I am trying to get a script together to rename about 40 security groups. I have imported them all into a csv in column A and put the name I need them changed to in column B. here is what I have so far.
Import-Csv C:\test.csv | ForEach-Object{
$item = $_;
Get-ADGroup -LDAPFilter "(&(sAMAccountName=$($_.OriginalName)))" | Set-ADGroup -OriginalName $item.Renameto
}
Thank you very much for all your help!
Import-Csv C:\test.csv | ForEach-Object{Rename-ADObject -Identity $_.ColumnAHeader -NewName $_.ColumnBHeader}
If possible, use the DistinguishedName in Column A. Otherwise you may have to use the partition parameter to specify the groups location.
You may have to remove Protect Object from accidental deletion. If so, try this:
Import-Csv C:\test.csv | ForEach-Object{
Set-ADObject -Identity $_.ColumnAHeader -ProtectedFromAccidentalDeletion:$false
Rename-ADObject -Identity $_.ColumnAHeader -NewName $_.ColumnBHeader -PassThru | Set-ADObject -ProtectedFromAccidentalDeletion:$true
}
Related
I have a script to import a list of users and want to check if any of these users are disabled. I did try to run the script below but it doesn't filter the users in the CSV file it filters everyone in the entire organization. any suggestions would be appreciated. displayname and SIP address in one of the headers in the CSV file if needed to use the header.
Import-CSV -Path .\Piscataway-+1732.csv | ForEach-Object {
Get-ADUser -Filter "Enabled -eq '$true'" | select Enabled,EmailAddress,SamAccountName
} | Export-CSV .\results77.csv -NoTypeInformation
You have several issues:
You are piping From Import-Csv to ForEach-Object. So Get-ADUser doesn't really know you are piping it input objects.
Get-ADUser's -Identity parameter is by value, not by property name. so you need to echo the appropriate column to send it down the pipe.
If you pipe and use the -Filter parameter the filter is going to apply to the whole domain. It's not going to limit the filter to what you piped in.
If you want the email address to be output you have to tell Get-ADUser to retrieve it.
Try something like this:
Import-CSV -Path .\Piscataway-+1732.csv |
ForEach-Object{ $_.samAccountName }
Get-ADUser -Properties mail |
Where-Object{ $_.Enabled }
Select-Object Enabled,mail,SamAccountName |
Export-CSV .\results77.csv -NoTypeInformation
Note: The Property for the email address is "mail".
Note: Since we don't have a sample of the CSV file the above example
assumes there's a column names samAccountName.
Now, if you want the output to come from the CSV file but validate it according to the user's status in AD we have to change the approach. As always there are several ways to do this.
Example 1:
Import-CSV -Path "c:\temp\test.csv" |
Select-Object #{Label = 'Enabled'; Expression = { ( Get-ADUser $_.samAccountName ).Enabled } },EmailAddress,samAccountName |
Export-CSV -Path "c:\temp\Output.csv" -NoTypeInformation
This again assumes the column name (samAccountName). It also assumes there is not already an "enabled" column. So we are adding a property called enabled that we're getting via Get-ADUser. Then finally re-exporting to Csv.
Example 2:
$CsvData = Import-CSV -Path "c:\temp\test.csv"
$EnabledUsers =
(
$CsvData |
ForEach-Object{ $_.samAccountName } |
Get-ADUser |
Where-Object{ $_.Enabled }
).samAccountName
$CsvData |
Where-Object{ $EnabledUsers -contains $_.samAccountName } |
Select-Object #{Label = 'Enabled'; Expression = { $true } },EmailAddress,samAccountName |
Export-Csv -Path "c:\temp\Output.csv" -NoTypeInformation
Example 1 is great for small jobs but too many individual calls to Get-ADUser might be slow for larger runs. In this example Import the CSV data once. Then use it to get a flat list of those entries that are enabled in AD. Once you have that you can use the -contains operator to check if the account is enabled. Once again there's a little extra work to add the "Enabled" property.
This should give you a general idea. There are probably a dozen more ways to do this, but hopefully this give you a good idea of what has to happen. Let me know if this helps.
I've got a script which does a permission report on all mailboxes from csv file but need to add source mailbox identity string to the report.
import-csv "\\networkshare\import.csv" | foreach {Get-MailboxFolderPermission -Identity $_.user | Select Identity,User,AccessRights} | Export-csv \\output.csv
The problem is that report is useless unless I get information about to whom other users have access. So I'm wondering how can I add something like:
Select Identity,User,AccessRight,$_.user
But in this way it does not work...
Store $_.User in a variable and use calculated propeties to add it later. Ex.
Import-Csv "\\networkshare\import.csv" | ForEach-Object {
$u = $_.user
Get-MailboxFolderPermission -Identity $_.user |
Select Identity,User,AccessRights,#{n="InputUser";e={$u}}
} | Export-csv \\output.csv
You've to:
Select Identity,User,AccessRight,#{l="somethingAdded";e={$_.propertyToAdd}}
This is called a calculated property
Hope that helps
I am trying to create a script that will do the above,
I did something like that:
Search-ADAccount -AccountDisabled | Export-Csv -Path C:\csv\DisabledUsers.csv -NoTypeInformation
$csv = Import-Csv -Path c:\csv\DisabledUsers.csv
foreach ($SamAccountName in $csv)
{
Get-ADPrincipalGroupMembership | format table | Export-Csv -Path C:\csv\DisabledUsersGroupM.csv -NoTypeInformation
}
It is work fine until the foreach part. Seems like no values imported from the CSV.
I get this:
cmdlet Get-ADPrincipalGroupMembership at command pipeline position
Supply values for the following parameters:
(Type !? for Help.)
Identity:
What am I doing wrong?
You're calling Get-ADPrincipalGroupMembership without a required parameter (the identity of the object whose group membership you want to obtain).
Change
Get-ADPrincipalGroupMembership
to
Get-ADPrincipalGroupMembership $SamAccountName
Also, the Export-Csv inside the loop would overwrite the output file with every iteration, so you'd end up with just the groups of the last user. Add the parameter -Append to avoid this.
With that said, a much simpler approach would probably be a pipeline like this:
Search-ADAccount -AccountDisabled |
Select-Object SamAccountName, #{n='Groups';e={(Get-ADPrincipalGroupMembership $_.SamAccountName | Select-Object -Expand Name) -join ';'}} |
Export-Csv 'C:\csv\DisabledUsers.csv' -NoType
Can someone help me?
I have to create a .txt file with the following format:
user("SamAccountName","GivenName Surname"){}
I'm able to create just this:
#Get AD Users Info
cls
$SamAccountName = New-Item 'c:\SamAccountName.txt' -type file -Force
Get-ADUser -Filter * -Properties SamAccountName |
select -First 15 | Sort-Object SamAccountName |
Format-Table SamAccountName | Out-File $SamAccountName
$content = Get-Content $SamAccountName
$content | Foreach {$_.TrimEnd() } | where {$_ -ne ""} | Select-Object -Skip 3 | Set-Content $SamAccountName
#Write quotes (make it nice and readable!)
$ACTIVEDIRECTORY = New-Item 'c:\ACTIVEDIRECTORY.lst' -type file -Force
Clear-Content $ACTIVEDIRECTORY
$quotes= '"'
(Get-Content $SamAccountName) |
ForEach-Object {Add-Content $ACTIVEDIRECTORY "$quotes$_$quotes"}
Get-Content $ACTIVEDIRECTORY
This give me this result:
"GivenName"
"GivenName"
"GivenName"
I agree with #notjustme about your question being a mess, but I'll throw an answer out there anyway.
Your first problem is how you set these two variables. They end up being objects, but you're trying to use them like file paths.
$SamAccountName = "c:\SamAccountName.txt"
$ACTIVEDIRECTORY = "c:\ACTIVEDIRECTORY.lst"
This will get you a comma separated list of your users, which is (sort of) what part of your code is doing.
Get-ADUser -Filter * | Select-Object SamAccountName, GivenName, SurName -First 15 | Sort-Object SamAccountName | Export-Csv $SamAccountName -NoTypeInformation
This will get you the list of users with the string format you specified at the top, which is odd, but whatever.
Import-Csv $SamAccountName | ForEach-Object {"user(`"$($_.SamAccountName)`",`"$($_.GivenName) $($_.Surname)`"){}"} | Out-File $ACTIVEDIRECTORY
Can't try it out myself at the moment but... from experience...
-properties * | select SamAccountName, GivenName, Surname
Should get ya in the ballpark.
Re-read your code a few times and well... it seems a mess to be honest. You state what you wanna accomplish and then there's a crud-load of other stuff that make close to no sense in this case. Maybe I'm just too tired, I'll check back in the morning and edit/delete if needed.
Allright, re-read a few more times and the headache is given but still...
In general I'd like to advise you (or anyone, really) if Powershell get's confuzzling to break it down in easily processable pieces.
For the users;
$users = Get-ADUser -Filter { Name -like '*' } -Properties * | select SamAccountName, Givenname, Surname
For the output;
foreach ($user in $users)
{
'("{0}""{1}{2}"' -f $user.SamAccountName, $user.GivenName, $user.Surname
}
Unfortunatly I have no way to try this out myself at the moment but it should be in the ballpark... if you end up getting some errors, lemme know and I'm sure I can guide ya through it. I'm not 100% sure about them single and doublequotes in this particular case... I'd have to try it out.
Hi I'm new to powershell. I have text file with ad group list and I want list all users for each group. I tried pip line :
Get-Content '.\test list.txt' | % { Get-ADGroupMember -Recursive $_ } | select name
but in result i get single column with all users list belongs to all groups in text file.
how i can get csv table with all groups names in column heading and users list below each group name?
Thanks
Try this ( not tested ):
Get-Content '.\test list.txt' |
SELECT #{N="Group Name";e={$_}},#{N="Members";`
E={ (Get-ADGroupMember -Recursive $_) -JOIN ';' }} | fl
Hope this helps you. It requires PS3.0:
Get-Content .\list.txt | % {(Get-ADGroupMember -Identity $_ -Recursive).Name | Out-File -FilePath "$_.txt"}
$hash = #{}
Get-Content .\list.txt | % {$hash["$_"] = (Get-ADGroupMember -Identity $_ -Recursive).Name}
$hash
I don't use CSV very much but I bet hashes are easy to format into CSV files.