Would anybody have an insight on how to disable a user's ESET Secure Authentication setting with a Powershell script?
I have a script that disables a users Active Directory account, resets the password, and moves it to a new OU but now I'm stumped on how to disable the properties related to their ESET information. From the ADUC GUI you can uncheck the box for their hardware token and REVOKE the key, so I would imagine there's a way to do it with a script that I can include in my current script.
# Imports module for running commandlets against Active Directory, and inputs user name
# into variable.
# Enter-PSSession DomainController // Need to run this commandlet from your local
# machine first.
Echo "You are about to disable a user account. Verify your information!"
Read-Host "Press ENTER to continue."
Import-module ActiveDirectory
$User1 = Read-Host -Prompt 'Enter the username of the employee you wish to change'
# Disables named users ActiveDirectory Account.
# "Locked Account" does not show but need to right click to enable
Disable-ADAccount -Identity $User1
# Adds AD group "Disabled Users" to named user group membership
Add-ADGroupMember -Identity 'Disabled Users' -Member $User1
# Set named users primary group to "Disabled Users"
Set-ADUser -Identity $User1 -Replace #{PrimaryGroupID="0000"}
# Removes groups assigned to named users membership
Get-ADUser -Identity $User1 -Properties MemberOf | ForEach-Object {
$_.MemberOf | Remove-ADGroupMember -Members $_.DistinguishedName -Confirm:$false
}
# Changes named users password based on Administrators input
$newpwd = Read-Host "Enter the new password" -AsSecureString -WhatIf
Set-ADAccountPassword $User1 -NewPassword $newpwd –Reset -WhatIf
# Moves named user from current OU to "Employee DISABLED\DISABLED" container
get-aduser $User1 | move-adobject -targetpath
"ou=DISABLED,ou=Employee DISABLED,dc=DOMAINNAME,dc=com"
# Much respect due to the onesixooh!
Read-Host "Press ENTER to finish"
Write-Host " **********************************************************
>>> Get the money. Dolla dolla bill y'all. <<<
**********************************************************"
Any advice is greatly appreciated.
Try using the Windows Server ADAC (AD Admin Center) to write this code for you, to see if that gets you closer to your end goal.
Open ADAC
Use the GUI to do the steps you need
Open the PowerShell History Viewer
Copy and paste into your favorite PoSH Editor (ISE, VSCode, etc...) and tweak
as needed.
Related
I am hoping to get some help with a script to copy Exchange group permissions from one user to another. I currently have a script that works to copy mailbox permissions from one user to another but would like to expand it so that it can do Distribution Groups as well.
Connect-ExchangeOnline
$FUser = Read-Host "Enter the email address of the user you want to copy mailbox permissions from"
$TUser = Read-Host "Enter the email address of the user you want to set mailbox permissions for"
$GPerm = Get-Mailbox | Get-MailboxPermission -User $FUser
$GPerm | ForEach-Object { $_
Add-MailboxPermission -Identity $_.Identity -AccessRights FullAccess -InheritanceType All -User $TUser
Add-RecipientPermission -Identity $_.Identity -AccessRights SendAs -Confirm:$false -Trustee $TUser
}
While looking online I found a similar question online asked by someone else but their question was about coping the DL members from one to another DL.
Get-DistributionGroupMember -Identity "A" | % {add-distributiongroupmember -Identity "B" -Member $_.Name}
Additonally I was able to find a script working to remove the permissions for DLs. But didn't work if I changed the parts from remove to add. But the script isn't for what I am looking for as removing permissions and copying are two different things.
Thanks,
daaqis
I'm Trying to find a way to copy a users mailbox permissions to another user, I can output the data I need in PS just can't find a way to then apply those permissions to the new user.
I'm not amazing with PS so please bare with me :)
Get-Mailbox -RecipientTypeDetails UserMailBox,SharedMailbox | Get-MailboxPermission -User
which then outputs the users permissions but I would like to be able to then add those permissions to my new user in the same script.
hope this helps:
$FromUser = Read-Host "Enter the email address of the user you want to copy mailbox permissions from"
$ToUser = Read-Host "Enter the email address of the user you want to set mailbox permissions for"
$Perm = Get-Mailbox | Get-MailboxPermission -User $FromUser
$Perm | ForEach-Object { $_
Add-MailboxPermission -Identity $_.Identity -AccessRights FullAccess -InheritanceType All -AutoMapping:$true -User $ToUser
Add-RecipientPermission -Identity $_.Identity -AccessRights SendAs -Confirm:$false -Trustee $oTUser
}
This will automatically find the permissions from User1 to User2. You can change the Parameters to whatever you want to put based on Microsofts allowed commands.
https://learn.microsoft.com/en-us/powershell/module/exchange/add-mailboxpermission?view=exchange-ps
https://learn.microsoft.com/en-us/powershell/module/exchange/add-recipientpermission?view=exchange-ps
I am trying to create a script that will allow me to enter a user name and will then present me with all the groups that the user is a member of in AD. I have the following code which works when i run it in Powershell ISE but when i just run the script in Powershell it allows me to enter the username but closes as it has queried AD. It does not print the results out on the screen.
$username = Read-Host 'Please enter Username!'
get-aduser $username -Properties memberof | select -expand memberof
If you are pasting the code into an already open PowerShell terminal then yes, that is definitely weird.
If you are right clicking and "Running with PowerShell" then this is the expected behaviour because the script has finished. You'll need to tell the script to stay open after it has retrieved the information. The easiest way to do this is by telling the script to wait for your input using Read-Host
$username = Read-Host 'Please enter Username!'
get-aduser $username -Properties memberof | select -expand memberof
Read-Host 'Done!'
UPDATE
Using an if statement wouldn't be feasible since it only catches terminating errors and Get-ADUser doesn't return terminating errors you would need to use a try/catch block. I over engineered this solution use to show you how it could be done using different PowerShell features :)
#Function to search for the user
function searchUser{
Param([string]$userName)
try{
Get-ADUser -Identity $userName -Properties MemberOf | Select-Object -ExpandProperty MemberOf
}catch{
return $false
}
}
#Ask the user for input until a valid username is entered
do {
$userInput = Read-Host "Enter a username: "
}until ($Output = searchUser -userName $userInput)
#Output the value from the searchUser function
Write-Host $Output
I need to find a way to pull information from AD via PowerShell to tell which version of Outlook they are using. The code I currently have is very small however I made a prompt for them to enter the ADID name and then want to run the code
Get-ADUser USERNAME -Properties msExchRecipientTypeDetails
The main problem I have is I'm not sure how to take the input from the username prompt and replace it into the Get-ADUser command.
# 0365
Read-Host -Prompt 'What is the username?'
Get-ADUuser -Id USERNAME -Properties msExchRecipientTypeDetails
Collect the input in a variable and use that variable with Get-ADUser:
$username = Read-Host -Prompt 'What is the username'
Get-ADUuser -Identity $username -Properties msExchRecipientTypeDetails
I have been tasked with creating a PowerShell script that copies Active Directory Group Memberships from a specified Source User (as a template) to a specified Target User. These users can be in one of two domains: Domain_A and Domain_B. The groups are all located in Domain_B.
The issue that I'm running into is that when I specify that both of the users are in Domain_A, it attempts to look for the groups in Domain_A, when in reality the groups are all in Domain_B (this throws an error saying that it can't find the groups). There is a 2 way trust between the domains as they are all located in the same forest.
How can I make it so that it will still specify the domains that the users are located in, but it will also specify the domain that the groups are located in? Here is a copy of my source code for reference (edited to remove the server names):
$Source_Server = Read-Host "Please enter the Source Server: "
$Source_UPN = Read-Host "Please enter the Source UPN: "
$Target_Server = Read-Host "Please enter the Target Server: "
$Target_UPN = Read-Host "Please enter the Target UPN: "
Try {
Get-ADUser -Identity $Source_UPN -Properties memberof -Server$Source_Server |
Select-Object -ExpandProperty memberof |
# Find Properties of the memberships of the Source User
Add-ADGroupMember -Members $Target_UPN -Server $Target_Server |
Select-Object -ExpandProperty SamAccountName
# Copy the group memberships of the Source User to the Target User.
}
Catch {
$Error_Message = $_.Exception.Message
Write-Host $Error_Message
Write-Host -NoNewLine "Press any key to exit..."
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
# Exits the program
}
If (!$Error) {
"Group Copy Successful."
$Error_Message = "No errors occured."
# Shows that it ran error-free
Write-Host -NoNewLine "Press any key to exit..."
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
# Exits the program
}
If you're trying to add the user in Domain B to the group in Domain A, you need to fix the Server parameter here to go to the Source Server:
Add-ADGroupMember -Members $Target_UPN -Server $Target_Server