I'm trying to pull some information from AD but having difficulty. I'm trying to get a list of users that have the PRIMARY smtp address from the ProxyAddresses attribute (an array) in a specific format (SMTP:firstname.lastname*) only. I only want the ones that match "SMTP" (case sensitive) and of those only those that have the email address in the format of firstname.lastname.
Get-ADUser -SearchBase "DC=corp,DC=companyx,DC=com" -Filter * -Properties ProxyAddresses,sn,givenname,displayname,mail |
Where-Object {$_.ProxyAddresses -clike "SMTP:{$_.givenname+$_.sn}*"} # | Select-Object proxyaddresses,displayName,givenName,sn
Try this:
Get-ADUser -SearchBase "DC=corp,DC=companyx,DC=com" -Filter * -Properties ProxyAddresses,sn,givenname,displayname,mail |
Where-object {($_.ProxyAddresses -cmatch "SMTP:") -and ($_.ProxyAddresses -match "$($_.givenname).$($_.sn)*")}
Related
I'm tryin to get a powershell query with two displaynames in it. It works fine with one displayname.
Get-ADUser -Filter "displayName -like '**'" -SearchBase "OU= ,OU= ,OU= AG,DC= ,DC=" -Properties * | select-object mail | sort-object
How can i insert more displayname variables to the code?
You can use OR in the filter
Get-ADUser -Filter "DisplayName -like '*user1*' -or DisplayName -like '*user2*'" -SearchBase "OU= ,OU= ,OU= AG,DC= ,DC=" -Properties Mail |
Select-Object -ExpandProperty Mail | Sort-Object
Using LDAP Filter you can do like this (using | as OR)
Get-ADUser -LDAPFilter "(|(cn=*user1*)(cn=*user2*))" -SearchBase "OU= ,OU= ,OU= AG,DC= ,DC=" -Properties Mail |
Select-Object -ExpandProperty Mail | Sort-Object
How can I get all ADusers with numeric SamAccountName.
if SamAccountName include letter then I don't need it.
$num = Get-AdUser -Filter "SamAccountName -like [integer]" -Properties postalCode, postOfficeBox, SamAccountName, Enabled
With the -Filter you cannot test if a SamAccountName is made up of only digits and you will have to use the Where-Object clause for that using the regex -math operator.
$users = Get-AdUser -Filter * -Properties PostalCode, POBox, SamAccountName, Enabled |
Where-Object { $_.SamAccountName -match '^\d+$' }
Even though you cannot use -Filter to concisely complete your query, you can use -Filter to speed up your query times before piping to Where-Object:
$Params = #{ Properties = 'postalCode','postOfficeBox','SamAccountName','Enabled'
Filter = "samaccountname -like '" + (1,2,3,4,5,6,7,8,9,0 -join "*' -or samaccountname -like '") + "'"
}
Get-AdUser #Params | Where SamAccountName -match '^\d+$'
The idea is to only find objects with samaccountname beginning with a digit before sending to Where-Object, which will display only accounts that have all digits for the property value. This will significantly speed up the query times if you only have a small percentage of accounts that begin with a digit.
I'm looking for some guidance on creating a powershell script that will check security and distribution groups from specific OU's and see if the owner is a user who's disabled.
We have lots of old groups in our AD created by ex employees that need to be cleaned up.
This is what i've started with.
$managedByGroups = get-adgroup -filter 'groupCategory -eq "Distribution"' -SearchBase "OU=SydExchangeGroups,OU=SydGroups,OU=Sydney,DC=my,DC=org,DC=biz" -Properties distinguishedname, managedby | select sAMAccountName, managedby
$disabledUsers = Get-ADUser -Filter {Enabled -eq $false} -SearchBase "OU=SydDisabledUsers,OU=SydMisc,OU=Sydney,DC=my,DC=org,DC=biz" | select distinguishedname
foreach ($group in $managedByGroups){
if($managedByGroups.managedby -eq $disabledUsers.distinguishedname)
{
write-output
}
}
Thanks
There are a number of issues with your if block:
you are looping through $managedByGroups, but you are never using that variable (it should be $group.managedby)
you are trying to compare 1 element with a list of elements, in this case consider using -in operator instead of -eq.
you should treat the case when there is no value for managedby attribute, in case you do not get the desired results.
An alternative to your code may is below.
I'm first getting the list of managedby users, then i'm looping though each entry, and if it is not null, we try to do a get-aduser filtering by enabled status and the distinguishedname.
$DisabledManagedBy variable will contains ADUser objects which are disabled.
$grp = get-adgroup -filter 'groupCategory -eq "Distribution"' -Properties ManagedBy,DistinguishedName
$DisabledManagedBy = foreach ($item in $grp.ManagedBy) {
if ($item) {
Get-ADUser -Filter {Enabled -eq $false -and DistinguishedName -like $item} -Properties DistinguishedName
}
}
I worked this out eventually by doing the following:
$myDisabledUsers = #()
$date = get-date -format dd-MM-yyyy
$managedSydGroups = Get-ADGroup -Filter * -Properties * -Searchbase "OU=SydExchangeGroups,OU=SydGroups,OU=Sydney,DC=my,DC=biz,DC=org" | where {$_.managedby -ne $null} | select name, managedby
$disabledSydUser = Get-ADUser -Filter * -SearchBase "OU=SydDisabledUsers,OU=SydMisc,OU=Sydney,DC=my,DC=biz,DC=org" | where {$_.enabled -eq $false} | select -ExpandProperty distinguishedname
$disabledOwners = foreach($group in $managedSydGroups)
{
$managedByString = [string]$group.managedby
if($disabledSydUser -contains $managedByString)
{$myDisabledUsers += $group}
}
I am trying to get a subset of users. I want to capture a list of groups members but only those who have a canonical name that starts with "contoso.com" Here is the code snippet hopefully someone can help me.
Get-ADGroupMember -Identity $GroupName | where{$_.ObjectClass -eq "User"} | Get-ADUser -Properties CanonicalName | Select CanonicalName | where{$_.CanonicalName -Like "contonso.com"}
Get-ADGroupMember -Identity $group | where{$_.ObjectClass -eq "User"} | Get-ADUser -Properties CanonicalName | where{$_.CanonicalName -match "contoso.com"} | select Canonicalname,name
You need to add a wildcard so that the remaining characters in the CanonicalName will match something in the -like criteria:
...where{$_.CanonicalName -Like "contonso.com*"}
# add a wildcard here ^
I've been trying to get an extract of AD users and select mail, name, memberof. I then need to list only specific groups from the memberof output so I end up with a list for each user than contains their name, email address and specific groups that match a certain name and not all of the groups they are a member of.
Get-ADUser username -Properties memberof | Select-Object memberof
I can't seem to find a way of doing this as I end up with either noteproperty above or an empty pipeline. Is there a way to achieve what I am trying to do?
The memberOf attribute contains a list of distinguishedName (DN) values, each corresponding to a group.
Retrieve the groups you are interested in, before you run Get-ADUser, that way you can compare the Group DN to the entry in memberOf:
$GroupDNs = Get-ADGroup -Filter {Name -like "*finance*" -or Name -like "*creditcontrol*"} | Select-Object -ExpandProperty DistinguishedName
Now, you can use those DN's to filter the group memberships with a calculated property, like so:
$UserInfo = foreach($username in #("bob","alice","joe")){
$User = Get-ADUser -Identity $username -Properties mail,memberOf |Select Name,mail,memberof
$User | Select-Object Name,mail,#{Label="GroupDNs";Expr = {$_.memberof | Where-Object {$Groups -contains $_}}}
}
without doing a new Get-ADGroup query for each memberof entry.
If you want a string of group names, rather than a NoteProperty containing an array of strings, you could fill the Groups into a hashtable and use that to "look up" the memberof entries using the ContainsKey() method:
$Groups = #{}
Get-ADGroup -Filter {Name -like "*finance*" -or Name -like "*creditcontrol*"} | ForEach-Object {
$Groups[$_.DistinguishedName] = $_
}
$UserInfo = foreach($username in #("bob","alice","joe")){
$User = Get-ADUser -Identity $username -Properties mail,memberOf |Select Name,mail,memberof
$User | Select-Object Name,mail,#{Label="Groups";Expr = { ($_.memberof | Where-Object {$Groups.ContainsKey($_)} | ForEach-Object { $Groups[$_].Name}) -join ";" }}
}
$UserInfo | Export-Csv C:\aduserinfo.csv -NoTypeInformation