I'm trying to get a specific AD User and change their UPN, but not their UPN suffix.
As you can see at the moment I have to manually enter their current UPN suffix which is a bit pointless since you have to go into AD to find that anyway, is there some string like $_.UPNSuffix that will call the user's current Suffix?
$container = "OU=MyOU,DC=MyDomain,DC=local"
$Filter = Read-Host -Prompt "Enter users Username/P-number"
$UPNSuffix = Read-Host -Prompt "Enter users current UPN Suffix"
$users = Get-ADUser -Filter "UserPrincipalName -like '$Filter*'" -SearchBase $container
Foreach ($user in $users)
{
$newFQDN = $user.GivenName + "." + $user.Surname
$NewDN = $user.GivenName + " " + $user.Surname
Set-ADUser -Identity $user -UserPrincipalName $newFQDN#$UPNSuffix -SamAccountName $newFQDN
Write-Host "User's UPN is now $newFQDN#$UPNSuffix"
}
You can get the UPN components by splitting on the # sign.
I would be doing something along the lines of:
$container = "OU=MyOU,DC=MyDomain,DC=local"
$Filter = Read-Host -Prompt "Enter users Username/P-number"
$users = Get-ADUser -Filter "UserPrincipalName -like '$Filter#*'" -SearchBase $container
Foreach ($user in $users)
{
$null, $UPNSuffix = $user.UserPrincipalName -split '#' # Dump the first part, store the 2nd
$newFQDN = $user.GivenName + "." + $user.Surname
$NewDN = $user.GivenName + " " + $user.Surname
Set-ADUser -Identity $user -UserPrincipalName "$newFQDN#$UPNSuffix" -SamAccountName $newFQDN
Write-Host "User's UPN is now $newFQDN#$UPNSuffix"
}
From a quick Google it doesn't seem that there is a dedicated field for the Suffix, but I figure you could get the UserPrincipalName property and then just split on the # and grab the second element of the split:
$UPN = (Get-ADUser -Identity $user -Property UserPrincipalName).UserPrincipalName
If ($UPN) {
$UPNSuffix = ($UPN -Split '#')[1]
} Else {
Write-Warning "Failed to get UserPrincipalName for $User"
}
Note: this is untested code.
It's possible to get the UPN suffixes from the uPNSuffixes field in the Partitions object who's located at :
CN=Partitions,CN=Configuration,DC=xxxxx,DC=com
Thanks from this post who provide an example in C# :
List all UPN Suffixes from Active Directory
I don't know how to implement that in powershell but in PHP, it's pretty simple :
ldap_read($ldapConnection, "CN=Partitions,CN=Configuration,DC=xxxxx,DC=com", "(objectclass=*)", array("*");
Maybe with Get-UserPrincipalNamesSuffix :
https://learn.microsoft.com/en-us/powershell/module/exchange/active-directory/get-userprincipalnamessuffix?view=exchange-ps
Hope this helps someone !
Related
Basically the idea of this script is to create a new user in AD but to also copy groups from another user in AD from a search with user input.
For example copy sales groups from a current team member to the newly created member. The error I'm getting is that my $ID variable is always empty and -Identity cant use it. If I hardcode the user I want to copy from this code works.
I can just ask for user input and have them put in the identity / username / samaccountname to copy groups from but they're not going to know that off the top of their head as the naming convention in AD includes employee numbers. They'd have to navigate AD to find that and this avoids the point of the script.
I want this script to be able to lookup a user based on just name for ease of use. This is why it uses -filter. If you have suggestions on how to handle potential duplicates of users with same name during this search I'm all ears for that too.
After it finds the user to copy from it copies the groups from the searched user to the newly created user.
Thanks for any help!
Do {
$Given = Read-Host -Prompt "Input new user first name"
$Surname = Read-Host -Prompt "Input new user last name"
$PW = Read-Host -Prompt "Input new user password"
$Phone = Read-Host -Prompt "Input new user phone number"
$NewSam = Read-Host -Prompt "Input preferred new user ID"
$User = "$Given $Surname"
$Confirmation = Read-Host "You input '$User' , '$NewSam' , '$PW' , and '$Phone' is this correct (y/n)?"
}
while ($confirmation -ne "y")
New-ADUser -Name $User -GivenName $Given -Surname $Surname -SamAccountName $NewSam -AccountPassword (ConvertTo-SecureString -AsPlaintext "$PW" -Force) -Enabled $True `
-OfficePhone $Phone -ChangePasswordAtLogon $true
Do {
$clone = Read-Host -Prompt "Who are we copying groups from?"
$Confirmation2 = Read-Host "You input '$clone' is this correct (y/n)?"
}
while ($confirmation2 -ne "y")
$ID = Get-ADUser -Filter 'Name -eq "$clone"'| Select-Object -ExpandProperty SamAccountName
$GetUserGroups = Get-ADUser -Identity "$ID" -Properties memberof | Select-Object -ExpandProperty memberof
$GetUserGroups | Add-ADGroupMember -Members $NewSam -Verbose
While asking for user input via Read-Host is always tricky (a user can type in any bogus text he/she wants), I would at least give that user the opportunity to quit the loop by adding the q option in there as well.
Then you really should first do a check if the user perhaps already exists or not before creating with New-ADUser.
Finally, $GetUserGroups | Add-ADGroupMember -Members $NewSam -Verbose will not work as you expect, because the -Identity parameter for Add-ADGroup only takes one single group id at a time, so you need to loop over the groups there.
Try
do {
$Given = Read-Host -Prompt "Input new user first name"
$Surname = Read-Host -Prompt "Input new user last name"
$PW = Read-Host -Prompt "Input new user password"
$Phone = Read-Host -Prompt "Input new user phone number"
$NewSam = Read-Host -Prompt "Input preferred new user ID (SamAccountName)"
$User = "$Given $Surname"
$Confirmation = Read-Host "You input '$User' , '$NewSam' , '$PW' , and '$Phone' is this correct (y/n/q)?"
switch -Wildcard ($confirmation) {
'q*' {
# user wants to quit
exit
}
'y*' {
# here first check if that user already exists or not
$existingUser = Get-ADUser -Filter "SamAccountName -eq '$NewSam'"
if ($existingUser) {
Write-Warning "A user with SamAccountName '$NewSam' already exists"
$Confirmation = 'n' # rerun the loop
}
}
}
} while ($confirmation -notlike "y*")
# now proceed creating the new AD user
# because New-ADUser can take a lot of parameters, the cvleanest way is to use splatting
$userProps = #{
Name = $User
GivenName = $Given
Surname = $Surname
SamAccountName = $NewSam
AccountPassword = ConvertTo-SecureString -AsPlaintext $PW -Force
Enabled = $True
OfficePhone = $Phone
ChangePasswordAtLogon = $true
# add switch parameter PassThru, so the cmdlet returns the new user object
PassThru = $true
}
$newUser = New-ADUser #userProps
do {
$clone = Read-Host -Prompt "Who are we copying groups from? (SamAccountName)"
$Confirmation = Read-Host "You input '$clone' is this correct (y/n/q)?"
switch -Wildcard ($Confirmation) {
'q*' {
# user wants to quit
Write-Host "New user '$($newUser.Name)' has been created but not added to any groups.."
exit
}
'y*' {
# here first check if that user already exists or not
$cloneUser = Get-ADUser -Filter "SamAccountName -eq '$clone'" -Properties MemberOf
if (!$cloneUser) {
Write-Warning "A user with SamAccountName '$clone' does not exist"
$Confirmation = 'n' # rerun the loop
}
else {
# get the MemberOf properties from the second user
# and add the new user to these groups
$cloneUser.MemberOf | ForEach-Object {
$_ | Add-ADGroupMember -Members $newUser -Verbose
}
}
}
}
}
while ($confirmation -notlike "y*")
P.S. I'm using wildcard comparisons ('y*') on the confirmation input because otherwise if a user types 'yes' the loop will not see that as a YES
Your script starts to go sideways here:
$ID = Get-ADUser -Filter 'Name -eq "$clone"'| Select-Object -ExpandProperty SamAccountName
$GetUserGroups = Get-ADUser -Identity "$ID" -Properties memberof | Select-Object -ExpandProperty memberof
And you're so close, what's needed is:
$ID = Get-ADUser -Filter "Name -eq '$clone'"|
Select-Object -ExpandProperty SamAccountName
The Filter requires single quotes around the name. The documentation on this is horrible and, for the Filter parameter, uses ScriptBlocks (code inside curly braces) in the examples while the actual type is [string]. I learned to stick with strings after fixing problems that were obscured by using ScriptBlocks.
You wouldn't even run into this problem if you simplified to:
$ID = Get-ADUser -Identity $clone |
Select-Object -ExpandProperty SamAccountName
As long as we're simplifying, you only need one line:
$GetUserGroups = Get-ADUser -Identity $clone -Properties memberof |
Select-Object -ExpandProperty memberof
One more thing to consider. While piping to Select-Object is the PowerShell way and is the style I tend to use from the command line, in scripts I personally prefer:
$GetUserGroups = (Get-ADUser -Identity $clone -Properties memberof).memberof
But this is a matter of taste (while also being faster (which only matters in long running scripts)).
I'm trying to import manager attribute to active directory for set of users using the following CSV file template
GivenName Surname DisplayName Department Title mail MobilePhone Manager SamAccountName
John Smith John Smith IT IT Manager john#example.com 1234 Mark Ebert JohnS
I used the below script and but it throws out an error.What i'm thinking it is due to manager attribute required to be in distinguished name format and **but i cannot change the csv manager column name as it comes from a different program.**The manager name in the CSV file shows in first name and last name format. What i need is to import the data on it to AD like the way it is.Any alternative methods available for this scenario.Here is the example script i used.
# Import AD Module
Import-Module ActiveDirectory strong text
$users = Import-Csv -Path C:\temp\MergedTo_AD.csv
foreach ($user in $users)
{Get-ADUser -Filter "SamAccountName -eq '$($user.samaccountname)'" | Set-ADUser -GivenName $($User.GivenName) -Surname $($User.Surname) -DisplayName $($User.DisplayName) -title $($User.title) -EmailAddress $($User.EmailAddress) -MobilePhone $($User.MobilePhone) $User -manager $ID }
If your CSV looks like this:
GivenName,Surname,DisplayName,Department,Title,mail,MobilePhone,Manager,SamAccountName
John,Smith,John Smith,IT,IT Manager,john#example.com,1234,Mark Ebert,JohnS
Joe,Bloggs,Joe Bloggs,Marketing,Administrative Assistant,joe#example.com,87954,,JoeB
Then you can see that in the second example the Manager property is empty.
To best deal with columns that could be empty, use Splatting for properties that are present in the CSV, while omitting empty fields:
Something like this:
$users = Import-Csv -Path C:\temp\MergedTo_AD.csv
foreach ($user in $users) {
# first try and find the user object in AD
$adUser = Get-ADUser -Filter "SamAccountName -eq '$($user.SamAccountName)'" -Properties Manager -ErrorAction SilentlyContinue
if ($adUser) {
# we have a valid user. create a splatting Hashtable to use with Set-ADUser
# Leave out the Manager for now, as we first need to make sure we can actually find a DN for this property.
$userProps = #{
# take out any properties you do not want to (re) set
GivenName = $user.GivenName
Surname = $user.Surname
DisplayName = $user.DisplayName
Title = $user.Title
EmailAddress = $user.mail
MobilePhone = $user.MobilePhone
}
# try and get the manager object from the $user.Manager column which may or may not have been set
if (![string]::IsNullOrWhiteSpace($user.Manager)) {
# try and find an AD user with the given DisplayName. You could also try with the `Name` property
$manager = Get-ADUser -Filter "DisplayName -eq '$($user.Manager)'" -ErrorAction SilentlyContinue
if ($manager) {
# add the 'Manager' entry to the Hashtable for properties to set
$userProps['Manager'] = $manager.DistinguishedName
}
else {
Write-Warning "Could not find '$($user.Manager)' in AD.."
}
}
else {
Write-Warning "Manager column for user '$($user.SamAccountName)' is empty.."
}
# here we set the properties to the user according to the CSV file
Write-Host "Updating user properties for '$($user.SamAccountName)'"
$adUser | Set-ADUser #userProps
}
else {
Write-Warning "User '$($user.SamAccountName)' could not be found.."
}
}
I'm not a scripting expert at all.I amended the script as below as per your suggestion.
# Import AD Module
Import-Module ActiveDirectory
$users = Import-Csv -Path C:\temp\MergedTo_AD.csv
{Get-ADUser -Filter "SamAccountName -eq '$($user.samaccountname)'" $FirstName,$LastName = (-split $User.Manager).Trim() $ID = (Get-ADUser -LDAPFilter "(&(GivenName=*$FirstName*)(SurName=*$LastName*))").SamAccountName (Get-ADUser -LDAPFilter "(&(GivenName=*$FirstName*)(SurName=*$LastName*))").SamAccountName| Set-ADUser -GivenName $($User.GivenName) -Surname $($User.Surname) -DisplayName $($User.DisplayName) -title $($User.title) -EmailAddress $($User.EmailAddress) -OfficePhone $($User.OfficePhone) -MobilePhone $($User.MobilePhone) -manager $($User.manager) }
I'm getting below error
Get-ADUser : The search filter cannot be recognized
At C:\Temp\PowershellScript-Users Import.ps1:5 char:128
+ ... im() $ID = (Get-ADUser -LDAPFilter "(&(GivenName=*$FirstName*)(SurNam ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8254,Microsoft.ActiveDirectory.Management.Commands.GetADUser
I've reviewed the code and the reason it fails is because you cannot add the manager using the variable '$ID' is that it has no reference, nor does it resolve to the managers active directory user account. Your choices are either add the managers Distinguished Name to your csv file or stick it in your code to resolve the managers Distinguished Name.
#Import CSV File to set variable for the user’s logon name of whom manager’s field needs to be filled + delimiter
$users = Import-Csv -Delimiter ";" -Path "C:\temp\MergedTo_AD.csv"
foreach ($user in $users) {
#The Managers AD Sam Account Name
$ManagersaMACCount = "saMACcount"
#The Managers AD Distinguished Name
$ManagerID = (Get-ADUser -identity $ManagersaMACCount).DistinguishedName
#Example of Setting User's Manager Attribute -Example below
#Get-aduser -identity $user | Set-ADUser -Manager $ManagerID
#Using your code to filter AD Sam Accounts Based on column samaccountname in the csv file
Get-ADUser -Filter "SamAccountName -eq '$($user.samaccountname)'" `
#Pipe Set Users GivenName Based on column GivenName
| Set-ADUser -GivenName $($User.GivenName) `
#Set Users Surname Based on column Surname
-Surname $($User.Surname) `
#Set Users Display Name Based on column DisplayName
-DisplayName $($User.DisplayName) `
#Set Users Title Based on column Title
-title $($User.title) `
#Set Users Email Address Based on column EmailAddress
-EmailAddress $($User.EmailAddress) `
#Set Users Mobile Phone Based on column MobilePhone
-MobilePhone $($User.MobilePhone) `
#Set Users Manager Based on the Distinguished Name Attribute In Active Directory
-manager $ManagerID
}
OK guys, i've edited my script for user creation and now it's almost perfect except one thing that i cant figure out
how to make the hash table read the Variable for the "$GivenName $Surname"
and make the Name of the user, because now it's creating users without the Name parameter
or I need to creat a header for $GivenName and $surname in the csv file
cls
#get the csv file
$filepath = import-csv "C:\users.csv"
#set the variable for the uers
$newusers = $filepath
#set Passwords for new users
$securepassword = ConvertTo-SecureString "BlahBlah" -AsPlainText -Force
foreach ($user in $newusers) {
#get user information
$User_Creation_Settings = #{
Name = "$GivenName $Surnam"
GivenName = $user.GivenName
Surname = $user.Surnam
UserPrincipalName = $user.UserPrincipalName
SamAccountName = $user.SamAccountName
Path = $user.Path
ScriptPath = $user.ScriptPath
ChangePasswordAtLogon = $false
Department = $user.Department
DisplayName = $user.DisplayName
Description = $user.Description
Title = $user.'Job Title'
AccountPassword = $securepassword
Enabled = $true
}
New-ADUser #User_Creation_Settings
#Get Groups information
$group1 = $user.Group1
$group2 = $user.Group2
$group3 = $user.Group3
$group4 = $user.Group4
#Add the users in to Groups
Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group1
Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group2
Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group3
Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group4
Write-Host "`n"
Write-Host "The account for $GivenName $Surnam created in $OuPath successfully "
}
pause
so i've figured it out and i'm posting the solution
for the solution of the issue that i've described, i had to make Powershell think that "First name" and "Last Name" are one whole variable which is split in the middle, that's why i've used the parentheses with a "$" sign before them, Power Shell will think that you are using the $user from the loop, and will "Popup" the headers from the CSV file.
here is the whole script
cls
#get the csv file
$filepath = import-csv "C:\users.csv"
#set the variable for the uers
$newusers = $filepath
#set Passwords for new users
$securepassword = "BlahBlah"
foreach ($user in $newusers) {
#get user information
$User_Creation_Settings = #{
Name = "$($user.'First Name') $($user.Lastname)"
GivenName = $user.'First Name'
Surname = $user.Lastname
UserPrincipalName = $user.UserPrincipalName
SamAccountName = $user.SamAccountName
Path = $user.Path
ScriptPath = $user.ScriptPath
ChangePasswordAtLogon = $false
Department = $user.Department
DisplayName = $user.DisplayName
Description = $user.Description
Title = $user.'Job Title'
AccountPassword = ConvertTo-SecureString $securepassword -AsPlainText -Force
Enabled = $true
}
New-ADUser #User_Creation_Settings
#Get Groups information
$group1 = $user.Group1
$group2 = $user.Group2
$group3 = $user.Group3
$group4 = $user.Group4
#Add the users in to Groups
Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group1
Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group2
add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group3
Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group4
Write-Host "`n"
Write-Host "The account for $($user.'First Name') $($user.Lastname) created in $($user.Path) successfully "
}
pause
So in that case:"$($user.'First Name') $($user.Lastname)"
powershell will behave like you entered one whole variable.
The short answer is that both are fine, because both are valid ways of creating hashtables in PowerShell. For more information, check out about_Splatting.
Personally, I use single quotes around strings across the board and leave variables alone so that PowerShell doesn't think I'm trying to call a function. As mentioned, this is not required here and frankly can make your code look messier than it needs to be.
A few things to watch out for:
Name = $firstname $lastname # invalid because of the space
'class' = win32_logicaldisk # invalid: PowerShell will look for the function win32_logicaldisk
GivenName = '$firstname' # because single quotes are used, PowerShell will not replace the variable; GivenName will literally be $firstname
Both the above splatting are fine and the reason for the color change is in the first Hashtable "$firstname $lastname" is a string as you have mentioned it in quotes, Editor represents Strings in Brown color and variables in black color.
In the second Hashtable you used single quotes for all the Keys and values and again those are understood and represented as Strings by the editor.
No harm either way.
I have added about 1700+ users to Active Directory using a CSV file. I accidentially tried to use \n to seperate some attributes between them. But it did not escape new line. Instead typed it as is.
$Users = Import-Csv -Path "C:\UsersList.csv"
foreach ($User in $Users)
{
$Name = $User.Name
$AccountPassword = $User.AccountPassword
$City = $User.City
$Company = $User.Company
$GivenName = $User.GivenName
$SamAccountName = $User.SamAccountName
$Surname = $User.Surname
$UserPrincipalName = $User.UPN
$Displayname = $User.Name
$Description = "Desc1: " + $User.Desc1 + "\nDesc2: " + $User.Desc2 + "\nDesc3: " + $User.Desc3 + "\nDesc4: " + $User.Desc4
$Path = $User.Path
New-ADUser -Name "$Name" -DisplayName "$Displayname" -SamAccountName "$SamAccountName" -UserPrincipalName "$UserPrincipalName" -GivenName "$GivenName" -Surname "$Surname" -Description "$Description" -AccountPassword (ConvertTo-SecureString $AccountPassword -AsPlainText -Force) -Enabled $true -Path "$Path" -ChangePasswordAtLogon $true
}
Now I want to change those "\n" in Descriptions for all users.
I can get users using
Get-ADUser -Filter {description -like "\n"}
I need a command that using .Replace("\n"," - "). I do not know how to use it to reach my goal.
You could do a Foreach-Object loop to find all the Descriptions with your filter and pipe that to Set-Aduser.
$Description = "-Desc1: " + $User.Desc1 + "-Desc2: " + $User.Desc2 + "-Desc3: " + $User.Desc3 + "-Desc4: " + $User.Desc4
foreach ($User in (Get-ADUser -Filter {description -like "*\n*"}) )
{
$User.SamAccountName | Set-ADUser -Description $Description
}
To update the users from the CSV
foreach ($User in $users )
{
$User.SamAccountName | Set-ADUser -Description $user.Description
}
Use Set-ADUser:
Get-ADUser -Filter {description -like "*\n*"} -Properties Description |
ForEach-Object {
$newDescription = $_.Description.Replace('\n', ' - ')
Set-ADUser -Identity $_ -Description $newDescription
}
Note that with the -like operator you need to add wildcards before and after the \n, otherwise you'd only get users where the description consists of just \n and nothing else. You also need to tell Get-ADUser to include the property Description as it isn't among the properties returned by default.
Nowhere have I found anyone attempting to prompt for first and last names and then put that into a variable with a wildcard.
If I substitute real values with the asterisk, it works but attempting to do so with a variable returns nothing.
$LastName = Read-Host "Enter user's Last Name"
$FirstName = Read-Host "Enter users's First Name"
$GroupMembershipList = (Get-ADUser -Filter {(GivenName -like $FirstName*) -and (Surname -like $LastName*)}).SAMAccountName
Foreach ($Name in $GroupMembershipList) {
$GroupMemberShip = Get-ADPrincipalGroupMembership -Identity "$Name" | Sort Name |ForEach-Object {$_.name -replace ".*:"}
$FullName = Get-ADUser $Name -Properties * | Select -Property DisplayName
$UserPrincipalName = Get-ADUser $Name -Properties * | Select -Property UserPrincipalName
#Write-Output $PrincipalName
Write-Output $FullName
Write-Output $Name
Write-Output $GroupMembership
Write-Output " "
}
I think the issue is just that your braces are preventing your variables from expanding the way you expect them to.
I offer this since -Filter will work with properly formatted strings as well.
$GroupMembershipList = Get-ADUser -Filter "GivenName -like '$FirstName*' -and Surname -like '$LastName*'" | Select-Object -ExpandProperty SamAccountName
and yes you can just get the property the same was you did before
$GroupMembershipList = (Get-ADUser -Filter "GivenName -like '$FirstName*' -and Surname -like '$LastName*'").SamAccountName
I used the second suggestion and it worked. I am new to PS and also to programming in general.
I find PS confusing at times regarding the placement of parenthesis, brackets, etc. I generally have the logic but mess up on placing these delimiters.
You mentioned formatting my code. I am sorry I don't know what you mean by that.
Also, I would rather use Write-Host to allow for formatting but when I do, all of the data is on a single line and the user returned is specified as #{DisplayName=Doe, John}.
Can you address that or should this be posted to a new subject?
I worked on it more and figured the Write Host stuff. Also added a Do Loop
$ErrorActionPreference = "Stop"
$Continue = "Quit"
Do {
$LastName = Read-Host "Enter user's Last Name"
$FirstName = Read-Host "Enter users's First Name"
$GroupMembershipList = (Get-ADUser -Filter "GivenName -like '$FirstName*' -and Surname -like '$LastName*'").SamAccountName
Foreach ($Name in $GroupMembershipList) {
$GroupMemberShip = Get-ADPrincipalGroupMembership -Identity "$Name" | Sort Name |ForEach-Object {$_.name -replace ".*:"}
Write-Host " "
Write-Host $FirstName, $LastName -ForegroundColor Yellow
Write-Host IMC UserName = $Name
Write-Host "*****************************" -ForegroundColor Red
Write-Host "Groups $Firstname $LastName is a member of:" -ForegroundColor Yellow
$GroupMembership
Write-Host " "
}
$Continue = Read-Host "Do you want to check another name? (Y/N)"
If($Continue -eq "Y"){
}
}
until ($Continue -eq "N")
$GivenName = read-host "What's the users first name (wildcard * ok)?"
$Surname = read-host "What's the users last name (wildcard * ok)?"
Get-ADUser -filter{(Surname -like $Surname -and GivenName -like $GivenName)} -properties GivenName, Surname, UserPrincipalName, mobile