I have got the value in the file is under the SMTPproxyaddresses header.So, I'm trying something along this lines.
foreach ($user in $userID)
{
$ADuser = Get-ADUser -Filter "ProxyAddress -eq $($user.SMTPproxyaddresses)" -Properties whenCreated, Enabled, SAMAccountName
}
CSV file :
SMTPproxyaddresses
userproxy#contoso.com
testproxy#contoso.com
user2proxy#contoso.com
user3proxy#contoso.com
I couldn't get it working with a variable inside the Filter parameter, but it worked typed outright. However, the alternative is using an LDAPFilter and this worked for me.
Get-AdUser -LDAPfilter "(ProxyAddresses=*$($user.SMTPaddresses))" -Properties whenCreated, Enabled, SamAccountName
Related
Current powershell script being used is in this format:
Get-ADUser -Filter * -Properties EmailAddress, DisplayName -SearchBase "OU=USERS, OU=Site, OU=$_, DC=domain" -Server ServerName | Select DisplayNAme, EmailAddress
My problem is that the OU users, and site are buried in different folders one level up, and I can't figure out how to make the powershell script look thru all the folders above (OU=$_). Using OU=* doesn't work either (bad syntax error).
The -SearchBase parameter doesn't allow wildcards, if I understand correctly, you're looking for all parents OUs having OU=USERS, OU=Site as child OU, in which case, you can first filter for all OUs with Name Users then filter again for those OUs where their DistinguishedName contains OU=USERS, OU=Site and lastly feed these OUs to Get-ADUser -SearchBase:
(Get-ADOrganizationalUnit -LDAPFilter "(name=users)").DistinguishedName | ForEach-Object {
if($_ -notlike "OU=USERS, OU=Site*") { return }
Get-ADUser -Filter * -Properties EmailAddress, DisplayName -SearchBase $_ -Server ServerName
} | Select DisplayName, EmailAddress
I have an existing script which will search data from different domain separately.Please help me to search data from different domain in one shot.
script im using :
Get-ADUser -Server "domainA" -Filter {samaccountname -like "xyaxsdf"} -Properties
samaccountname,EmailAddress
You can use something as simple as this.
Just set your domains in $Domains then a Foreach loop will do the query for each domain. Result as you can see is stored in the $Output variable, which will contains the results of all your queries
$Domains = #('DomainA', 'DomainB')
$Output = Foreach ($Dom in $Domains) {
Get-ADUser -Server $Dom -Filter { samaccountname -like "xyaxsdf" } -Properties samaccountname, EmailAddress
}
Just getting started with Powershell and I've run into a roadblock. I'm trying to iterate through AD and get a list of all OU's. From there I'm trying to get user account info for each user in each OU. To test I've been able to get the DN for all OU's and output to console but when I try and pass those values to the get-aduser cmdlt it fails.
Here's my code:
import-module activedirectory
$SearchBase = get-adorganizationalunit -filter * -searchbase "ou=users,ou=myUsers,dc=company,dc=local" -Properties CanonicalName | select-object -Property distinguishedName
foreach ($ou in $SearchBase) {
get-aduser -filter * -searchbase $ou -Properties givenName,sn,mail
}
I'm getting the following error message: "The supplied distinguishedName must belong to one of the following partitions..."
I think the issue is that when passing $ou to the get-aduser cmdlt the distinguished name must be enclosed in quotes after -searchbase correct? If so not sure how to go about that. Any help is appreciated.
The issue you are having is you need to expand the property you are selecting. You will notice if you run:
get-adorganizationalunit -filter * -searchbase "ou=users,ou=myUsers,dc=company,dc=local" -Properties CanonicalName | select-object -Property distinguishedName
It will show the parent property:
There are two ways to fix this:
Expand the property in your select statement:
$SearchBase = get-adorganizationalunit -filter * -searchbase "ou=users,ou=myUsers,dc=company,dc=local" -Properties CanonicalName | select-object -ExpandProperty distinguishedName
OR Call the Property in your foreach:
foreach ($ou in $SearchBase) {
get-aduser -filter * -searchbase $ou.distinguishedName -Properties givenName,sn,mail
}
Import-Module ActiveDirectory
Get-ADUser -SearchBase "OU=CompanySite,DC=example,DC=domain,DC=com" -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties "SamAccountName","msDS-UserPasswordExpiryTimeComputed", "Department", "Title", "Manager" |
Select-Object -Property "SamAccountName", #{Name="Password Expiry Date"; Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}; #{Label="Manager";Expression={(Get-aduser -filter {sAMAccountName -eq $_.Manager}.sAMAaccountName)}};# |
Export-Csv "C:\Update\PasswordExpired.csv" -NoTypeInformation
I am trying to get an CSV that contains the employees whose password is expiring and get their managers name, the employees job title, the employees name and the date the password will expire.
However when I run this, I am getting the employees name and date the password is expiring. No other fields. I dont understand where I went wrong
Ok, there were a few errors causing issues:
You had a semi-colon (;) after the Password Expiry Date property in the Select-object portion. This caused the code to terminate at that point. It should be a comma.
For the Manager property, your expression is incorrect. You have your end parentheses after SamAccountName. It should be before the period. Additionally you are trying to match the DN with the SamAccountName data so it will return nothing. Just do a Get-ADUser and set the identity as the $_.Manager output. From there you can use the parentheses to output whatever metadata you want from the full ADUser Object for the manager. You can swap out SamAccountName to DisplayName or something else.
Your code: (Get-ADUser -filter {SamAccountName-eq $_.Manager}.SamAccountName)
Correct code: (Get-ADUser $_.Manager).SamAccountName
Title and Name are not included because you aren't calling them in the Select-object code. The "-Properties" section of Get-ADUser only adds the attribute to the list of retrieved attributes. What you set in Select is what is output to the screen or file.
You had a comment (#) tag before the Export-CSV section so that wasn't running either.
Here's the code. I don't have the manager attribute in my AD so I wasn't able to validate that section, but the rest ran correctly. I've also made it a bit more transportable. The SearchBase is now specified in a variable, as is the export location for the file. Additionally, you don't need to specify SamAccountName in the -Properties section as this is a default attribute for Get-ADUser.
Import-Module ActiveDirectory
$SearchPath = "OU=CompanySite,DC=example,DC=domain,DC=com"
$ExportPath = 'C:\Update\PasswordExpired.csv'
$Users = Get-ADUser -SearchBase $SearchPath -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties "msDS-UserPasswordExpiryTimeComputed", "Department", "Title", "Manager"
$Users | Select-Object -Property Name,"SamAccountName",Title,#{Name="Password Expiry Date"; Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}},#{Label="Manager";Expression={(Get-ADUser $_.Manager).sAMaccountName}} | Export-Csv $ExportPath -NoTypeInformation
I have been searching everywhere, and have tried many different combinations, but I can't seem to figure out how to get the "Job title" from the organization part of AD.
Here are a few things that I have tried
get-aduser -Filter * -SearchBase "Bob.Barker" -Properties sAMAccountName,Title
Get-ADUser -identity "Bob.Barker" -Filter * -Properties title | group title -NoElement
Also, as a bonus question how would you set the job title.
Thank you all for your assistance.
In your example, if the user's username is Bob.Barker then use this:
get-aduser -Filter {samAccountName -eq "Bob.Barker"} -Properties sAMAccountName,Title
or if surname is Barker
get-aduser -Filter {sn -eq "Barker"} -Properties sAMAccountName,Title
(old thread I'm aware, I'm just happy I know the answer to some of these questions - hopefully help out the next guy/gal that needs this reference quickly)
These chunks of powershell are correct:
get-aduser -Filter {samAccountName -eq "Bob.Barker"} -Properties sAMAccountName,Title
(looking up by SamAccountname, a little more accurate)
get-aduser -Filter {sn -eq "Barker"} -Properties sAMAccountName,Title
(Looking up by surname/lastname, if you have a big AD you'll have a lot of results to go through)
The other question above was
Also, as a bonus question how would you set the job title.
Here it is below:
Get-aduser -identity bob.barker | set-aduser -replace #{title="New Job Title"} -whatif
I like using the -whatif, just in case something goes terribly wrong and I make the CEO the janitor or something.
And here you commit it: Notice, you find the user first with get-aduser, then in the pipe |, you set-aduser with the new value between the #{} braces
Get-aduser -identity bob.barker | set-aduser -replace #{title="New Job Title"}
And here's a bonus answer. If you want to export a whole bunch of users with the same title who need a new title, export your search results into a CSV:
Get-Aduser -filter 'Title -like "Old Job Title"' -Properties * | select samaccountname | Export-csv "C:\some_path\change_these_titles_samaccountnames.csv"
The exported CSV will only have the SamAccountnames that match that job title you're looking for (in this case "Old Job Title").
Now, create a few $variables to store the new job title, the CSV to import, and the samaccountname, and a for-loop to look at the CSV File.
$Set_Title=Import-CSV "C:\some_path\change_these_titles_samaccountnames.csv"
$New_Title="New Title for everyone in CSV file"
foreach ($User in $Set_Title) {
$User.sAMAccountName
Set-ADUser -Identity $User.sAMAccountName -Title $New_Title
}
you could even put a count variable outside the for-loop to show how many users were updated:
$total = ($Set_Title).count
$total
Write-Host "AD User Titles have been updated..."
Hope this helps the next person out!
Use this to get all the information you need, like title related or organizational info
Get-ADUser -Filter {samAccountName -like "*bla*"} -Properties *