I run a script to get permissions to a file share.
Recently i've had to add permissions from users in a separate domain.
Now when i run the script, the script returns the SID of the users, rather than their names. However if i go into the NTFS properties, the UI shows the names.
I assume since it takes awhile for NTFS to actually reference the SID to the name before it shows the name (as initially it too only shows SID) - that the script is just running and pulling the data without waiting for reference... but i don't see a 'busy' member for the get-item cmdlet...
And unfortunately since i don't have access to the other domain, i wouldn't be able to run another command to get the user names from the SID.
If push comes to shove i'll either have to get access to that domain, or run the script under an account that does - but i was just wondering if there was something i could do in my current position.
Any ideas?
((((Get-Item "D:\shares\sharelocation").GetAccessControl('access')).Access).identityreference).value
Related
I'm sure this is easy, but it's doing my head in.
I'm very new to Powershell.
Accessing the Teams powershell is no problem.
Connect-MicrosoftTeams
This brings up a dialog, and asks me to select an account, and all I need to do is to click on mine.
I get a display telling me my "account" - which is my email address.
From there I want to establish a number of things that apply to "me".
I have a piece of code that will allow me to get a list of those things either to the screen or to a .csv file by electing 1 or 2 at a prompt.
In order to this script to work it relies on lines like this
*
$AllTeams = Get-Team -User "my.emailaddress#somedomain"
Foreach ($Team in $AllTeams)
What I need is to be able to replace my.emailaddress, with the email address taken from the "account" mentioned above. (i.e My email address that the system has used to log me in)
That is, the teams powershell knows my email address, I can see it on the screen.
How can I capture this to a variable, and then feed that in later on?
This would enable other people to run the same script without having to amend it every time, and get the similar report, but based on themselves.
Is there something like
current account or"me" or currentuser smtp?
Get credential is no use because I am already past security with a single mouse click.
Similarly all the other commands and functions I've seen don't tell me anything about the current user.
Thanks
The easiest way is to save the Teams connection information from Connect-MicrosoftTeams into a variable. The email used to connect is stored in the Account.id field:
$TeamsInfo = Connect-MicrosoftTeams
$TeamsInfo.Account.id
I am looking for a script that will help me "lock" a computer with a specific username.
To give an example, John works in a company where every employee can use any computer to login, but John is tired to clean up the mess and leftovers from his colleagues at the office, so, he decided to run a powershell script in Gpedit.msc --> User Configuration --> Windows Settings --> Scripts (Logon/Logoff), or a generic script on the computer to, whenever the computer is rebooted, turned off or, logged off, only his username will ask for credentials. Basically, what I need is to "lock" that computer with a specific user ID, even if it's turned off, rebooted or logged off, only that user ID will show and prompt for password. The computer is always within the network, the user ID does not have administrator rights as the only thing is used on the computer is Internet Explorer to login to a webpage, but my point is the script that I need. A script that enables the "lock" with the specific user ID and a script that disables the "lock", as, I leave on long periods and the place at the computer is free for carnage. And no, I cannot just simply hit Win+Del keys because with a simple reboot, the computer will not remain with the user ID.
Also, I just need the computer to show up with the specific user and always ask for password. I do not need to automatically login.
I tried to search on the internet the specific script or some commands that I can play with, but I did not find something. Can someone help me shed some light on this please?
Thank you!
I'm not sure how an actual script would look, but I know you can lock certain users to only be able to log into certain computers (assuming its an AD domain). Does that help at all?
I'm trying to answer what I hope is a simple question. I have a device enrolled in AzureAD and autopiloted. Using the IntuneManagementExtenstion I'd like to acquire the FULL user name of the user currently logged in to use elsewhere in scripts. I cannot see a way of doing it.
All the example I can find return either the short name, or the AzureAD domain and the user name for example:
Tenant is mytestdomain.onmicrosoft.com
User is mytestuser#mytestdomain.com
most methods if you just google or search stackoverflow will return either:
AzureAD\mytestuser
or
mytestuser
I need one that returns the full mytestuser#mytestdomain.com. This is because the tenant has several vanity names so I need to determine which one is logged in (for example mytestuser#mytestdomain.com is a different user account to mytestuser#mytestdomain2.com or mytestuser#mytestdomain3.com). Therefore, I can't just append my tenant name on the end of the output other methods.
Any thoughts appreciated. Methods that require installation of msol/azuread modules don't seem to work as they require user login, which defeats the point, and as it's being run by the intune management extension, the user can't interact anyway.
Thanks
I'm a little busy to test this right now, but it should do the trick.
You can have Intune run a Powershell script. This command will return the full user account name in the format you've described.
whoami.exe /UPN
Since you've stated you want the user who is logged in already. When you are configuring the settings in Intune, make sure to select the option to "Run this script using the logged on credentials".
This line will return UPN from domain join info in registry.
Must be run with admin priveleges
[string]$($1='Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\JoinInfo\';if(Test-Path -Path $1){(Get-ItemProperty -Path ('{0}\{1}' -f ($1,(Get-ChildItem -Path $1).Name.Split('\')[-1])) -Name 'UserEmail' | Select-Object -ExpandProperty 'UserEmail')}else{''})
I have a requirement to test each Domain Controller in a very large AD schema to assure that user creates are successful. I am building a script to do this in PowerShell so I can repeat the test as necessary. The script will create a user in each AD, and then check the public properties of the user on each DC to assure the creation was successful.
The input to this script will be a text file of DC names.
The Active Directory Cmdlets has New-ADUser, which creates a new AD user. It does not, however, allow the developer to specify a specific Domain Controller.
Is there a way to create an AD user using a specific Domain Controller?
Almost all cmdlets in the ActiveDirectory module have the ability to target a specific DC.
For New-ADUser use the -Server parameter. See the MDSN documentation
i got tasked with decommissioning an old file server.
so now i would like to move user files from it to another server.
however i need to change the user's home drive without logging them off (desktops in locked state).
a few assumptions can be made for the of this question.
1)i know the user's computer name
2)the user does not have any files in a locked/open state
3)i have powershell v4
4)i have access over AD
5)i do not have the user's password
an idea i had was to try and make a credential object based on a user's AD entry and then use New-PSDrive to make a persistent remap of the drive. i don't need to see a user's clear-text password if i can make a credential object from an encrypted password.
might i be on the right track or did i derail somewhere?
It's usually much easier to make the new server answer to multiple netbios names so the old drive mappings still work with the new server.
http://windowsitpro.com/networking/how-can-i-define-multiple-netbios-names-machine