Is it possible, to get a multiple string-values from an AD User property?
I have an property that contains various departments and want to get all departments, in list format.
Can I loop through this Array?
$bvsDepartments = Get-ADUser USER -Properties bvsDepartments | select bvsdepartments
output:
bvsdepartments
--------------
{Value1, Value2, Value3,...}
If you update your select with ExpandProperty this will give you an array of just the values rather than the property as an object.
$bvsDepartments = Get-ADUser USER -Properties bvsDepartments |
select -ExpandProperty bvsdepartments
Related
I'm accessing my cloud Office 365 Exchange Server via Powershell. Showing all properties of an account can be done via Get-Mailbox 'username' | Select * (MS reference).
On most systems those properties are already sorted (e.g. Get-ADUser 'username' -Properties *). Is it possible to sort the Get-Mailbox output? I thought Get-Mailbox 'username' | Select * | Sort-Object would do the trick but it didn't make any difference (I guess a property doesn't constitute an object). What's the right command to sort the properties for a single user?
Note: Sorting properties of multiple accounts works fine e.g. Get-Mailbox -filter * | select Name, DisplayName | Sort-Object Displayname
Update:
I managed to get a sorted properties list using
(Get-Mailbox 'mailboxname' | select *).PSObject.properties | ForEach-Object {$_.Name} | Sort-Object Name
it gets me the following output:
AcceptMessagesOnlyFrom
AccountDisabled
AddressBookPolicy
ArchiveWarningQuota
...
$_.Name gives me the values but so far I couldn't combine both into one list, I'm trying to get s.th. like this:
AcceptMessagesOnlyFrom = {}
AccountDisabled = False
AddressBookPolicy =
ArchiveWarningQuota = 45 GB (48,318,382,080 bytes)
...
I'm not completely sure this is what you are after, let me know if I'm wrong. As in my comment, Sort-Object can handle sorting a list or an object[] by one or more of it's properties; but sorting one single object by it's properties, say alphabetically, would require a combination of accessing the object's properties with .PSObject.Properties.Name and then sorting this list with Sort-Object. And after that we can use Select-Object with this sorted list to display the object as we want.
Using the object below as an example as I have no idea how of the type Microsoft.Exchange.Data.Directory.Management.Mailbox looks.
$mailbox = [pscustomobject]#{
DisplayName = 'someuser'
UserPrincipalName = 'someuser#somedomain.com'
Mail = 'someuser#somedomain.com'
IsLicensed = $true
}
$properties = $mailbox.PSObject.Properties.Name | Sort-Object
$mailbox | Select-Object $properties
As you can see, object's properties are now sorted alphabetically:
DisplayName IsLicensed Mail UserPrincipalName
----------- ---------- ---- -----------------
someuser True someuser#somedomain.com someuser#somedomain.com
By looking at your edit, seems like you are looking for a one-liner, so this is how it could look:
Get-Mailbox 'mailboxname' | ForEach-Object {
$_ | Select-Object ($_.PSObject.Properties.Name | Sort-Object)
}
I was trying to get all properties containing the string "home" from an AD User (HomeDirectory, HomeDrive etc.). I can make that work by doing the following based off of this post:
Get-ADUser -Identity MyUser -Properties * | Select-Object -Property "*home*"
However, this will bog down the system if I'm doing it in a for-loop since it will fetch all properties first, and then after that filter out the ones that match the string "home" anywhere in the property name.
Is there a way to do this filtering already in the Get-ADUser call to reduce the amount of information being sent? I guess the more generic question would be: is there a way in Powershell to fetch only properties of an object that matches a specific string pattern?
You can create this pattern yourself by calling get-aduser -id myuser -properties * | % { $_.propertynames -match "home" } - doing this ONCE you can store the outcome into an array then supply this to further get-aduser calls.
$proplist=get-aduser -id myuser -properties * | % { $_.propertynames -match "home" }
get-aduser -properties $proplist
Another approach could be to first get an array of all LDAP attribute names from the AD Schema:
function Get-ADUserAttributeNames {
# First, get all AD user attributes defined in the Active Directory schema
$searchBase = (Get-ADRootDSE).SchemaNamingContext
$schemaAttribs = (Get-ADObject -SearchBase $searchBase -Filter "name -like 'user'" -Properties MayContain,SystemMayContain |
Select-Object #{Name = 'Attribs'; Expression = {$_.maycontain + $_.systemmaycontain}}).Attribs
# Next, get all created user attributes. These are not defined in the schema, but calculated when asked for
$flagsAttribs = (Get-ADObject -SearchBase $searchBase -LDAPFilter '(systemFlags:1.2.840.113556.1.4.803:=4)' -Properties systemFlags).Name
return ($schemaAttribs + $flagsAttribs) | Sort-Object
}
$userAttribs = Get-ADUserAttributeNames
In subsequent calls, use the returned $userAttribs array like this:
$homeAttribs = $userAttribs | Where-Object { $_ -like '*home*' }
Get-ADUser -Filter * -Properties $homeAttribs
Some explanation
This approach retrieves the list of LDAP user attribute names from the AD Schema itself, so there is no need to probe a known user. The returned attribs apply to any user object in your AD environment.
With Vesper's good answer you do need a user that you know exists, but that's no problem of course since you can simply use your own SamAccountName.
The reason I've emphasized LDAP is that Ldap attribute names are not always as self-descriptive as you would like, sometimes just one character and on other occasions ridiculously long..
That is why PowerShell maps most common atribute names to more friendly (and also case-insensitive) names.
Some examples:
LDAP PowerShell
---- ----------
l City
o Organization
cn Name
physicalDeliveryOfficeName Office
facsimileTelephoneNumber Fax
wWWHomePage HomePage
nTSecurityDescriptor CannotChangePassword
PowerShell in some cases also changes the format of an attribute to an easier to use format like with Enabled which returns a Boolean value from computing the LDAP userAccountControl (bit mask not 2) or PasswordLastSet which returns a DateTime object from ldap's pwdLastSet attribute.
The AD Schema can be extended with more attributes. Sometimes software does that (like Exchange that extends the schema with lots of msExch* atributes) but you (as administrator) can add new properties too.
The list you get with above function is therefore quite, but not completely static and can change over time.
I'm trying to figure out how to return only the first, or second value in a multivalued field in PowerShell.
For example:
get-aduser -filter * -properties * | select proxyaddresses
This will return all the proxyaddreses for all users - but I just want the first or second value in the field. How can I do that?
Updated to include Ryan's comment below.
You can use the first option of the Select-Object module (select is an alias).
# This will get the first 2 elements from whatever you pipe into the module
$x | Select-Object -first 2
For you query, you can just add the option to your existing select clause
get-aduser -filter * -properties * | select proxyaddresses -first 2
Other options include getting the last x elements, skipping the first x elements, etc.
https://technet.microsoft.com/en-us/library/hh849895.aspx
We have following naming convention for shared resources:
sg_ShareName1_RO
sg_ShareName1_RW
sg_ShareName2_RO
sg_ShareName2_RW
I would like to get report in following format in Excel/csv:
ShareName1 ShareName2 ...
User1 RW NA
User2 NA RO
I'm fighting how to output Shared names to row in csv file instead of column.
Here is come code I've already done:
$users = GetADUser - filter {name like '*'} | sort name | select name
$sharegroups = Get-AdGroup -filter {name like 'sg_*'} | sort name
$shares = Get-AdGroup -filter {name like 'sg_*'} | sort name | foreach {$_} | select #{N='Share Name'; E={$_.Name.Replace('sg_', '').Replace('_', '').Replace('RO','').Replace('RW','')}} -Unique
Tnen to avoid trips to AD each time to check group membership first i would like to store members of each group in array
$sharegroupmembers = #{}
foreach ($group in $sharegroups)
{
$sharegroupmembers[$group.name] = Get-ADGroupMember $group.name -Recursive | select name
}
After that I'm stuck on howe to make correct projection of shares to columns, users to rows and RW/RO/NA to values based on group membership
Your number of columns is going to be the maximum number of group memeberships any user has. Those are in the values of $sharegroupmembers, so:
$shargroupmembers.values |
sort count |
select -last 1
That's how many rows you'll have, and how many share membership properties you'll need to create on your objects you're going to export.
I'm getting AD members for a group and list certain properties from that group. I can't seem to get the group name using the following code:
Import-Module ActiveDirectory
$strIdentity = "TestGroup"
$GroupMembers = Get-ADGroupMember -Identity $strIdentity -Recursive
$GroupMembers | select $strIdentity, Name, ObjectClass | sort name | Format-Table
When I get the output, I get a {} instead of TestGroup.
Select-Object is for selecting properties of an object so selecting $strIdentity doesn't make any sense here. Omit that part from your Select statement.
But what I think you are trying to do is add a property to reflect the parent group name.
$groupmembers | select #{Name="Group";Expression={$strIdentity}}, Name, ObjectClass
Remember it is all about the objects not text.
Enclose $strIdentity in double quotes:
$GroupMembers | select "$strIdentity",Name, ObjectClass ...
If the above doesn't work, try using a calculated property:
$GroupMembers | select #{Name='GroupName';Expression={$strIdentity}},Name, ObjectClass ...