I have a script that creates a csv file that tells me users who haven't logged in in 90 days. It needs to include the Manager for that user but when pulling in the manager from Active Directory, I"m getting the full DN for that manager rather than just the Display Name. Here's my script...
import-module activedirectory
get-aduser -filter * -searchscope subtree -searchbase "ou=user departments ou,dc=acr,dc=org" -properties DisplayName,manager,lastlogontimestamp |
? {(((Get-date) - ([datetime]::FromFileTime($_.lastlogontimestamp))).TotalDays -gt 90)} |
select DisplayName,samaccountname,manager,Userprincipalname,#{Exp={([datetime]::FromFileTime($_.lastlogontimestamp))};label="Last logon time stamp"} |
export-csv "c:\scripts\reston_sharepoint_users_120_days.csv" -NoTypeInformation -Delimiter ","
Any suggestions? The rest of the script works perfectly. Thanks.
Related
Need help building a powershell script that will provide me information from EventViewer for each computer.
This command provide me the full list of my computers in AD
Get-ADComputer -SearchBase ‘DC=test,DC=test’ -Filter * | Select-Object Name
And this command provide me the specific Security ID that i'm searching for(for example 4688).
(Get-ADComputer -SearchBase ‘DC=test,DC=test’ -Filter *).Name | Get-EventLog -LogName Security -InstanceId 4688
Now i need to build a script of those commands, first i'm getting all the hosts from my AD, then i need to search each computer and get a list with all the computers(names) that there is a Security ID (for example 4688), and export it.Please help, Thanks.
Done.
Script that will do the following steps:
1. Export all Domain computers name to the file called "ADcomputerlist.csv"
2. Import this file "ADcomputerlist.csv"
3. Search in each computer name for the past 30 days for the Security Log, InstanceID 1102.
4. Export the result to the file Result_Log_objects.csv with a specific date when file created.
4.1. Inside the file "Result_Log_objects.csv" i will find:
Name of the computers that this LogEvent exist
By who this action were taken ( for example Log Clearing )
And when this action were taken.
Get-ADComputer -Filter * -Property * | Select-Object Name | Export-CSV C:\ADcomputerslist.csv -NoTypeInformation -Encoding UTF8
$date = Get-Date -format "dd-MMM-yyyy"
$CurrentDate=Get-Date
$startdate=$CurrentDate.adddays(-30)
$Computers = Import-Csv -Path C:\ADcomputerslist.csv |
ForEach-Object {
Get-EventLog -LogName Security -After $startdate -InstanceId 1102 -ComputerName $_.Name -Newest 1
} |
Export-Csv -Path C:\Result_Log_objects_$date.csv -NoTypeInformation
I'm trying to get an AD Security Group down to a manageable size, but due to display limits in Powershell, this is proving difficult for me. The group is down to 47,720 now after removing all disabled AD accounts. Now I'm trying to filter it down to Enabled users that live in this particular OU. Below is what I've used with success in the console.
Get-ADGroup "very_large_secgroup" -properties Member | Select-Object -expandproperty member | get-aduser -Filter * -SearchBase "OU=PurgeStudents,OU=DisabledAccounts,DC=contoso,DC=com" | Select-Object SamAccountName,DistinguishedName
When I try to count this, or pipe it via Out-File though, I get:
get-aduser : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that
take pipeline input.
At line:1 char:92
+ ... ty member | get-aduser -Filter * -SearchBase "OU=PurgeStudents,OU=Dis ...
Any assistance would be greatly appreciated, as I am a novice in Powershell magic.
Instead of using -Filter *, you could filter for all previous retrieved users. And there is a cmdlet to get the members of a group:
Get-ADGroupMember -Identity "very_large_secgroup" -Recursive | Foreach-Object {Get-ADUser -Filter "Name -like $_.Name" -SearchBase "OU=PurgeStudents,OU=DisabledAccounts,DC=contoso,DC=com" | Select-Object -Properties SamAccountName, DistinguishedName}
I created a script to clear terminated user's manager in Active Directory. But want to remove his direct reportees through PowerShell
The Reports attribute is a linked attribute, and its forward link is the Manager attribute.
Remove (or replace) the manager in the Manager attribute of the users and the Reports values will disappear automatically
I use this script to clear Direct Reports from all users in a specific OU. It creates a list of the Manager's direct reports, and then loops through that list and nulls the Manager property. Run the script with -WhatIf to see the accounts that will be affected.
$TSManagerList = (Get-ADUser -Filter * -SearchBase "OU=Tombstone,DC=Contoso" -Properties directreports, description | where{$_.directreports -ne ""}).samaccountname | sort
foreach($TSManager in $TSManagerList)
{
$DirReportList = (Get-ADUser $TSManager -Properties directreports).directreports
foreach($DirReport in $DirReportList)
{
$DirReportSam = (Get-ADUser -Filter * | where{$_.distinguishedname -eq $DirReport}).samaccountname
Set-ADUser -Identity $DirReportSam -Manager $null -WhatIf
}
}
I am using powershell to extract all users from an OU who have not signed into their account in 365 number of days.
import-module activedirectory
get-aduser -SearchBase 'ou=staff,ou=brummitt,dc=DUNELAND,dc=LOCAL' -filter 'enabled -eq $true' -Properties samaccountname,lastlogondate |
Where-object {$_.lastlogondate -lt (get-date).AddDays(-365)} |
Select-Object -ExpandProperty samaccountname >>'C:\stale\brummitt.txt'
In attempt to organize the folder these are stored in I have created a folder in my servers C: drive called stale and have a folder called scripts in which the powershell scripts are stored.
When I run the script with powershell and the save extension is C:\stale\brummitt.txt it outputs all users in that OU. When the save location is C:\brummitt.txt it returns the correct users who have not signed in for over a year. Why would the results be changing based on the save location and how can this be combated?
Added:
I am running the powershell script from within the scripts folder.
Did you try using Tee-Object as a part of the pipeline?, that will give you the opotunity to check the stream to the file on console,
I need to write a powershell script that will take in an OU
and return all the groups and their owners but if no owner then all the members
I have almost 0 powershell knowledge any help would be useful, I do that the active directory module installed
Try this sample:
Import-Module ActiveDirectory ;
Get-ADGroup -Filter {name -like "*Your Group Name*"} -Properties Description,info | Select Name,samaccountname #| Export-Csv D:\output.csv -NoTypeInformation
Get-ADGroupMember YourGroupName # to list members ;