I have a problem with a simple script. I need to copy attributes (STATE to CITY) on all users in my OU. I found this script, but there is an error somewhere.
Could someone help me with this?
Get-ADUser -Filter * -SearchBase "MY OU" -Properties city, state |
ForEach-Object {
Set-ADObject -Identity $_.DistinguishedName ` -Replace #{city=$($_.state)}
}
Command to grab all users where state has a value (a precaution to avoid attempting to use null values which Replace will not accept) and write that value into the city attribute (L)
PS> Get-ADUser -SearchBase "ou=test accounts,dc=domain,dc=ccTLD" -LDAPFilter '(st=*)' -Properties city, state | Select-Object * | ForEach-Object {Set-ADObject -Identity $_.DistinguishedName ` -Replace #{l=$($_.state)}}
Related
Current powershell script being used is in this format:
Get-ADUser -Filter * -Properties EmailAddress, DisplayName -SearchBase "OU=USERS, OU=Site, OU=$_, DC=domain" -Server ServerName | Select DisplayNAme, EmailAddress
My problem is that the OU users, and site are buried in different folders one level up, and I can't figure out how to make the powershell script look thru all the folders above (OU=$_). Using OU=* doesn't work either (bad syntax error).
The -SearchBase parameter doesn't allow wildcards, if I understand correctly, you're looking for all parents OUs having OU=USERS, OU=Site as child OU, in which case, you can first filter for all OUs with Name Users then filter again for those OUs where their DistinguishedName contains OU=USERS, OU=Site and lastly feed these OUs to Get-ADUser -SearchBase:
(Get-ADOrganizationalUnit -LDAPFilter "(name=users)").DistinguishedName | ForEach-Object {
if($_ -notlike "OU=USERS, OU=Site*") { return }
Get-ADUser -Filter * -Properties EmailAddress, DisplayName -SearchBase $_ -Server ServerName
} | Select DisplayName, EmailAddress
I have an issue with the following script:
get-aduser -filter * -searchbase "dc=domain,dc=global" -ResultSetSize $null | where-object {((get-aduser $_.samaccountname -properties memberof).memberof -ne "Mimecast Remote Access Exceptions")} | ForEach {add-adgroupmember -identity "Mimecast Internal Access" -member $_.samaccountname}
It is still adding all users but not filtering out users who are members of the remote access exceptions group. Any idea what I am doing wrong?
First of all, you don't need to perform Get-ADUser twice.
Then, the MemberOf user property is a collection, not a single string, so you need to use -notcontains instead of -ne
Try:
# get the DistinguishedName property of the group
$groupDN = (Get-ADGroup -Identity "Mimecast Remote Access Exceptions").DistinguishedName
Get-ADUser -Filter * -SearchBase "dc=domain,dc=global" -Properties MemberOf |
Where-Object {$_.MemberOf -notcontains $groupDN} |
ForEach-Object { Add-ADGroupMember -Identity "Mimecast Internal Access" -Members $_ }
Building on #Theo's Answer
.memberOf will return distinguished name strings. -notcontains won't work unless you change the left hand side to the DN. That might look something like:
$DN = 'CN=Mimecast Remote Access Exceptions,OU=SomeOU,DC=domain,DC=global'
Get-ADUser -Filter * -SearchBase "dc=domain,dc=global" -Properties MemberOf |
Where-Object {$_.MemberOf -notcontains $DN } |
ForEach-Object { Add-ADGroupMember -Identity $DN -Members $_ }
Obviously correct $DN for your environment etc...
I'm trying to create a list of users with other AD properties (Name, sAC, Description) from a file with only samAccountName for each user.
When I try this:
$file=import-csv "C:\newtest.csv"
$file | ForEach-Object {
get-aduser -Identity $_.samAccountName -Properties * | Select-Object Name, samAccountName, Description|Export-Csv C:\newerTest.csv
}
I get an error "Get-ADUser : Cannot validate argument on parameter 'Identity'..."
I've used other Stack Questions to also try building it with -Filter as so:
$file=import-csv "C:\newtest.csv"
ForEach-Object {
Get-ADUser -Filter "samAccountName -like '*$($_samAccountName)*'" -Properties * | Select-Object Name, samAccountName, Description|Export-Csv C:\newerTest.csv
}
but that gives me a "search filter not recognized" error.
TY for any help!
I get an error "Get-ADUser : Cannot validate argument on parameter 'Identity'..."
On the top line of the CSV you have to have "samAccountName" so pick the right column. What happens when you type $file.samAccountName ?
but that gives me a "search filter not recognized" error.
I can not check right now, but it looks like you are missing a "." between $_ and samAccountName. You also were missing "$file |"
$file=import-csv "C:\newtest.csv"
$file | ForEach-Object {
Get-ADUser -Filter "samAccountName -like '*$($_.samAccountName)*'" -Properties * | Select-Object Name, samAccountName, Description|Export-Csv C:\newerTest.csv
}
You can also use your's first variant of code
$file=import-csv C:\newtest.csv
$file | ForEach-Object {
get-aduser -Identity $_.samAccountName -Properties * | Select-Object Name, samAccountName, Description|Export-Csv C:\newerTest.csv
}
But in your file C:\newtest.csv first line must called samAccountName, then in row SAmacc of your users.
I'm trying to get AD attributes updated with information from my payroll system. I have a good dump of employee information, and can get most things updated, but I'm having some small problems that hopefully someone much better with Powershell than I can assist with.
--- UpdateInfo.ps1 ---
Import-Module ActiveDirectory
$Users=Import-Csv C:\info_update.csv
foreach($u in $Users)
{
Get-ADUser -Filter "employeeID -eq '$($u.employeeID)'" -properties * | set-aduser -replace #{title="$($u.title)";extensionAttribute1="$($u.title)";givenName="$($u.givenName)";initials="$($u.initials)";middleName="$($u.middleName)";sn="$($u.sn)";physicalDeliveryOfficeName="$($u.physicalDeliveryOfficeName)";streetAddress="$($u.streetAddress)";l="$($u.l)";st="$($u.st)";co="$($u.co)";countryCode="$($u.countryCode)";c="$($u.c)";postalCode="$($u.postalCode)";department="$($u.department)"}
}
--- info_update.csv ---
employeeID,givenName,initials,middleName,sn,name,title,physicalDeliveryOfficeName,streetAddress,l,st,co,countryCode,c,postalCode,department,manager
"111","Smith","Q","Quincy","John","Smith, John Q.","Tech II","Springfield, IL","800 E Monroe St.","Springfield","IL","United States","840","US","62701","IT","540"
Two questions:
I can't get the 'name' field to update. I thought that it was because of the space, but the physicaldeliveryofficename has a space, too...and it's working fine.
I need to do a lookup for the manager ID (last column), return the DN of the manager, and use that to update the manager attribute.
If anyone can help, I would greatly appreciate it. I feel like I'm really close, but I'm overlooking something.
Thanks!
---UPDATE---
Thanks to #TheMadTechnician
Here's the final answer.
Import-Module ActiveDirectory
$Users=Import-Csv C:\Job_titles.csv
foreach($u in $Users)
{
$Mgr = Get-ADUser -Filter "employeeID -eq '$($u.manager)'" | Select -ExpandProperty DistinguishedName
Get-ADUser -Filter "employeeID -eq '$($u.employeeID)'" -properties * | set-aduser -replace #{title="$($u.title)";extensionAttribute1="$($u.title)";givenName="$($u.givenName)";displayName="$($u.name)";initials="$($u.initials)";middleName="$($u.middleName)";sn="$($u.sn)";physicalDeliveryOfficeName="$($u.physicalDeliveryOfficeName)";streetAddress="$($u.streetAddress)";l="$($u.l)";st="$($u.st)";co="$($u.co)";countryCode="$($u.countryCode)";c="$($u.c)";postalCode="$($u.postalCode)";department="$($u.department)";manager="$Mgr"} -PassThru | Rename-ADObject -NewName "$($u.name)"
}
So we will use get-aduser and filter on EmployeeID for the manager, and use Select -ExpandProperty for the DistinguishedName property. I also use the -PassThru switch on your Set-ADUser, and pipe it to Rename-ADObject. See how that suits you:
Import-Module ActiveDirectory
$Users=Import-Csv C:\info_update.csv
$Managers = Import-Csv C:\Managers.csv
foreach($u in $Users)
{
$Mgr = Get-ADUser -Filter "employeeID -eq '$($u.manager)'" | Select -ExpandProperty DistinguishedName
Get-ADUser -Filter "employeeID -eq '$($u.employeeID)'" -properties * | set-aduser -replace #{title="$($u.title)";extensionAttribute1="$($u.title)";givenName="$($u.givenName)";initials="$($u.initials)";middleName="$($u.middleName)";sn="$($u.sn)";physicalDeliveryOfficeName="$($u.physicalDeliveryOfficeName)";streetAddress="$($u.streetAddress)";l="$($u.l)";st="$($u.st)";co="$($u.co)";countryCode="$($u.countryCode)";c="$($u.c)";postalCode="$($u.postalCode)";department="$($u.department)";manager="$Mgr"} -PassThru | Rename-ADObject -NewName "$($u.name)"
}
Set-ADUser cannot be used to set Name. See http://technet.microsoft.com/en-us/library/ee617215.aspx
Try using Rename-ADObject:
Rename-ADObject [-Identity] <ADObject> [-NewName] <string>
Source: http://technet.microsoft.com/en-us/library/ee617225.aspx
I would like to compare two organizational units users.
I can get my user list with this command:
OU_NUMBER_1:
Get-ADUser -filter * -SearchBase "OU=OU_NUMBER_1,OU=OU-SNE_SharePoint,DC=vf,DC=local" | Select sAMAccountName
OU_NUMBER_2:
Get-ADUser -filter * -SearchBase "OU=OU_NUMBER_2,OU=OU-SNE_SharePoint,DC=vf,DC=local" | Select sAMAccountName
I would like to get homonymous from these lists. Do I have to put my users in some lists and compare them ? Or anyone get a better idea ?
To summary, I would like to get a list with homonymous of my OU's.
/Update
Try
$UserGroup1 = Get-ADUser -filter * -SearchBase "OU=OU_NUMBER_1,OU=OU-SNE_SharePoint,DC=vf,DC=local" | select sAMAccountName
$UserGroup2 = Get-ADUser -filter * -SearchBase "OU=OU_NUMBER_2,OU=OU-SNE_SharePoint,DC=vf,DC=local" | Select sAMAccountName
$UserInBothOU = Compare-Object $UserGroup1 $UserGroup2 -IncludeEqual
Be aware that the Array $UserInBothOU contains PowerShell Objects.
When you want the sAMAccountName, then you must do something like that:
foreach($User in $UserInBothOU)
{
Write-host $User.sAMAccountName
}
Because sAMAccountName is only an attribute.
$OLDGroup = Get-ADUser -filter * -SearchBase "OU=InactiveObjects,DC=gov,DC=au" -server "gov.au" | select sAMAccountName
$NEWGroup = Get-ADUser -filter * -SearchBase "OU=StandardUsers,OU=Users,DC=nsw,DC=gov,DC=au" -server "nsw.gov.au" | Select sAMAccountName
compare-object $OLDGroup $NEWGroup -Property 'SamAccountName' -IncludeEqual