We Keep Coding

A Script that pulls list of AD users and returns manager info

I'm working on script to pull the users' name, email address, and their manager info. I need some help. I have this so far
$requestedUsers = Import-Csv "ADUserlist.csv"
$allUsers = Get-ADUser -filter 'Enabled -eq $true' -Properties name, EmailAddress, Manager
$filterdUsers = $allUsers | Where-Object { $_.SamAccountName -in$requestedUsers.SamAccountName }
$report = foreach ($user in $filterdUsers) {
$managerEmail = $allUsers |
Where-Object DistinguishedName -eq $user.Manager |
Select-Object -ExpandProperty EmailAddress
[PSCustomObject][ordered]#{
DisplayName = $user.Name
EmailAddress = $user.EmailAddress
ManagerEmail = $managerEmail
}
}
$report | Out-GridView
there is no output I don't know where exactly I made a mistake. So I need help if there is any changes to be made.

It should be something like this
Import-Module -name 'ActiveDirectory'
$requestedUsers = Import-Csv -path "ADUserlist.csv" #Full path required
$allUsers = Get-ADUser -filter 'Enabled -eq $true' -Properties 'name', 'EmailAddress', 'Manager'
$filterdUsers = $allUsers | Where-Object { $_.SamAccountName -in $requestedUsers.SamAccountName }
$report = #()
foreach ( $user in $filterdUsers ) {
$managerEmail = ( $allUsers | Where-Object { $_.DistinguishedName -eq $user.Manager } ).EmailAddress
$PSO = [PSCustomObject]#{
DisplayName = $user.Name
EmailAddress = $user.EmailAddress
ManagerEmail = $managerEmail
}
$report += $PSO
}
$report | Out-GridView
If you run this script on AD controller, first you must import module ActiveDirectory.
If you run this script on non AD controller you must use powershell remoting to connect to AD controller and run the script. And of course you must have privilege to run such scripts.

Using a .txt file to find ManagedBy and ManagedBy Email within an AD Group

I'm having issues trying to have my script read and apply the AD groups with my script. Right now, it's just posting what's in my script, but I would like to have the script read what's in my .txt file and use it with the rest of my script.
$filePath = "C:\Users\UserName\Downloads\ADGroupList.txt"
Get-Content -Path $filePath
Get-ADGroup -filter {Name -like "$filePath" } -Properties managedBy |
ForEach-Object {
$managedBy = $_.managedBy;
if ($managedBy -ne $null)
{
$manager = (get-aduser -Identity $managedBy -Properties emailAddress);
$managerName = $manager.Name;
$managerEmail = $manager.emailAddress;
}
else
{
$managerName = 'N/A';
$managerEmail = 'N/A';
}
Write-Output $_; } |
Select-Object #{n='Group Name';e={$_.Name}}, #{n='Managed By Name';e={$managerName}}, #{n='Managed By Email';e={$managerEmail}}
Export-Csv -Path "C:\Users\UserName\Documents\ADGroupManagerList.csv"

The easiest way is to loop over the group names you have in the ADGroupList.txt file (assuming this is a list of group names, each on a separate line)
$filePath = "C:\Users\UserName\Downloads\ADGroupList.txt"
# just loop over the group names you have in the text file and capture the output
$result = Get-Content -Path $filePath | ForEach-Object {
$group = Get-ADGroup -Filter "Name -like '$_'" -Properties managedBy
# create an object pre filled in when no manager was found
$obj = [PsCustomObject]#{
'Group Name' = $group.Name
'Managed By Name' = 'N/A'
'Managed By Email' = 'N/A'
}
# test if the ManagedBy is populated
if (-not [string]::IsNullOrWhiteSpace($group.ManagedBy)) {
# try to use the DN in property ManagedBy to find the manager
try {
$manager = Get-ADUser -Identity $group.ManagedBy -Properties EmailAddress -ErrorAction Stop
$obj.'Managed By Name' = $manager.Name
$obj.'Managed By Email' = $manager.EmailAddress
}
catch {
Write-Warning "No user found for '$($group.ManagedBy)'.. Please check AD."
}
}
# output the object so it gets collected in variable $result
$obj
}
# write the file
$result | Export-Csv -Path "C:\Users\UserName\Documents\ADGroupManagerList.csv" -NoTypeInformation

For workaround you can use this powershell script to get the mangedBy of groups.
Get-ADGroup -filter * -Properties managedBy |
ForEach-Object {
$managedBy = $_.managedBy;
if ($managedBy -ne $null)
{
$manager = (get-aduser -Identity $managedBy -Properties emailAddress);
$managerName = $manager.Name;
$managerEmail = $manager.emailAddress;
}
else
{
$managerName = 'N/A';
$managerEmail = 'N/A';
}
Write-Output $_; } |
Select-Object #{n='Group Name';e={$_.Name}}, #{n='Managed By Name';e={$managerName}}, #{n='Managed By Email';e={$managerEmail}}

Modifying PowerShell script to display RecipientDetailsType and FullAccess permission

I need to modify the below PowerShell script to show two more column called RecipientDetailsType and FullAccess.
The below PowerShell code is already working, but I need to get two more additional columns.
$DataPath = "C:\TEMP\Delegates-Results.csv"
$Results = #()
$MailboxUsers = Get-Mailbox -ResultSize Unlimited -Database CAB-DB02
foreach($user in $mailboxusers) {
$UPN = $user.UserPrincipalName
$MbxStats = Get-MailboxStatistics $UPN
$UserNotes = Get-User $UPN
$delegates = #(Get-MailboxPermission -Identity $UPN |
Where-Object { ($_.AccessRights -like "*FullAccess*") -and
(-not $_.IsInherited) -and
($_.User.toString() -ne "NT AUTHORITY\SELF") -and
($_.User.toString() -notlike '*Discovery Management*') } |
Select-Object #{Name='Delegate'; Expression={(Get-Recipient $_.User.toString()).DisplayName}},
#{Name='AccessRights';Expression={$_.AccessRights -join ', '}})
$Properties = #{
Name = $user.name
PrimarySmtpAddress = $user.PrimarySmtpAddress
RecipientTypeDetails = $user.RecipientTypeDetails
FullAccess = $user.FullAccess
UPN = $UPN
Alias = $user.alias
OU = $user.organizationalunit
Server = $MbxStats.servername
Database = $MbxStats.databasename
TotaItemSize = [math]::Round(($MbxStats.TotalItemSize.ToString().Split("(")[1].Split(" ")[0].Replace(",","")/1MB),2)
Delegates = $delegates.Delegate -join ', '
Notes = $UserNotes.Notes
}
$Results += New-Object psobject -Property $properties
}
$Results | Sort-Object -Property TotaItemSize | Select-Object Name,UPN,Alias,RecipientTypeDetails,FullAccess,OU,Server,Database,TotaItemSize,Notes,Delegates | Export-Csv -notypeinformation -Path $DataPath

Have you tried modifying $Properties to:
$Properties = #{
Name = $user.name
PrimarySmtpAddress = $user.PrimarySmtpAddress
RecipientDetailsType = $user.RecepientDetailsType
FullAccess = $user.FullAccess
UPN = $UPN
Alias = $user.alias
OU = $user.organizationalunit
Server = $MbxStats.servername
Database = $MbxStats.databasename
TotaItemSize = [math]::Round(($MbxStats.TotalItemSize.ToString().Split("(")[1].Split(" ")[0].Replace(",","")/1MB),2)
Notes = $UserNotes.Notes
}
$Results | Sort-Object -Property TotaItemSize | Select-Object Name,UPN,Alias,RecepientDetailsType,FullAccess,OU,Server,Database,TotaItemSize,Notes | Export-Csv -notypeinformation -Path $DataPath
If that doesn't work, let me know and I'll try it in our Exchange environment.

Which adusers in a specific department are managers of Exchange Distribution groups?

I have listed users in our AD with this:
Get-ADUser -Filter * -Properties department |
Where-Object {$_.department -Like "F0*"} |
Select sAMAccountName, department
It outputs all users of interest.
Now I wanna go through these users and find all of them that are managers of one or several Exchange distribution Groups. And have an output with username and name of distribution Group(s) , is this possible?

As Paxz already commented, you should go 'the other way' on this. If you want to get names and departments of managers of distribution groups, start with getting those first.
Something like this would probably do it:
# get the distribution groups where the ManagedBy property is set
Get-DistributionGroup | Where-Object { $_.ManagedBy } | ForEach-Object {
# then go through all possible listed managers and get their DisplayName and Department
foreach ($id in $_.ManagedBy) {
try {
# use '-ErrorAction Stop' to make sure the catch block is entered upon failure
$manager = Get-AdUser -Identity $id -Properties DisplayName, Department -ErrorAction Stop
$mgrName = $manager.DisplayName
$mgrDept = $manager.Department
}
catch {
# output failed result(s)
$mgrName = 'Obsolete user'
$mgrDept = 'Unknown'
}
# output the result(s) as PSObjects
New-Object -TypeName PSObject -Property #{
'Distribution Group' = $_.Name
'Manager' = $mgrName
'Department' = $mgrDept
}
}
}
If you would like to store the results in a csv file, you can extend the script to something like this:
$fileName = '<Enter the full path and filename here for the output csv file>'
# collect all results in an array
$results = #()
Get-DistributionGroup | Where-Object { $_.ManagedBy } | ForEach-Object {
foreach ($id in $_.ManagedBy) {
try {
# use '-ErrorAction Stop' to make sure the catch block is entered upon failure
$manager = Get-AdUser -Identity $id -Properties DisplayName, Department -ErrorAction Stop
$mgrName = $manager.DisplayName
$mgrDept = $manager.Department
}
catch {
# output failed result(s)
$mgrName = 'Obsolete user'
$mgrDept = 'Unknown'
}
$results += New-Object -TypeName PSObject -Property #{
'Distribution Group' = $_.Name
'Manager' = $mgrName
'Department' = $mgrDept
}
}
$results | Export-Csv -Path $fileName -UseCulture -NoTypeInformation -Force

Return results from function for $body of email

The script below is excellent but I am unable to figure out how to assign it to a string that can be used as the body of an email. Can someone help a newbie on this one?
#Requires -Version 2.0
Function Get-LockedOutLocation {
<#
.SYNOPSIS
This function will locate the computer that processed a failed user logon attempt which caused the user account to become locked out.
.DESCRIPTION
This function will locate the computer that processed a failed user logon attempt which caused the user account to become locked out.
The locked out location is found by querying the PDC Emulator for locked out events (4740).
The function will display the BadPasswordTime attribute on all of the domain controllers to add in further troubleshooting.
.EXAMPLE
PS C:\>Get-LockedOutLocation -Identity Joe.Davis
This example will find the locked out location for Joe Davis.
.NOTE
This function is only compatible with an environment where the domain controller with the PDCe role to be running Windows Server 2008 SP2 and up.
The script is also dependent the ActiveDirectory PowerShell module, which requires the AD Web services to be running on at least one domain controller.
Author:Jason Walker
Last Modified: 3/20/2013
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)]
[String]$Identity
)
Begin {
$DCCounter = 0
$LockedOutStats = #()
Try {
Import-Module ActiveDirectory -ErrorAction Stop
} Catch {
Write-Warning $_
Break
}
}#end begin
Process {
#Get all domain controllers in domain
$DomainControllers = Get-ADDomainController -Filter *
$PDCEmulator = ($DomainControllers | Where-Object {$_.OperationMasterRoles -contains "PDCEmulator"})
$pdcemulator
Write-Verbose "Finding the domain controllers in the domain"
Foreach ($DC in $DomainControllers) {
$DCCounter++
Write-Progress -Activity "Contacting DCs for lockout info" -Status "Querying $($DC.Hostname)" -PercentComplete (($DCCounter/$DomainControllers.Count) * 100)
Try {
$UserInfo = Get-ADUser -Identity $Identity -Server $DC.Hostname -Properties AccountLockoutTime,LastBadPasswordAttempt,BadPwdCount,LockedOut -ErrorAction Stop
} Catch {
Write-Warning $_
Continue
}
If ($UserInfo.LastBadPasswordAttempt) {
$LockedOutStats += New-Object -TypeName PSObject -Property #{
Name = $UserInfo.SamAccountName
SID = $UserInfo.SID.Value
LockedOut = $UserInfo.LockedOut
BadPwdCount = $UserInfo.BadPwdCount
BadPasswordTime = $UserInfo.BadPasswordTime
DomainController = $DC.Hostname
AccountLockoutTime = $UserInfo.AccountLockoutTime
LastBadPasswordAttempt = ($UserInfo.LastBadPasswordAttempt).ToLocalTime()
}
}#end if
}#end foreach DCs
$LockedOutStats | Format-Table -Property Name,LockedOut,DomainController,BadPwdCount,AccountLockoutTime,LastBadPasswordAttempt -AutoSize
#Get User Info
Try {
Write-Verbose "Querying event log on $($PDCEmulator.HostName)"
$LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName -FilterHashtable #{LogName='Security';Id=4740} -ErrorAction Stop | Sort-Object -Property TimeCreated -Descending
} Catch {
Write-Warning $_
Continue
}#end catch
Foreach ($Event in $LockedOutEvents) {
If ($Event | Where {$_.Properties[2].value -match $UserInfo.SID.Value}) {
$Event | Select-Object -Property #(
#{Label = 'User'; Expression = {$_.Properties[0].Value}}
#{Label = 'DomainController'; Expression = {$_.MachineName}}
#{Label = 'EventId'; Expression = {$_.Id}}
#{Label = 'LockedOutTimeStamp'; Expression = {$_.TimeCreated}}
#{Label = 'Message'; Expression = {$_.Message -split "`r" | Select -First 1}}
#{Label = 'LockedOutLocation'; Expression = {$_.Properties[1].Value}}
)
}#end ifevent
}#end foreach lockedout event
}#end process
}#end function
Get-LockedOutLocation -Identity y59x

Your output is an object, or a list of objects. You need to transform it into a string for sending it via e-mail. Depending on what you want the mail body to look like, you could do something like this:
$body = Get-LockedOutLocation -Identity y59x |
Format-Table -AutoSize | Out-String
or like this:
$body = Get-LockedOutLocation -Identity y59x | Format-List | Out-String
or (if you want to send HTML mail) like this:
$body = Get-LockedOutLocation -Identity y59x | ConvertTo-Html -Fragment