Trying to get a script to assign O365 license to a list of users. What am I missing here? I get the list of users to work, made based on SamAccountName length and the date the user is created. How can I get it to look at each of the users inside that list and assign it an O365 license if it is false? Is an IF statement ideal to use here?
Import-Module ActiveDirectory
$date = (Get-Date).ToString()
$month = (Get-Date).AddDays(-4)
$NewUser = Get-ADuser -Filter * -Properties * | Where { ($_.samaccountname.length -eq 3 -and $_.whencreated -ge $month) } | Select-Object SamAccountName, UserPrincipalName, whencreated
Import-Module MSOnline
Connect-Module -Cred $User
foreach ($item in $NewUser) {Get-MsolUser -UserprincipalName $NewUser | where {$_.isLicensed -eq $false}
Set-MsolUserLicense -UserPrincipalName $NewUser.UserPrincipalName -AddLicenses $NewUser.licensetype
}
Use if statement is right. Please refer to the following:
foreach($user in $NewUser){
$AccountInfo = Get-MsolUser -UserPrincipalName $user.UserPrincipalName -ErrorAction Stop
$CurrentAccountSku = $AccountInfo.Licenses.AccountSkuId
if($CurrentAccountSku -ne $null)
{
Set-MsolUserLicense -UserPrincipalName $user.UserPrincipalName -AddLicenses 'contoso:ENTERPRISEPACK' -ErrorAction Stop
}
}
Here's a blog for adding different Skus to Office 365 user accounts.
http://blogs.technet.com/b/treycarlee/archive/2013/11/01/list-of-powershell-licensing-sku-s-for-office-365.aspx
Related
I need to remove all users from my Microsoft Team in one command. The get-teamuser (first row) is giving me all the members. But I can't figure out how to now remove all in a loop. Think this should be something like the second row. But not sure how to do this.
Hope someone can help me with this issue.
Get-TeamUser -GroupId a4f03b48-49ae-4f06-949f-81b4940e17b6 | where-object {$_.role -eq "member"}
#Get-content c:\list.txt |foreach{Remove-TeamUser -GroupId a4f03b48-49ae-4f06-949f-81b4940e17b6 -User $_}
$users = Get-TeamUser -GroupId a4f03b48-49ae-4f06-949f-81b4940e17b6 | where-object {$_.role -eq "member"}
Foreach ($user in $users)
{
$UPN = $user.userprinciplename
Remove-TeamUser -groupid "a4f03b48-49ae-4f06-949f-81b4940e17b6" -user "$UPN"
}
https://learn.microsoft.com/en-us/powershell/module/teams/remove-teamuser?view=teams-ps#:~:text=Remove%20an%20owner%20or%20member,hour%20before%20changes%20are%20reflected.
Thanks Kartheek R,
I've used the answer above but modified it a bit to get it to work for me.
Connect-MicrosoftTeams
$TeamGUID = "94865df5-97fd-1234-aaad-13555de4gt28"
$users = Get-TeamUser -GroupId $TeamGUID | where-object {$_.role -eq "member"}
Foreach ($user in $users) {
$UPN = $user.User
Remove-TeamUser -groupid $TeamGUID -user $UPN
Write-Host $UPN
}
I am very new to powershell, still trying to figure out how it works. I have so far written a short script to take details from a CSV and poulate properties in AD.
If I use the username i.e smithj it works fine but I can't get it to take a name like John Smith and find the account it is associated with. This is the same with the manager field, it will take the username but I cant get it to take a full name.
Any help or advice would be much appreciated.
Import-module ActiveDirectory
$List = Import-CSV "\\SharedServer\shared\MYCSV.csv" | % {
$User = $_.UserName
$ID = $_.EmployeeID
$EmployeeNumber = $_.EmployeeNumber
$Description = $_.Description
$Department = $_.Department
$Title = $_.Title
$AccountExpirationDate = $_.AccountExpire
$Manager = $_.Manager
Set-ADUser $User -employeeID $ID -EmployeeNumber $EmployeeNumber -Description $Description -Department $Department -Title $Title -Manager $Manager -AccountExpirationDate $AccountExpirationDate
}
Depending on what the CSV contains for UserName and Manager, the best would be to have the SamAccountName or DistinguishedName because these attributes are unique within the same domain.
UserPrincipalName or EmailAddress would also do nicely for targeting the correct user.
From your question however, I gather that the CSV has the users Name in there that should correspond to the Name property of an AD user.
In that case I agree with I.T Delinquent that you can use that in the Filter parameter for Get-ADUser and that is also what my example code below uses.
Then there is the question of how you have entered the date for the AccountExpirationDate in the CSV file..
This parameter wants a DateTime object, not a string, so you'll have to convert that before use.
Finally, I would suggest using Splatting for cmdlets like Set-ADUser that take a lot of parameters.
Something like this:
Import-CSV "\\SharedServer\shared\MYCSV.csv" | ForEach-Object {
$user = Get-ADUser -Filter "Name -eq '$($_.UserName)'" -ErrorAction SilentlyContinue
if (!$user) {
Write-Warning "User '$($_.UserName)' not found"
}
else {
# convert the date string from the CSV into a real DateTime object
# Since I cannot see the CSV, you may need to do this using [DateTime]::ParseExact()
$expireDate = Get-Date $_.AccountExpire
# create a Hashtable for the parameters
$userProps = #{
'EmployeeID' = $_.EmployeeID
'EmployeeNumber' = $_.EmployeeNumber
'Description' = $_.Description
'Department' = $_.Department
'Title' = $_.Title
'AccountExpirationDate' = $expireDate
}
# get the manager object from the name
$manager = Get-ADUser -Filter "Name -eq '$($_.Manager)'" -ErrorAction SilentlyContinue
if ($manager) {
$userProps['Manager'] = $manager.DistinguishedName
}
$user | Set-ADUser #userProps
}
}
When using UserPrincipalName or EmailAddress, change the Filter into "UserPrincipalName -eq '$($_.UserName)'" or "EmailAddress -eq '$($_.UserName)'".
You might even want to experiment with Ambiguous Name Resolution..
I would use Get-ADUser and then pipe the object that was returned into Set-ADUser. Here is a quick example:
Get-ADUser -Filter " Name -eq 'Name here' " | Set-ADUser -employeeID $ID
I am trying to get a script to work that will organize my active directory accounts based off of their display name since all of our accounts have their OU in their name (or a subOU). I am trying to do this with an If statement inside of a ForEach loop in PowerShell. Every time I run it though, it keeps asking me for an identity. Can anyone help me fix this? This is what I have...
Import-Module ActiveDirectory
$OU = "OU=Test, OU=com"
$Test1OU = "OU=Test1, OU=Test, OU=Com"
$Test2OU = "OU=Test2, OU=Test, OU=Com"
$Users = (Get-ADUser -SearchBase $OU -Filter * -Properties samAccountName,DisplayName)
ForEach ($user in $users)
{
If ($($user.DisplayName -like ("*Supply*" -or "*Supplies*"))
{Move-ADObject -Identity $($user.samAccountName -TargetPath $Test1OU}
ElseIf ($($user.DisplayName -like ("*Accounting*" -or "*Accountant*"))
{Move-AdObject -TargetPath $Test2OU}
}
You are running into a few problems here
Like Vesper said you are not passing anything to Move-ADObject hence the error you are getting
$DisplayNames is not a string array of names but an object with a displayname property. That is what -ExpandProperty parameter is for with Select-Object FYI.
You are pulling all the users but only really want to process certain ones. Instead of -Filter * lets use a more targeted approach.
While it is tempting you cant nest -like conditions like that. If you take "*Supply*" -or "*Supplies*" and type that it will evaluate to true. Same as all non zero length strings.
For what we plan on doing we will not have to address all those issues. We should use the pipeline to help with this. Depending on how many variances you have something like a switch statement might be better which is covered below.
$supplyFilter = 'DisplayName -like "*Supply*" -or DisplayName -like "*Supplies*"'
$accountFilter = 'DisplayName -like "*Accounting*" -or DisplayName -like "*Accountant*"'
Get-ADUser -SearchBase $OU -Filter $supplyFilter -Properties displayName | Move-ADObject -TargetPath $Test1OU
Get-ADUser -SearchBase $OU -Filter $accountFilter -Properties displayName | Move-ADObject -TargetPath $Test2OU
You could get freaky with this and make a custom object in a loop with filter and target pairs so that you don't need to repeat the cmdlet call to each Get-ADuser instance.
$moves = #(
#{
Filter = 'DisplayName -like "*Supply*" -or DisplayName -like "*Supplies*"'
OU = "OU=Test1, OU=Test, OU=Com"
},
#{
Filter = 'DisplayName -like "*Accounting*" -or DisplayName -like "*Accountant*"'
OU = "OU=Test2, OU=Test, OU=Com"
}
) | ForEach-Object{New-Object -TypeName PSCustomObject -Property $_}
ForEach($move in $moves){
Get-ADUser -SearchBase $OU -Filter $move.Filter -Properties displayName | Move-ADObject -TargetPath $move.OU
}
You should be able to scale into this easily by adding new $moves. This would be cleaner with PowerShell v3.0 but I do not know what version you have.
Using a switch
If you want something closer to what your currently have I would suggest something like this instead then.
$Users = Get-ADUser -SearchBase $OU -Filter * -Properties DisplayName
ForEach ($user in $users){
switch($user.DisplayName) {
($_ -like "*Supply*" -or $_ -like "*Supplies*"){Move-ADObject -Identity $user -TargetPath $Test1OU}
($_ -like "*Accounting*" -or $_ -like "*Accountant*"){Move-ADObject -Identity $user -TargetPath $Test1OU}
}
}
I'm not able to test currently, but this should do the trick:
Import-Module ActiveDirectory
$OU = "OU=Test, OU=com"
$Test1OU = "OU=Test1, OU=Test, OU=Com"
$Test2OU = "OU=Test2, OU=Test, OU=Com"
$users = (Get-ADUser -SearchBase $OU -Filter * -Properties displayName)
foreach ($user in $users)
{
if ($($user.displayName) -like "*Supply*" -OR $($user.displayName) -like "*Supplies*")){
Move-ADObject -Identity $user -TargetPath $Test1OU
}
elseif ($($user.displayName) -like "*Accounting*" -OR $($user.displayName) -like "*Accountant*")) {
Move-AdObject -Identity $user -TargetPath $Test2OU
}
}
I've Added an Identity Parameter to Move-ADObject also i've changed some of the var names to better reflect their content.
I'm somewhat new to writing PS scripts, I usually only need simple one or two liners, but for this I'm trying to loop through a specific OU in Active Directory to find each users department, add "grp" before it and add them to the security group by that name. For example, a department might be something like 10005 so I'd like to add them to security group named "grp10005". Here's what I have but it isn't working.
Import-Module ActiveDirectory
$users = $i = $null
$strCC
$strGRP = 'grp' & strCC
$users = Get-ADUser -SearchBase "ou=Test,ou=OurUsers,ou=Logins,dc=domain,dc=com" -filter * {department -eq $strCC}
ForEach($user in $users)
{
Add-ADGroupMember 'strGRP' -Members $_.DistinguishedName
-ErrorAction SilentlyContinue
$i++
}
I removed the syntax errors and modified the approach a bit.
Import-Module ActiveDirectory
$users = $null
$strDept = "Finance"
$strGRP = ('grp' + $strDept)
$users = Get-ADUser -SearchBase "ou=Test,ou=OurUsers,ou=Logins,dc=domain,dc=com" -Filter { Department -eq $strDept }
ForEach($user in $users)
{
Add-ADGroupMember 'strGRP' -Members $user.DistinguishedName
-ErrorAction SilentlyContinue
}
Edit:
Based on the comments below it sounds like you are not wanting to use a filter at all but you want to check every user in the OU, find out what their current department is, then add them to a group by that name but with "grp" prefixed on to it.
Here is a possible solution:
Import-Module ActiveDirectory
$users = $null
$users = Get-ADUser -SearchBase "ou=Test,ou=OurUsers,ou=Logins,dc=domain,dc=com" -Filter * -Properties Department
ForEach($user in $users)
{
Add-ADGroupMember ("grp" + $user.Department) -Members $user.DistinguishedName -ErrorAction SilentlyContinue
}
You can use the following code:
Import-Module ActiveDirectory
$users = $null
$i = 0
$strCC = "CC"
$strGRP = ("GroupName" + $strCC)
$users = Get-ADUser -SearchBase "ou=Test,ou=OurUsers,ou=Logins,dc=domain,dc=com" -filter {department -eq $strCC}
ForEach($user in $users)
{
Add-ADGroupMember $strGRP -Members $user.DistinguishedName `
-ErrorAction SilentlyContinue
$i++
}
Note the difference between the two types of loop:
$array | foreach-object {
Write-Host $_
}
and:
foreach ($item in $array) {
Write-Host $item
}
I'm trying to use this powershell script to update AD users. Ideally I'll be updating a bunch of attributes, but for now I'm just trying to get it to update the department just so I get tell if it's working.
Import-Module ActiveDirectory
$dataSource=import-csv "c:\ADupdate.csv"
foreach($dataRecord in $datasource) {
$employeeID=$dataRecord.employeeID
# List of attributes to update
$department=$dataRecord.department
Get-ADUser -SearchBase "ou=Test,ou=OurUsers,ou=Logins,dc=domain,dc=com" -Identity $employeeID -Properties department | Set-ADUser -Replace #{department=$department}
}
Figured out my own problem. Here is what I ended up using if anyone else is interested... though I'm using a lot of attributes.
Import-Module ActiveDirectory
$users = Import-Csv -Path c:\update.csv
foreach ($user in $users) {
Get-ADUser -Filter "employeeID -eq '$($user.employeeID)'" -Properties * -SearchBase "ou=Test,ou=OurUsers,ou=Logins,dc=domain,dc=com" |
Set-ADUser -employeeNumber $($user.employeeNumber) -department $($user.department) -title $($user.title) -office $($user.office) -streetAddress $($user.streetAddress) -City $($user.City) -state $($user.state) -postalCode $($user.postalCode) -OfficePhone $($user.OfficePhone) -mobile $($user.mobile) -Fax $($user.Fax) -replace #{"extensionAttribute1"=$user.extensionAttribute1; "extensionAttribute2"=$user.extensionAttribute2; "extensionAttribute3"=$user.extensionAttribute3}
}