I'm trying to pull a list of users (first name and last), their email addresses, and which container they're in, but unfortunately it's not coming up with the data I need. I can get most of the information, just not the container name.
Get-ADUser -SearchBase 'DC=DOMAINNAME,DC=COM' -Filter {(mail -ne "null") -and (Enabled -eq "true")} -Properties emailAddress |
Select givenName,surName,OU,emailAddress |
Format-Table -AutoSize |
Out-File 'C:\Users\username\Desktop\Lists\Users_List.txt'
You're looking for the attribute DistinguishedName, but to just get the OU you would have to do some formatting. If you ran Get-ADUser | Get-Member you would see there is no property called OU.
Get-ADUser `
-SearchBase 'DC=DOMAINNAME,DC=COM' `
-Filter {(mail -ne "null") -and (Enabled -eq "true")} `
-Properties emailAddress `
| Select givenName,surName,#{Name='OU';Expression={$_.DistingishedName.Replace("CN=$($_.Name),","")}},emailAddress `
| Format-Table -AutoSize `
| Out-File 'C:\Users\username\Desktop\Lists\Users_List.txt'
Article on Understanding PowerShell Custom Properties with the Select-Object cmdlet
I would change your mail filters to $false, and $true. I don't have a computer with the AD module installed on it to test out my answer, otherwise I would have provided more.
Related
This is part of a much larger script 1443 lines to be exact. it pulls the username from AD based on first and last name. I need to also have it pull the Office name from AD to help better identify users with same name. I am sure I am just missing something simple.
function getacctname {
$fname = $FirstName.Text
$lname = $LastName.Text
Try {
$User.Text = Get-ADUser -Filter "GivenName -eq '$fname' -and SurName -eq '$lname'" |
Select-Object -ExpandProperty 'SamAccountName' |
Out-Gridview -Title 'Windows Logon' -PassThru
$Email.Text = (Get-ADUser $User.text -Properties mail).mail
}
Out-GridView dynamically builds its columns based on the input data you feed to it - so in order to get 3 columns, create an object with 3 properties!
Change the Select-Object statement so that it creates an object with properties corresponding to your desired columns and Out-GridView takes care of the rest:
Get-ADUser -Filter "GivenName -eq '$fname' -and SurName -eq '$lname'" -Properties physicalDeliveryOfficeName |
Select-Object 'SamAccountName',#{Name='Office';Expression={$_.physicalDeliveryOfficeName}} |
Out-Gridview -Title 'Windows Logon' -PassThru
If the office name is stored in a different attribute, replace the two occurrances of physicalDeliveryOfficeName with the ldap display name of the attribute in question
I have found this script that filters me the passwprdexpirydate of enabled accounts on AD.
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties “DisplayName”, “msDS-UserPasswordExpiryTimeComputed” |
Select-Object -Property “Displayname”,#{Name=“ExpiryDate”;Expression{[datetime]::FromFileTime($_.“msDS-UserPasswordExpiryTimeComputed”)}}
It works fine but I would like to have it search just one specific AD account that I will type in. How do I accomplish that?
I would
This is one of those times where reading the documentation would answer your question, as the examples cover this question...
You can either replace the Filter for the Identity param:
Get-ADUser -Identity USERNAME
Or, update the filter:
Get-ADUser -Filter {Name -eq "USERNAME"}
Try something like this:
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –
Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",#{Name="ExpiryDate";Expression=
{[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} |
Where-Object {$_.DisplayName -like "Username"}
I'm trying to stitch together two lines of PowerShell, but I just can't figure the syntax. There is a post that sounds like it might be what I need, but it isn't using -LDAPFilter.
To generate a list of AD users created in the last 100 days, I use
$now = ((Get-Date).AddDays(-100)).Date
$users = Get-ADUser -Filter {whenCreated -ge $now} -Searchbase "OU=staff,OU=SMUC_Users,DC=stmarys,DC=ac,DC=ie" |
Where-Object { $_.Enabled -eq 'True' }
And this code from "How to get ALL AD user groups (recursively) with Powershell or other tools?" does the next step, which is to find all the groups that a user is a member of:
$username = 'd.trump'
$dn = (Get-ADUser $username).DistinguishedName
Get-ADGroup -LDAPFilter ("(member:1.2.840.113556.1.4.1941:={0})" -f $dn) |
select -Expand Name
but I can't pipe the output of the first into the second to get an overall list.
Get-ADUser -Filter {whenCreated -ge $now} -Searchbase "OU=staff,OU=SMUC_Users,DC=stmarys,DC=ac,DC=ie" |
Where-Object { $_.Enabled -eq 'True' } |
Select-Object DistinguishedName |
Get-ADGroup -LDAPFilter ("(member:1.2.840.113556.1.4.1941:={0})" -f $_) |
select -expand Name
The error message is:
Get-ADGroup : The search filter cannot be recognized
I thought the second code snippet extracted the distingushed name and supplied it to the filter, and that is what I have tried to do in the pipeline.
You are missing ForEach-Object (alias %).
The following code should work:
Get-ADUser -Filter {whenCreated -ge $now} -SearchBase "OU=staff,OU=SMUC_Users,DC=stmarys,DC=ac,DC=ie" `
| Where-Object { $_.Enabled -eq 'True' } `
| %{Get-ADGroup -LDAPFilter ("(member:1.2.840.113556.1.4.1941:={0})" -f $_.DistinguishedName)} `
| Select-Object -ExpandProperty Name
If you want to output both user and group information you can expand the code like this:
Get-ADUser -Filter {whenCreated -ge $now} -SearchBase "OU=staff,OU=SMUC_Users,DC=stmarys,DC=ac,DC=ie" `
| Where-Object { $_.Enabled -eq 'True' } `
| %{$group = Get-ADGroup -LDAPFilter ("(member:1.2.840.113556.1.4.1941:={0})" -f $_.DistinguishedName);Write-Output $_.UserPrincipalName $group.Name}
I have limited, self-taught experience with PowerShell so this is probably something basic but I can't seem to get it right.
I'm in Active Directory and I need to pull a list of users who's email address doesn't start with their SamAccountName.
(So if your login is jdoe but your email is johndoe#mycompany.com then your profile would be returned)
I've got most of what I need...but I can't figure out how to compare the two properties against eachother.
Right now I have
Get-ADUser -Filter 'enabled -eq $true' -Properties *|
Where {$_.PasswordNeverExpires -eq $false} |
Select Name, SamAccountName, EmailAddress, PasswordNeverExpires
I've tried a few different things to filter what I need, the following command shows exactly what I want (but of course this syntax doesn't work)
Get-ADUser -Filter 'enabled -eq $true' -Properties *|
Where {$_.PasswordNeverExpires -eq $false} |
Where-Object EmailAddress -Contains SamAccountName |
Select Name, SamAccountName, EmailAddress, PasswordNeverExpires
Thanks!
Use a scriptblock for the Where-Object filter like in your second pipeline element:
Where-Object { $_.EmailAddress -notlike "$($_.SamAccountName)*" }
You can even combine it with the first filter, using the -and operator:
Where-Object { $_.PasswordNeverExpires -eq $false -and $_.EmailAddress -notlike "$($_.SamAccountName)*" }
Finally, specify only the properties you need rather that -Properties * (no need to wait for the Domain Controller to return data you won't need):
$Properties = 'Name','SamAccountName','EmailAddress','PasswordNeverExpires'
Get-ADUser -Filter 'enabled -eq $true' -Properties $Properties |Where-Object {
$_.PasswordNeverExpires -eq $false -and
$_.EmailAddress -notlike "$($_.SamAccountName)*"
} |Select-Object $Properties
I'm trying to get a list of enabled users employee numbers (employeenumber) and their email addresses (mail) and format it without headers and with a single space between the fields using PowerShell.
The script works for the most part, but if the employeenumber field is empty I want to exclude it. It doesn't matter if the email address is empty. What I get now is blank spaces if the employee number doesn't exist.
My script:
Get-ADUser -Filter 'enabled -eq $true' -Properties employeenumber, mail |
select -Property employeenumber, mail |
Format-Table -HideTableHeaders |
Out-File allusers_email.txt
I've tried putting Get-ADUser into an array and doing a foreach, but the output is empty. I use PowerGUI and when stepping through the foreach the value of employeenumber is the distinguished name of the user and the output file is blank when the script finishes.
I've also used the following to try to remove the extra spaces, but it's not working.
(gc allusers_email.txt) |
? {$_.Trim() -ne ""} |
Set-Content allusers_email.txt
Using Kiril solution I was able to get what I needed. I now need to change this so that only user objects that have changed today will be output. I've added a variable to contain today's date and I believe I should use Get-ADObject and filter on the whenchanged attribute. However, I get errors. What am I missing from the Get-ADObject command?
$dte=Get-Date
Get-ADUser -Filter 'enabled -eq $true' -Properties employeenumber, mail, ipPhone, mobile |
Where { $_.employeenumber -ne $null } |
Get-ADObject -Filter 'whenchanged -eq $dte'
Select #{Name='Custom';Expression={('{0} {1} {2} {3}' -f $_.employeenumber,$_.mail,$_.ipPhone,$_.mobile).Trim()}} |
Select -ExpandProperty Custom |
Out-File EMailStream.txt
I ended up going with the following script:
$dte=Get-Date -Hour 0 -Minute 00 -Second 00
Get-ADUser -Filter 'enabled -eq $true' -Properties whenchanged, employeenumber, mail, ipPhone, mobile |
Where { $_.employeenumber -ne $null -and $_.whenchanged -gt $dte } |
Select #{Name='Custom';Expression={('{0} {1} {2} {3}' -f $_.employeenumber,$_.mail,$_.ipPhone,$_.mobile).Trim()}} |
Select -ExpandProperty Custom |
Out-File EMailStream.txt
Try to add filter condition, and create combined property value, like so:
Get-ADUser -Filter 'enabled -eq $true' -Properties employeenumber, mail |
Where { $_.employeenumber -ne $null } |
Select #{Name='Custom';Expression={('{0} {1}' -f $_.employeenumber,$_.mail).Trim()}} |
Select -ExpandProperty Custom |
Out-File allusers_email.txt