I'm making a script which searches all Computer with specific Operating systems, run them through a Whitelist and, if there are Computer that are not on the Whitelist, I write an errorlog. The log looks like this right now:
#{Name=Computername1; Operatingsystem=Windows 10 Enterprise; DistinguishedName=CN=la,OU=computers,OU=lu,OU=Hosting,DC=a,DC=b,DC=ch; OperatingSystemVersion=10.0 (10586)}
But it should look like this:
Name=Computername1
Operatingsystem=Windows 10 Enterprise
DistinguishedName=CN=la,OU=computers,OU=lu,OU=Hosting,DC=a,DC=b,DC=ch
OperatingSystemVersion=10.0 (10586)
I want to delete the #{} and the 4 informations should be separated by line breaks.
My code:
$username = $env:UserName
$getad = Get-ADComputer -Filter {(operatingsystem -like "*Windows 10*" -and OperatingSystemVersion -notlike "*16299*" -and OperatingSystemVersion -notlike "*14393*" -and OperatingSystemVersion -notlike "*14279*" -and OperatingSystemVersion -notlike "*15063*" -and OperatingSystemVersion -notlike "*10159*" -and OperatingSystemVersion -notlike "*16193*" -and OperatingSystemVersion -notlike "*17025*" -and OperatingSystemVersion -notlike "*10074*" -and OperatingSystem -notlike "*LTSB") -or (operatingsystem -like "*Windows Vista*") -or (operatingsystem -like "*Windows XP*") -or (operatingsystem -like "*95*") -or (operatingsystem -like "*94*") -or ( operatingsystem -like "*Windows 8*" -and OperatingSystemVersion -notlike "*9600*" -and OperatingSystem -notlike "*LTSB") -or (operatingsystem -like "*2000 Professional*") -or (operatingsystem -like "*2000 Server*") -or (operatingsystem -like "*2003*") -or (operatingsystem -like "*Windows NT*") -or (operatingsystem -like "*Windows 7*" -and OperatingSystemVersion -notlike "*7601*" -and OperatingSystem -notlike "*LTSB")} -Properties ('Name', 'operatingsystem', 'DistinguishedName', 'OperatingsystemVersion') | ? {$_.distinguishedname -notlike "*OU=Oldwin10-Test,OU=a,OU=b,OU=c,OU=d,DC=e,DC=f,DC=ch"}
$whitelisted = Get-Content "C:\Users\$username\Desktop\whitelistedpcs.txt"
$getad | Select-Object Name, Operatingsystem, DistinguishedName,
OperatingSystemVersion | ForEach-Object {
if ($whitelisted -match $_.DistinguishedName) {
}
else{
Write-EventLog -LogName Application -Source "OldWinalert" -EntryType Error -EventId 1 -Message "$_"
}
}
You need to convert the output to string before sending it to the -Message parameter using Out-String will do:
for your case I would try this:
[...] -EntryType Error -EventId 1 -Message ($_ | Format-List | Out-String)
Another option:
else{
$Message = #"
Name: $($_.name)
Operating System: $($_.Operatingsystem)
Distinguished Name: $($_.DistinguishedName)
Operating System Version: $($_.OperatingSystemVersion)
"#
Write-EventLog -LogName Application -Source "OldWinalert" -EntryType Error -EventId 1 -Message $Message
}
and if you want extra line space add `n (for new line) on each line end after the brackets
Related
I have the below code that gives me all users with enabled accounts, and description not like "Shared Account", "Service Account" or "Resource Account".
Get-ADUser -Filter {(SamAccountName -notlike "nam-svc*") -and (SamAccountName -notlike "nam_svc*") -and (enabled -eq $true) -and (description -notlike "Shared Account*") -and (Description -notlike "service account*") -and (description -notlike "Resource Account*") } -Properties memberof
How can I simplify my code so that it is not as cluttered?
The -and operator gives you free continuation across line breaks, so you could indent it like so:
Get-ADUser -Filter {
(enabled -eq $true) -and
(SamAccountName -notlike "nam-svc*") -and
(SamAccountName -notlike "nam_svc*") -and
(description -notlike "Shared Account*") -and
(Description -notlike "service account*") -and
(description -notlike "Resource Account*") } -Properties memberof
If you have many additional parameter arguments you want to pass to Get-ADUser, I suggest combining with splatting:
$ADUserParams = #{
Filter = {
(enabled -eq $true) -and
(SamAccountName -notlike "nam-svc*") -and
(SamAccountName -notlike "nam_svc*") -and
(description -notlike "Shared Account*") -and
(Description -notlike "service account*") -and
(description -notlike "Resource Account*")
}
Properties = 'memberof'
SearchBase = "OU=target,DC=domain,DC=tld"
SearchScope = 'subtree'
Server = 'some-specific-DC.domain.tld'
}
Get-ADUser #ADUserParams
I want to be able to build a Get-ADComputer command after building it from strings like so:
$FilterOperatingSystems = "*Windows 7*" -or OperatingSystem -like "*Windows 8*" -or OperatingSystem -like "*Windows 10*"
($FilterOperatingSystems is a parameter to the script, so it'll be future proofed when executed by a Task Scheduler)
$command='Get-ADComputer -properties OperatingSystem -Filter {(OperatingSystem -like '+$FilterOperatingSystems+' )} |'
$command+= 'Where-Object {$_.name -like "*-*"} | '
$command+= 'Where-Object {$_.name -NotLike "V7-*"} | '
$command+= 'Where-Object {$_.name -NotLike "*-NONE"} | '
$command+= 'Where-Object {$_.name -NotLike "*-ONCALL"} | '
$command+= 'Where-Object {$_.name -NotLike "*-BLACKBAUD"} | '
$command+= 'Where-Object {$|_.name -NotLike "SC-WIN7-1"} | '
$command+= 'Where-Object {$_.name -NotLike "UT-SWCLIENT-01"} | '
$command+= 'Select-Object -Expand Name'
Write-Host $command
$computer =iex $command
the $command comes out like this:
Get-ADComputer -properties OperatingSystem -Filter {(OperatingSystem -like "*Windows 7*" -or OperatingSystem -like "*Windows 8*" -or OperatingSystem
-like "*Windows 10*" )} |Where-Object {$_.name -like "*-*"} | Where-Object {$_.name -NotLike "V7-*"} | Where-Object {$_.name -NotLike "*-NONE"} | W
here-Object {$_.name -NotLike "*-ONCALL"} | Where-Object {$_.name -NotLike "*-BLACKBAUD"} | Where-Object {$|_.name -NotLike "SC-WIN7-1"} | Where-Obje
ct {$_.name -NotLike "UT-SWCLIENT-01"} | Select-Object -Expand Name
but I get an error:
$ : The term '$' is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or
if a path was included, verify that the path is correct and try again.
So, is it possible to do something like that? And if so, what's the right approach?
I think you just have a typo:
$|_.name -NotLike "SC-WIN7-1"
Should that not be $_.name?
I have to create a script to get all EoL Windows computers in our AD.
This is my Code right now:
$getad = Get-ADComputer -Filter {
OperatingSystem -like "Windows 10*"
-or
OperatingSystem -like "*Windows Vista*"
-or
OperatingSystem -like "*Windows XP*"
-or
OperatingSystem -like "*95*"
-or
OperatingSystem -like "*94*"
-or
OperatingSystem -like "*Windows 8*"
-or
OperatingSystem -like "*Windows 8.1*"
-or
OperatingSystem -like "*2000 Professional*"
-or
OperatingSystem -like "*2000 Server*"
-or
OperatingSystem -like "*2003*"
-or
OperatingSystem -like "*Windows NT*"
-or
OperatingSystem -like "*Windows 7*"
-and
#Windows8
OperatingSystemVersion -notlike "*6.3.9600*"
-and
#Windows7 SP1
OperatingSystemVersion -notlike "*6.1.7601*"
-and
#Windows10
OperatingSystemVersion -notlike "*16299*"
-and
#Windows10
OperatingSystemVersion -notlike "*14393*"
-and
#Windows10
OperatingSystemVersion -notlike "*15063*"
} -Properties ('Name', 'operatingsystem', 'DistinguishedName',
'description', 'lastlogondate', 'OperatingsystemVersion')
$selectobj = $getad | Select-Object Name, Operatingsystem,
DistinguishedName, Description, Lastlogondate, OperatingSystemVersion
$selectobj
The problem: The part with -notlike is not applied. I get computers with the versions I do not want to see.
I need all EoL Computers in one variable so i can work with them.
The problem is one of logic with your combination of or and and, but don't use -like and -notlike they don't work the way you think. Use the regular expression switches -imatch and -inotmatch like this:
OperatingSystem -imatch "Windows 10|Windows Vista|Windows XP|95|94|Windows 8|2000|2003|Windows NT|Windows 7"
-and OperatingSystemVersion -inotmatch "6.3.9600|6.1.7601|16299|14393"
I added ( and ) and now it works.
$getad = Get-ADComputer -Filter {(operatingsystem -like "*Windows 10*" -and OperatingSystemVersion -notlike "*16299*" -and OperatingSystemVersion -notlike "*14393*" -and OperatingSystemVersion -notlike "*15063*") -or (operatingsystem -like "*Windows Vista*") -or (operatingsystem -like "*Windows XP*") -or (operatingsystem -like "*95*") -or (operatingsystem -like "*94*") -or ( operatingsystem -like "*Windows 8*" -and OperatingSystemVersion -notlike "*9600*") -or (operatingsystem -like "*2000 Professional*") -or (operatingsystem -like "*2000 Server*") -or (operatingsystem -like "*2003*") -or (operatingsystem -like "*Windows NT*") -or ( operatingsystem -like "*Windows 7*" -and OperatingSystemVersion -notlike "*7601*")} -Properties ('Name', 'operatingsystem', 'DistinguishedName', 'description', 'lastlogondate', 'OperatingsystemVersion', 'Created', 'Enabled', 'SamAccountName')
$selectobj = $getad | Select-Object Name, Operatingsystem, DistinguishedName, Description, Lastlogondate, OperatingSystemVersion, Created, Enabled, SamAccountName
It works but it isn't nice at all because of its lenght.
Is there any other shorter way?
Could some one tell me the issues with the query.
I want to pull back all the users that are not in a number of specific OU, I thought the following query would work, but as you can see it pulls back a user with "ou=staff" in the DN (extracted from all of the output).
I am trying to say if non of the following appear in the DN attribute.
$NotinDirectory = Get-ADObject -LDAPFilter "objectClass=person" -SearchBase "OU=Accounts,DC=Company,DC=ac,DC=uk" -Properties ou |? {($_.DistinguishedName -notlike "*Agency*" -and "*Contractors*" -and "*Fellows*" -and "*Visitors*" -and "*ou=Staff*" -and "*Contacts*")}
CN=jo blogs,OU=Staff,OU=Accounts,DC=compnay,DC=ac,DC=uk
UPDATE
so I tried this based on comments bellow
$NotinDirectory = Get-ADObject -LDAPFilter "objectClass=person" -SearchBase "OU=Accounts,OU=iah,DC=iah,DC=ac,DC=uk" | ? {($_DistinguishedName -notlike "*Agency*" -and $_DistinguishedName -notlike "*Contractors*" -and $_DistinguishedName -notlike "*Fellows*" ) -and ($_DistinguishedName -notlike"*Visitors*") -and ($_DistinguishedName -notlike"*OU=Staff*" -and $_DistinguishedName -notlike"*Contacts*")}
foreach ($test in $NotinDirectory){ Write-Host $test.DistinguishedName}
but i still get
CN=xxx xxxxx,OU=Staff,OU=Accounts,DC=company,DC=ac,DC=uk
In your Where-Object filter:
($_.DistinguishedName -notlike "*Agency*" -and "*Contractors*" -and "*Fellows*" -and "*Visitors*" -and "*ou=Staff*" -and "*Contacts*")
you only compare $_.DistinguishedName to a string once, the first time (-notlike "*Agency*").
It will be parsed as follows:
(($_.DistinguishedName -notlike "*Agency*") -and ("*Contractors*") -and ("*Fellows*") -and ("*Visitors*") -and ("*ou=Staff*") -and ("*Contacts*"))
(($_.DistinguishedName -notlike "*Agency*") -and $true -and $true -and $true -and $true -and $true)
($_.DistinguishedName -notlike "*Agency*")
You'll have to do:
Get-ADObject | Where-Object {($_.DistinguishedName -notlike "*Agency*" -and
$_.DistinguishedName -notlike "*Contractors*" -and
$_.DistinguishedName -notlike "*Fellows*" -and
$_.DistinguishedName -notlike "*Visitors*" -and
$_.DistinguishedName -notlike "*ou=Staff*" -and
$_.DistinguishedName -notlike "*Contacts*")}
in order to test for all 6 strings.
If you have a variable number of strings you want to exclude, you can use ForEach-Object inside Where-Object:
$Excludes = "*Agency*","*Contractors*","*Fellows*","*Visitors*","*ou=Staff*","*Contacts*"
Get-ADObject |Where-Object {
$ADObj = $_
#($Excludes |ForEach-Object {
$ADObj.DistinguishedName -notlike $_
}) -notcontains $false
}
I want to get all computers in my domain that are enabled, and have 2003 operating system, and the name of the computers do Not contain ' ping , pict , pire '
Here is what I have, but totally failing:
Get-ADComputer -filter {(Enabled -eq $True) -and (OperatingSystem -like "*2003*")} -properties OperatingSystem | where {($_.Name -notlike 'PING*') -or ($_.Name -notlike 'PICT*') -or ($_.Name -notlike 'PIRE*')} | Select Name
You can use the -notlike operator inside the filter, so there is no need for the where statement. See the Get-ADComputer reference on technet.
As well as changing your -or operators to -and as I mentioned, I put all conditions into the filter ending up with this:
Get-ADComputer -filter {
Enabled -eq $True -and
OperatingSystem -like '*2003*' -and
Name -notlike 'PING*' -and
Name -notlike 'PICT*' -and
Name -notlike 'PIRE*'
} | Select Name