to Get-ADUser
Get-ADUser -Filter * -Properties * | Export-Csv "$env:USERPROFILE\Desktop\UserData.csv" -NoTypeInformation
# This gets all users in AD and all properties
Get-ADUser -Filter * -Properties *
# This will send those results to a CSV file on your desktop
| Export-Csv "$env:USERPROFILE\Desktop\UserData.csv" -NoTypeInformation
Related
I'm pretty new on Powershell and this is by far the trickiest task I have gotten so far. I want to write a script that shows me if the same personal identity number occurs on multiple AD users.
I have managed to get a list of all AD users and their ID numbers using the Powershell Active Directory module and the following:
Get-ADUser -Filter * -SearchBase "OU=X,DC=X,DC=X,DC=X" -Properties PersonalIdentityNumber | Select-Object Name,PersonalIdentityNumber | Where-Object {$_.PersonalIdentityNumber} | Sort-Object -Property PersonalIdentityNumber
Although, I am not sure where to go from there. I suspect that I will have to use a for or foreach loop in some way, but I have tested a bit and not made any concluions. It will most likely be too heavy to compare every user against all other users, but I think that every user can be compared to the 20 users before or after, since matching ID numbers will probably be on users with the same name.
Any ideas on how to accomplish this?
Use the Group-Object cmdlet to group the users based on the value of the PersonalIdentityNumber property:
$usersWithPIN = Get-ADUser -Filter * -SearchBase "OU=X,DC=X,DC=X,DC=X" -Properties PersonalIdentityNumber | Select-Object Name,PersonalIdentityNumber | Where-Object {$_.PersonalIdentityNumber}
$usersWithSamePINGroups = $usersWithPIN |Group-Object PersonalIdentityNumber |Where-Object Count -gt 1
$usersWithSamePINGroups will now contain zero or more Group objects with a Count property (the number of users sharing a given PIN), and a Group property containing the user objects in question
my apologies if this has been asked many times before but I could use a hand with the command below. I am extracting Active Directory user information to a CSV but can use a hand with the correct code to replace the telePhoneNumber field with a fixed number of "555-555-5555" if it is null. I guess our organization has a lot of users without a phone number, and when I try to use the csv for our intended project, I can't because it errors and fails to grab the user if they do not have a phone number supplied. Is this possible to do?
Get-ADGroupMember -Identity "GROUPNAME" | Get-ADUser -Properties * | select #{N='UserName';E={$_.UserPrincipalName}},#{N='FirstName';E={"" + $_.givenName}},#{N='LastName';E={"" + $_.sn}},#{N='BusPhone';E={$_.telePhoneNumber}} | Export-csv c:\intel\thegroup.csv -NoTypeInformation
You can do whatever you like in the expression block of a calculated property.
Try changing:
#{N='BusPhone';E={$_.telePhoneNumber}}
to:
#{N='BusPhone';E={if($_.telePhoneNumber){$_.telePhoneNumber}else{'555-555-5555'}}}
I want to get a list of all AD Users and their creation time and last logon time. First I used the Active Diretory Users and Computers app and activated the Advanced Features. In the Attribute Editor I can see the properties are called LastLogon and WhenCreated.
So I did this:
$allUsers = Get-ADUser -Filter * -Properties SamAccountName,LastLogon,WhenCreated
$allUsers | select SamAccountName,LastLogon,WhenCreated
However LastLogonand WhenCreated are only filled for 13 of 500 Users. In the Attribute Editor these values are filled for a lot more...
When I query one user only that has these values in the Attribute Editor with Get-ADUser -Identity $User -Properties * I see that the attributes are called LastLogonDateand Created (values are shown empty).
So I searched for those attributes:
$allUsers2= Get-ADUser -Filter * -Properties SamAccountName,LastLogonDate,Created
$allUsers2 | select SamAccountName,LastLogonDate,Created
Then again those 13 have the info the rest doesn't.
Has anyone an idea how I get those values? (I am going to export them with Export-CSV so another way to get those in Excel is ok, too )
As requested my comments as answer.
First attempt:
Add the -Server switch on Get-ADUser and have it query the same Domain Controller you are currently connected to with Active Directory Users and Computers. It may be that you are asking for properties that have not yet been synchronized (especially the lastLogon time stamp which I believe is synced only once every 14 days unless you have specified a different value for the ms-DS-Logon-Time-Sync-Interval attribute on the domain default naming context.)
--> didn't apply because you're running this on the DC itself
Second attempt:
Try ADSI as in $searcher = [adsisearcher]'(&(objectCategory=person)(objectClass=user))'; $searcher.FindAll()
--> same results as with Get-ADUser; still empty values
Third attempt:
Check PowerShell version(s)
--> apparently the DC had PS version 4. With version 5.1 it works
First, look at what properties your cmdlet has:
$a = Get-ADUser -server 'DomenNameTest.en' -Identity 'makarovayu' -Properties *
$a | Get-Member
I recommend copying the received data into a notepad in order to copy the available field names later.
2-Let's declare an array and use the cmdlet to try to collect information on the required fields
$userList = Get-ADUser -server 'DomenNameTest.en' -Properties SamAccountName,Name -Filter * |
#Do not forget that the comanlet has a limitation and can fall off on timeout.See how I work with each property in [select]
Select #{Name = "SamAccountName"; Expression={$_.SamAccountName}},#{Name = "Name"; Expression={$_.Name}} |
#Uploading data to [csv]
Export-Csv -Path "D:\Users\userTest\Desktop\userList.csv" -Append -NoTypeInformation -Encoding Default -Delimiter ';'
Remove-Variable a,userList #Clear the variables
I'm an IT intern tasked with performing an audit of users on our domain and I'm having some trouble finding the info I need without all of the extra stuff. Is there a way to pull all of this info in one command? If not, can you recommend commands to pull users, usernames, and login info separately in a manner that I can copy-paste in the format I need?
I previously used get-adgroup -filter * and wrote to a file. Are there some options I can add for this filter? I also used a script to get all users, and all groups and their user permissions on separate occasions.
You could try something like:
Get-ADGroup -Filter "Name -like '*Accounting*'" |
Get-ADGroupMember |
Select-Object name, SamAccountName
Or if you need more fields from the user object, then try something like:
Get-ADGroup -Filter "Name -like '*Accounting*'" |
Get-ADGroupMember |
Get-ADUser -Properties Enabled |
Select-Object Name, SamAccountName, UserPrincipalName, Enabled
You'll probably want to export to a spreadsheet, so use Export-Csv for that.
Im trying to export AD users to a csv file by powershell. Now one field only needs to have the first letter of the value. Eg: name - Kevin, initials - K.
I have tried with substring, but im obviously doing something wrong:
PS C:\Users\Administrator> Get-ADUser -Filter * -Properties * | Select -Property substring.surname(1,1),surname,givenName,samaccountname,givenN
ame,Mail,Department | Export-CSV "C:\Export\Users.csv" -NoTypeInformation
Obviously im still pretty new to powershell.
You have a couple of issues here:
1) You're selecting "GivenName" twice - PowerShell won't allow that:
2) you want substring (0,1) - start as position 0 and count 1 letter along.
3) this should do what you want it to do:
Get-ADUser -Filter * -Properties * | `
Select #{n='initial';e={$_.surname.substring(0,1)}},surname,givenName,samaccountname,Mail,Department | `
Export-CSV "C:\installs\Users.csv" -NoTypeInformation
essentially, you're creating and recycling a small property array each time - which allows you to set a value (the substring) which is then returned up the chain to the select and then on to your CSV file :)
(might also be worth noting, you're selecting the first letter of the surname, but in your question, you're asking to get K from Kevin - you might want to be selecting from a forename field).
Other notes:
-filter * -properties * is very computationally expensive - you're getting all fields for all users and only selecting a few. try listing properties the same way you do in your select.
select -property - the -property switch is redundant and optional - just using Select stuff,otherstuff will do the same thing and will be easier to read
If you feel the process leanthy, you can also try CJWdev tool or Lepide active directory query tool. They both are free and helps to fetch such AD reports quickly.