I have been tasked with creating a number of active directory groups using PowerShell. The problem is all the group names contain double colons "::" (the naming standard was created long before I joined!).
When running the following command:
NEW-ADGroup –name "XX123::Test_Group_Creation" –groupscope Global –path "OU=TestOU,DC=TestDomain,DC=local"
The following error is received:
NEW-ADGroup : The name provided is not a properly formed account name
At line:1 char:1
+ NEW-ADGroup –name "XX123::Test_Group_Creation" –groupscope Global –path "OU=Test ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (CN=XX123::Test_...Domain,DC=local:String) [New-ADGroup], ADException
+ FullyQualifiedErrorId : The server is unwilling to process the request,Microsoft.ActiveDirectory.Management.Commands.NewADGroup
If you create the group manually (in the gui) you get the following warning but you are still able to create it:
How can I get around this issue. F.Y.I. I have tried to escape the colons with a back tick and also a forward slash, none of which have worked
The : character is not valid for the sAMAccountName attribute, so you need to replace : with another character (the GUI uses _) when creating the group. You can use the -replace operator to do this pretty easily in PowerShell.
Related
In Powershell, when I try to delete a file with a hyphen in the nam like this:
remove-item 'C:\S3\op_netadmin-47.bak'
I get this error:
remove-item : Cannot remove item C:\S3\op_netadmin-47.bak: Access to the path 'C:\S3\op_netadmin-47.bak' is denied.
At line:1 char:1
+ remove-item 'C:\S3\op_netadmin-47.bak'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\S3\op_netadmin-47.bak:FileInfo) [Remove-Item], UnauthorizedAccessException
+ FullyQualifiedErrorId : RemoveFileSystemItemUnAuthorizedAccess,Microsoft.PowerShell.Commands.RemoveItemCommand
But if I rename the file to op_netadmin_47.bak, it works fine.
I've tried with and without double quotes as well as single quotes
I tried your file name with - and _, both work ok. I also tried to use " around file name which also works.
As #mklement0 mentioned in comments read-only files require -Force parameter
Make sure user running script has read/write access to given folder
I'm given the task to migrate all the printers installed on workstations via GPO to another server.
As for now all printers are installed in a local decentralized Distribution Point, we want to move on a centralized Distribution Point/Print Server.
On mine DC, via Group Policy Management Editor, I've a lot of printers in
Computer Configuration\Preferences\Control Panel Settings\Printers
All printers are mapped from \DP00x\Printer and given a local name.
What i want to change is the \DP00x to \CentralDP01\Printer in the GPO.
I've managed via powershell to create all printer ports, install all printers and publish/list in the directory all of them.
Given that they are more than 100, I wish to automate the process to edit the GPO editing, so that i don't need to open each policy and each printer to modify the destination.
I've tried the cmdlet Get-GPRegistryValue because I know (at least) that printers are installed on HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers
but i get this error every time:
Get-GPRegistryValue : The following Group Policy registry setting was not found: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers".
Parameter name: keyPath
At line:1 char:1
+ Get-GPRegistryValue -Guid 6b464ed9-66c8-47fa-8327-1fe9b074a0d7 -Key H...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (Microsoft.Group...tryValueCommand:GetGPRegistryValueCommand) [Get-GPRegistryValue], ArgumentException
+ FullyQualifiedErrorId : UnableToRetrievePolicyRegistryItem,Microsoft.GroupPolicy.Commands.GetGPRegistryValueCommand
I tried as well Get-GPPrefRegistryValue
Get-GPPrefRegistryValue -Context Computer -Guid 6b464ed9-66c8-47fa-8327-1fe9b074a0d7 -Key HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers
But error looks the same:
Get-GPPrefRegistryValue : The Preference registry setting "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers" was not found in the
"x-x-x-x-x-x" GPO in the x-x-x-x-x-x-x.com domain.
Parameter name: keyPath
At line:1 char:1
+ Get-GPPrefRegistryValue -Context Computer -Guid 6b464ed9-66c8-47fa-83 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (Microsoft.Group...tryValueCommand:GetGPPrefRegistryValueCommand) [Get-GPPrefRegistryValue], ArgumentException
+ FullyQualifiedErrorId : UnableToRetrievePreferenceRegistryItem,Microsoft.GroupPolicy.Commands.GetGPPrefRegistryValueCommand
I found a workaround. Backup the GPO, manually edit the XML with the new value and import back the GPO.
I don't fancy the idea of manually editing because it can lead to errors and with over 100+ GPOs I can have alot of errors.
Can anyone help me?
Maybe i'm using the wrong commands, but so far documentations state to use GPO Module.
Unfortunately the GroupPolicy commands are limited to registry key settings only, and printer-preferences fall outside that. You can safely edit the live GPO xml files themselves though (or use Backup-GPO/Restore-GPO).
If you're only replacing the server name, this should work fine. Try it on a test GPO, updating the path as needed:
$guid = (Get-GPO -Name 'Test GPO')
# Check the GPO version before changes:
Get-GPO -guid $guid
$domain = 'domain.com'
$path = "\\$domain\SYSVOL\$domain\Policies\{$guid}\User\Preferences\Printers\Printers.xml"
# Update the path in the GPO xml:
(Get-Content $path -Raw) -replace 'DP00x','CentralDP01' | Set-Content $path
# Validate the GPO version/change date have updated - might take a while if xml is on a different DC:
Get-GPO -guid $guid
I wanted to use a variable for a lawyer's name so I could recycle the same Get-MailboxFolderPermission command, but the syntax doesn't seem to work.
The command by itself would be:
Get-MailboxFolderPermission jdoe:\calendar
But if I try to put "jdoe" in a variable ($lawyer = "jdoe")
and then try to invoke it in the command
Get-MailboxFolderPermission $lawyer:\calendar
it gives an error:
Variable reference is not valid. ':' was not followed by a valid variable name character. Consider using ${} to
delimit the name.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : InvalidVariableReferenceWithDrive
Get-MailboxFolderPermission "$($jdoe):\calendar" doesn't give an error, but it also doesn't produce an accurate output of his calendar permission.
I suspect it has to do with the ":" that is part of the command, but I can't find an article that addresses this particular issue.
Sorry, I just figured it out based on the error.
Get-CalendarPermission ${jdoe}:\calendar works properly.
I'm trying to format the output of this command to get only the dfsnamespace only like that :
\\F-TYPHON\DATA13\AI-Project
I can not use the Get-DfsnFolderTarget cmdlet because the RSAT-DFS-Mgmt-Con
is not installed on all servers and I cannot install it .
$DFSPath="\\F-TYPHON\shared\AI-Project"
PS C:\> dfsutil client property state $DFSPath
Active, Online \\F-TYPHON\DATA13\AI-Project
Done processing this command.
I've tried this .
PS C:\> $dfs=dfsutil client property state $DFSPath
PS C:\> $dfs.trimstart("Active, Online")
Method invocation failed because [System.Object[]] doesn't contain a method named 'trimstart'.
At line:1 char:15
+ $dfs.trimstart <<<< ("Active, Online")
+ CategoryInfo : InvalidOperation: (trimstart:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
any help will be apreciated I can list all volume data for the filer but there's many incoherence in the structure so I need only to list the shared folder under "shared" on a filer and then procces it with dfsutil to get the absolut path
Use a regular expression to match the text output of dfsutil:
$DFSPath="\\F-TYPHON\shared\AI-Project"
if ((dfsutil client property state $DFSPath) -match "(?<=\s{2,})\\\\.*"){
$DFSNameSpace = $Matches.Value
}
here (?<=\s{2,})\\\\.* matches two or more whitespace \s in a lookbehind
followed by two (escaped) backslashes and the remainder of the line.
thank you for your help
i've found a solution that i can use in a way it's not 100% powershell but i can use it to extract the output in a format that i can use it in a loop and than make automated robocopylines with powershell
here the code for the output that i found
$DFSPath="\F-TYPHON\shared\AI-Project"
$dfspath=(dfsutil client property state $DFSPath |findstr /i \F-TYPHON)|out-string
$dfs=$dfspath.Trimstart("Active, Online ")
write-host $dfs
the output is
\F-TYPHON\DATA13\AI-Project
it's certainly not the best but i can work with it
if you have any others suggestion you're welcome
Hi I've just resently started to use powershell on my server. Though when I run the script I get the error:
New-ADUser : Unable to find a default server with Active Directory Web Services running.
At C:\Users\Administrator\Desktop\Powerwhell Script, H1 case.ps1:6 char:1
+ New-ADUser -name $_."fornavn"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [New-ADUser], ADServerDownException
+ FullyQualifiedErrorId : ActiveDirectoryServer:1355,Microsoft.ActiveDirectory.Management.Commands.NewADUser
I have attached the script and my .csv file. Hope any of you can help me figuring it out.
(Don't worry about the information, it's for a school assignment)
Script
.csv file
It looks like your script can not find the domain control on your domain. Simply use the -Server parameter and give it the Full Qualified Domain Name or IP of the domain control.
New-ADUser -Server "ServerName.Domain.com"
If this doesn't work you might not have Active Directory Management Gateway Service installed on your domain control (Download Here). With Windows server 2012 R2 make sure you have the following feature installed.
The headers warning you are seeing is because Import-Csv is unable to get the headings from your CSV file for some reason, and replaces the header name with H1,H2 ... Hx. For example:
fornavn efternavn H1 beskrivelse, ...
------- --------- ----- -----------
Keld Bruun KB Adm.Ledergruppe, ...
You can get round this you can giving Import-Csv the names of your columns via the -Header parameter. Note that these do not have to be the same as the ones in the CSV, as the new column headers will overwrite the CSV.
Import-Csv "C:\H1, Powershell.csv" -Header 'fornavn','efternavn','forkortelse','beskrivelse','email','brugernavn','kode','kontor','fuldnavn'