I am trying to create a script that will allow me to enter a user name and will then present me with all the groups that the user is a member of in AD. I have the following code which works when i run it in Powershell ISE but when i just run the script in Powershell it allows me to enter the username but closes as it has queried AD. It does not print the results out on the screen.
$username = Read-Host 'Please enter Username!'
get-aduser $username -Properties memberof | select -expand memberof
If you are pasting the code into an already open PowerShell terminal then yes, that is definitely weird.
If you are right clicking and "Running with PowerShell" then this is the expected behaviour because the script has finished. You'll need to tell the script to stay open after it has retrieved the information. The easiest way to do this is by telling the script to wait for your input using Read-Host
$username = Read-Host 'Please enter Username!'
get-aduser $username -Properties memberof | select -expand memberof
Read-Host 'Done!'
UPDATE
Using an if statement wouldn't be feasible since it only catches terminating errors and Get-ADUser doesn't return terminating errors you would need to use a try/catch block. I over engineered this solution use to show you how it could be done using different PowerShell features :)
#Function to search for the user
function searchUser{
Param([string]$userName)
try{
Get-ADUser -Identity $userName -Properties MemberOf | Select-Object -ExpandProperty MemberOf
}catch{
return $false
}
}
#Ask the user for input until a valid username is entered
do {
$userInput = Read-Host "Enter a username: "
}until ($Output = searchUser -userName $userInput)
#Output the value from the searchUser function
Write-Host $Output
Related
I'm a newbie and trying to create a simple script to query a user's active directory username ( I have an AD lab) but can't seem to figure out which value or variable to use to retrieve the correct object. I believe the ($username) needs to be replaced with something but I'm just not sure what. This is my code:
Import-Module ActiveDirectory
read-host -prompt 'Input User ID'
get-aduser -identity ($username)
net user ($username)
get-adprincipalgroupmembership -identity ($username) | select -expand name
Like #Am_I_Helpful stated, you have to capture the Read-Host prompt inside the $username variable.
Import-Module ActiveDirectory
$username = Read-Host -Prompt 'Input User ID'
Get-ADUser -Identity $username
NET USER $username
get-ADPrincipalGroupMembership -Identity $username | Select -Expand Name
I'm new in learning Powershell and I ran into a problem that makes me go insane. I want to write a simple Powershell script, that can be used to get both the group memberships of certain ActiveDirectory users, and the users of certain ActiveDirectory groups, and in the end gives the option to write the result on the console, or save it as csv.
Everything works perfectly fine, except no matter what I do, I can't stop the window from closing right after it writes the results on the console. I know that I can run a PS1 from command line in a way that doesn't allow the window to close, but I'd like Powershell do it by itself.
I tried to use both "pause" and Read-Host after the query script, but the stop event always happens BEFORE the result gets out on the console, no matter what's the order between the two of them. I simply cannot understand why the order of the execution of the two commands is backwards. Could you give me some insight why Powershell does it?
$nameofgroup = Read-Host -Prompt "`nPlease enter the name of the group!`n"
Get-ADGroupMember -identity $nameofgroup | Get-ADObject -Properties description, samAccountName | select #{n='Name'; e='name'}, #{n='Description'; e='description'}, #{n='Username'; e='samAccountName'}
$temp = Read-Host "Press Enter to continue..."
So you need to explicitly tell powershell to output the string. I also added in some error handling for you, so you don't have to run the script every time. Like if the group was typed wrong or doesn't exist.
Do
{
$nameofgroup = Read-Host -Prompt "`nPlease enter the name of the group!`n"
try
{
Get-ADGroupMember -identity $nameofgroup | Get-ADObject -Properties description, samAccountName | select #{n='Name'; e='name'}, #{n='Description'; e='description'}, #{n='Username'; e='samAccountName'} | Out-String
$errorMessage = 'False'
Read-Host -Prompt 'Press Enter key to exit'
}
catch
{
Write-Host "Could not find group please try again"
$errorMessage = 'True'
}
}
while($errorMessage -eq 'True')
I need to find a way to pull information from AD via PowerShell to tell which version of Outlook they are using. The code I currently have is very small however I made a prompt for them to enter the ADID name and then want to run the code
Get-ADUser USERNAME -Properties msExchRecipientTypeDetails
The main problem I have is I'm not sure how to take the input from the username prompt and replace it into the Get-ADUser command.
# 0365
Read-Host -Prompt 'What is the username?'
Get-ADUuser -Id USERNAME -Properties msExchRecipientTypeDetails
Collect the input in a variable and use that variable with Get-ADUser:
$username = Read-Host -Prompt 'What is the username'
Get-ADUuser -Identity $username -Properties msExchRecipientTypeDetails
Would anybody have an insight on how to disable a user's ESET Secure Authentication setting with a Powershell script?
I have a script that disables a users Active Directory account, resets the password, and moves it to a new OU but now I'm stumped on how to disable the properties related to their ESET information. From the ADUC GUI you can uncheck the box for their hardware token and REVOKE the key, so I would imagine there's a way to do it with a script that I can include in my current script.
# Imports module for running commandlets against Active Directory, and inputs user name
# into variable.
# Enter-PSSession DomainController // Need to run this commandlet from your local
# machine first.
Echo "You are about to disable a user account. Verify your information!"
Read-Host "Press ENTER to continue."
Import-module ActiveDirectory
$User1 = Read-Host -Prompt 'Enter the username of the employee you wish to change'
# Disables named users ActiveDirectory Account.
# "Locked Account" does not show but need to right click to enable
Disable-ADAccount -Identity $User1
# Adds AD group "Disabled Users" to named user group membership
Add-ADGroupMember -Identity 'Disabled Users' -Member $User1
# Set named users primary group to "Disabled Users"
Set-ADUser -Identity $User1 -Replace #{PrimaryGroupID="0000"}
# Removes groups assigned to named users membership
Get-ADUser -Identity $User1 -Properties MemberOf | ForEach-Object {
$_.MemberOf | Remove-ADGroupMember -Members $_.DistinguishedName -Confirm:$false
}
# Changes named users password based on Administrators input
$newpwd = Read-Host "Enter the new password" -AsSecureString -WhatIf
Set-ADAccountPassword $User1 -NewPassword $newpwd –Reset -WhatIf
# Moves named user from current OU to "Employee DISABLED\DISABLED" container
get-aduser $User1 | move-adobject -targetpath
"ou=DISABLED,ou=Employee DISABLED,dc=DOMAINNAME,dc=com"
# Much respect due to the onesixooh!
Read-Host "Press ENTER to finish"
Write-Host " **********************************************************
>>> Get the money. Dolla dolla bill y'all. <<<
**********************************************************"
Any advice is greatly appreciated.
Try using the Windows Server ADAC (AD Admin Center) to write this code for you, to see if that gets you closer to your end goal.
Open ADAC
Use the GUI to do the steps you need
Open the PowerShell History Viewer
Copy and paste into your favorite PoSH Editor (ISE, VSCode, etc...) and tweak
as needed.
I have Active directory user and I want to check is this user is manager of any Active directory group? Is any command to check user is manager of any ADGroup?
You can use a filter or ldapfilter to search for the user in the managedby attribute. Like
Import-Module ActiveDirectory
$username = Read-host "Enter username"
$user = Get-ADUser $username
#If user exists
if($user) {
#Get groups where user is manager
Get-ADGroup -LDAPFilter "(managedby=$($user.DistinguishedName))"
#If you prefer the more "powershell-like" -Filter, then you can use:
#Get-ADGroup -Filter "managedby -eq '$($user.DistinguishedName)'"
}
You can also start from the user object which has all the ManagedBy objects backlinked directly in the managedObjects attribute. Depending on your implementation, this might be much faster:
([ADSI]"LDAP://$(Get-ADUser $Username)").ManagedObjects