Create AD Object - Not Exchange - powershell

I am currently trying to create an Active Directory contact object in a specific OU in our Active Directory. I am not looking at using Exchange PowerShell. I would like to do this via normal PowerShell directly in to AD.
I have looked online and found that I can create a contact using the below command, this creates it in a specific OU.
New-ADObject -Name SaraDavisSGTContact3 -Type contact -Path "OU=SGTestOU,OU=Contacts,DC=example,DC=Example,DC=local"
How would I also get it to add other attributes such as mail (email address), first name, surname, etc.? I tried -Mail example.com, etc., but this didn't work.
Please bear in mind I will eventually try and get this to read from a CSV to do in bulk, so the simplier the code the better.

Use the -OtherAttributes Parameter to add additional attributes.
See New-ADObject MSDN Documentation
New-ADObject -name SaraDavisSGTContact3 -Type Contact -path "OU=SGTestOU,OU=Contacts,DC=example,DC=Example,DC=local" -OtherAttributes #{
'mail'="sara#gmail.com";
'proxyAddresses'="sara#gmail.com";
'givenName'="Sara";
'sn'="Davis";
'displayname'="Sara Davis"
}

Related

Add Sip to proxyaddress attribute in AD using powershell

I have username, and email address.
Couldn’t find a simple command to add sip address in AD attributes.
SIP:emiladdress
Please help
Thanks
You need to get the AD user you want to update then append the ProxyAddresses property (attribute) then set the AD user. I neat and easy way to do this is to use the Active Directory cmdlets instancing feature.
$ADUser = Get-ADUser <UserName> -Properties ProxyAddresses
$ADUser.ProxyAddresses = $ADUser.ProxyAddresses += "sip:user#domain.com"
Set-ADUser -Instance $ADUser

Access 'PasswordNeverExpires' property in Azure AD via C#

I have the below code C# which works great for querying Azure AD but I need to also read in the property 'PasswordNeverExpires' as shown in the below screenshot. I cannot see the property on the full MS list here - https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0 - only a 'passwordPolicies' property which returns "DisablePasswordExpiration" for all our users which doesn't tally up with the results shown in AD manager. I can see plenty of powershell scripts, for example here - https://serverfault.com/questions/730189/powershell-find-all-users-with-password-never-expires - which mention a 'passwordNeverExpires' property but this only appears blank when I run my C# script.
string Url = $"{config.ApiUrl}v1.0/users?$select=userPrincipalName,lastPasswordChangeDateTime,PasswordNeverExpires,passwordNeverExpires";
do {
string JSON = await apiCaller.CallWebApiAndProcessResultASync(Url, result.AccessToken, Display);
Url = AADR.OdataNextLink;
} while (AADR.OdataNextLink != null);
The powershell scripts you found in this post is for AD rather than AAD. So it doesn't work for AAD. There is not a property named PasswordNeverExpires in AAD Module.
PowerShell Script:
You can use the following PowerShell cmdlet to see if a single user's password is set to never expire (reference here):
Get-AzureADUser -ObjectId <user id or UPN> | Select-Object UserprincipalName,#{
N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}
}
The cmdlet aliases PasswordPolicies -contains "DisablePasswordExpiration" to a new property PasswordNeverExpires.
To see the Password never expires setting for all users, run the following cmdlet:
Get-AzureADUser -All $true | Select-Object UserprincipalName,#{
N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}
}
Microsoft Graph:
Since there is no PasswordNeverExpires property in MS Graph user resource type, you should just query the passwordPolicies property using MS Graph.
GET https://graph.microsoft.com/v1.0/users?$select=userPrincipalName,lastPasswordChangeDateTime,passwordPolicies
Then you will get "passwordPolicies": "DisablePasswordExpiration" in the response. Use your own code logic to handle it (define a PasswordNeverExpires and set it to true).

How to add a well-known domain-group to a local group?

I am looking for a clean and simple solution (One-Liner?) to add the well-known domain-group Domain Users to a local group like "Direct Access Users".
The command/script will be executed on a Win10-client.
No additional module like "RSAT-AD-PowerShell" should be used for that.
The code should work regardless of OS-language.
I used the following code to add the "Authenticated Users" (= Well-known-SID S-1-5-11) to the local group:
Add-LocalGroupMember -Group "Direct Access Users" -Member S-1-5-11 -Verbose
This works fine, because the SID is static, but the SID for "Domain Users" looks like this S-1-5-21Domain-513 and I want to get the domain-SID dynamic too.
Thank you
I don't see any short way of doing this -- as in, something that will fit in one line "naturally" (you can always just smoosh it together if you really want to, of course). The difficult part seems to be getting the domain SID; once you have that, constructing the well-known SID of the Domain Users group is simple enough. The below uses the computer account to do that; the code could be abbreviated if you were allowed to assume a domain user is running this.
$qualifiedComputerName = [DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name + "\" + [Environment]::MachineName + "$"
$computerAccount = [Security.Principal.NTAccount]::new($qualifiedComputerName)
$domainSid = $computerAccount.Translate([Security.Principal.SecurityIdentifier]).AccountDomainSid
$domainUsersSid = [Security.Principal.SecurityIdentifier]::new("AccountDomainUsersSid", $domainSid).Value
Add-LocalGroupMember -Group "Direct Access Users" -Member $domainUsersSid -Verbose
Grab the domain SID from the dNC root:
$RootDSE = [adsi]"LDAP://RootDSE"
$dNC = [adsi]"LDAP://$($RootDSE.defaultNamingContext)"
$domainSID = [System.Security.Principal.SecurityIdentifier]::new($dNC.Properties['objectSID'].Value, 0)
$domainUsers = [System.Security.Principal.SecurityIdentifier]::new('AccountDomainUsersSid', $domainSID)
Add-LocalGroupMember -Group "Direct Access Users" -Member $domainUsers.Value

Can't get senders email address from read receipts

I am using the code posted on here to try and retrieve the senders email address form read receipts in PowerShell. For some emails this works OK but for others it does not work.
In Outlook I can clearly see who it's from, but PowerShell returns a blank cell.
Any help please?
function Get-OutlookInBox {
Add-Type -AssemblyName "Microsoft.Office.Interop.Outlook" | Out-Null
$olFolders = "Microsoft.Office.Interop.Outlook.olDefaultFolders" -as [type]
$Outlook = New-Object -ComObject Outlook.Application
$Namespace = $Outlook.GetNameSpace("MAPI")
$folder = $NameSpace.pickfolder()
$Folder.Items | Get-Member
$Folder.Items |
Select-Object Subject, SenderName, SenderEmailAddress, CreationTime,
ReceivedTime, Final-recipient, UserProperties, ItemProperties,
MAPIOBJECT, ReceivedByName, Recipents, Sender, SentOn,
SentOnBehalfOfName |
Export-CSV -NoTypeInformation xxx\Trial.csv
}
First of all, make sure that specified exist and can't be retrieved for a particular object. For example, I have noticed the Final-recipient which doesn't have any corresponding property in the OOM.
Note, you need to iterate over all items in the folder and deal with mail items only because other Outlook items may not have properties specified to export. So, you may check the Class property before doing anything.
A yet better solution is to use the Find/FindNext or Restrict methods of the Items class to get items that correspond to your conditions. Read more about these methods in the following articles:
How To: Use Find and FindNext methods to retrieve Outlook mail items from a folder (C#, VB.NET)
How To: Use Restrict method to retrieve Outlook mail items from a folder

Powershell - Exchange calendar sharing looping through all users

What I would like to do is get a list of all users in exchange and loop through them giving each user full access ("owner") right to every other calendar. So basically I want everyone at the company to have "owner" permission to everyone else.
Here is what I have to far it works fine but I would like this to be automated meaning the "username1" and "username2" to be replaced with active users from my exchange server.
Add-MailboxFolderPermission -Identity "username1":\calendar -user "username2" -AccessRights owner
From my comment on the question.
You have lots of options but you can use
Get-Mailbox | ForEach-Object{Add-MailboxFolderPermission -Identity "username1":\calendar -user $_.SamAccountName -AccessRights owner}
This will grab every mailbox, since no filter is applied, and add the MailboxFolderPermission to those mailboxes.
That should work. Be careful as you are making irreversable changes to everyone.