I've got a requirement. As part of which, I'm trying to export the ACLs on an Exchange mailbox to a CSV and importing it a bit later. One of the attribute on Exchange mailbox permissions is an array so our CSV header has $_.AccessRights as the array's header since we use Select {$_.AccessRights} to export this array.
The problem arises when importing because Import-Csv won't like this. I'm trying to find a way to edit just the $_. out of the header only for that attribute and re-write the file before importing it again. Have tried Import-Csv -Header and Get-Object with -replace with no luck so far. Any other thoughts?
Edit: I'm actually not just trying to do Import-Csv but actually trying to run run Add-MailboxPermission - Exchange script to import ACLs on a mailbox. So, the code I'm trying to run is
Import-Csv $ACLExportFile | foreach { Add-MailboxPermission -Identity $_.Identity -user $_.user -AccessRights $_.AccessRights | Out-File $LogACLImport -append }
Where $ACLExportFile is the permissions file I exported earlier using
Get-Mailbox -identity $OldUser | Get-MailboxPermission | Select {$_.AccessRights}, Deny, InheritanceType, User, Identity, IsInherited, IsValid | Export-Csv $ACLExportFile
Sample file that I got is
Uploaded to Google Drive here
Not sure to understand the question.
Have a look to Select-Object CmdLet, you can provide a property parameter that can be a new calculated property. To create a calculated, property, use a hash table. Valid keys are:
-- Name (or Label)
-- Expression or
-Property #{Name="AccessRights";Expression={$_.AccessRights}}
Edit :
In you case, when you export you should use :
Get-Mailbox -identity $OldUser | Get-MailboxPermission | Select #{Name="AccessRights"; Expression={$_.AccessRights}}, Deny, InheritanceType, User, Identity, IsInherited, IsValid | Export-Csv $ACLExportFile
So that you can import like this :
Import-Csv $ACLExportFile | foreach { Add-MailboxPermission -Identity $_.Identity -user $_.user -AccessRights $_.AccessRights | Out-File $LogACLImport -append }
Related
Trying to look up a user by DisplayName from a txt file and trying to export it to a CSV.
The expected goal is to have a list of LastName, FirstName (displaynames.txt), have it return an exported CSV file with the information in the "Format-Table" within the code.
Here's the code I've tried
ForEach ($DN in (Get-Content -Path c:\displaynames.txt))
{ Get-ADUser -Filter { displayName -like "*$DN*" } -SearchBase "DC=DOMAIN,DC=NET" | Format-Table Surname,GivenName,SamAccountName,UserPrincipalName | Out-File C:\UserAD.csv
}
the file returns blank. Thoughts? much appreciated in advance
Give this a try, as Jonathan mentioned in his comment, Format-Table is meant to display formatted information to the console and, even though you can use it to export the formatted information to a file it will definitely not be a CSV.
The other potential problem on your code, is that C:\UserAD.csv is getting replaced on each iteration of the loop because Out-File doesn't have the -Append switch.
Get-Content -Path c:\displaynames.txt | ForEach-Object {
if(-not [string]::IsNullOrWhiteSpace($_))
{
Get-ADUser -LDAPFilter "(displayName=*$_*)" -SearchBase "DC=NWIE,DC=NET"
}
} | Select-Object Surname, GivenName, SamAccountName, UserPrincipalName |
Export-Csv path/to/csv.csv -NoTypeInformation
I have the following script, already working well:
$mailboxes = Get-Content "D:\powershell\Permmisions\mailboxes.txt"
foreach ($user in $mailboxes){
get-mailboxpermission -identity $user -ResultSize Unlimited |
where {$_.user -notlike "*NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} |
select #{Name="Displayname"; Expression={(Get-Recipient $_.user.ToString()).Displayname.ToString()}}, #{Name="primarysmtpaddress"; Expression={(Get-Recipient $_.user.ToString()).primarysmtpaddress.ToString()}}, user, #{Name="AccessRights";Expression={$_.AccessRights}} | Export-Csv "D:\powershell\Mailboxes\Mailbox_Permmisions.csv" -Append
}
Output on the csv, looks like this:
What i wish to do next is to add three more columns to the CSV output:
Member user`s - samaccountname
Shared/Target Mailbox`es - Display Name
Shared/Target Mailbox`es - Smtp Address
Target Mailbox = Mailbox id i read from mailboxes.csv file, on the start of the script.
Thanks in advance , everyone's help is most appreciate.
You're going to have add more properties to the psobject and query the data via the Get-Mailbox cmdlet.
You're already doing something similar here:
#{Name="Displayname"; Expression={(Get-Recipient $_.user.ToString()).Displayname.ToString()}}
I have a script to import a list of users and want to check if any of these users are disabled. I did try to run the script below but it doesn't filter the users in the CSV file it filters everyone in the entire organization. any suggestions would be appreciated. displayname and SIP address in one of the headers in the CSV file if needed to use the header.
Import-CSV -Path .\Piscataway-+1732.csv | ForEach-Object {
Get-ADUser -Filter "Enabled -eq '$true'" | select Enabled,EmailAddress,SamAccountName
} | Export-CSV .\results77.csv -NoTypeInformation
You have several issues:
You are piping From Import-Csv to ForEach-Object. So Get-ADUser doesn't really know you are piping it input objects.
Get-ADUser's -Identity parameter is by value, not by property name. so you need to echo the appropriate column to send it down the pipe.
If you pipe and use the -Filter parameter the filter is going to apply to the whole domain. It's not going to limit the filter to what you piped in.
If you want the email address to be output you have to tell Get-ADUser to retrieve it.
Try something like this:
Import-CSV -Path .\Piscataway-+1732.csv |
ForEach-Object{ $_.samAccountName }
Get-ADUser -Properties mail |
Where-Object{ $_.Enabled }
Select-Object Enabled,mail,SamAccountName |
Export-CSV .\results77.csv -NoTypeInformation
Note: The Property for the email address is "mail".
Note: Since we don't have a sample of the CSV file the above example
assumes there's a column names samAccountName.
Now, if you want the output to come from the CSV file but validate it according to the user's status in AD we have to change the approach. As always there are several ways to do this.
Example 1:
Import-CSV -Path "c:\temp\test.csv" |
Select-Object #{Label = 'Enabled'; Expression = { ( Get-ADUser $_.samAccountName ).Enabled } },EmailAddress,samAccountName |
Export-CSV -Path "c:\temp\Output.csv" -NoTypeInformation
This again assumes the column name (samAccountName). It also assumes there is not already an "enabled" column. So we are adding a property called enabled that we're getting via Get-ADUser. Then finally re-exporting to Csv.
Example 2:
$CsvData = Import-CSV -Path "c:\temp\test.csv"
$EnabledUsers =
(
$CsvData |
ForEach-Object{ $_.samAccountName } |
Get-ADUser |
Where-Object{ $_.Enabled }
).samAccountName
$CsvData |
Where-Object{ $EnabledUsers -contains $_.samAccountName } |
Select-Object #{Label = 'Enabled'; Expression = { $true } },EmailAddress,samAccountName |
Export-Csv -Path "c:\temp\Output.csv" -NoTypeInformation
Example 1 is great for small jobs but too many individual calls to Get-ADUser might be slow for larger runs. In this example Import the CSV data once. Then use it to get a flat list of those entries that are enabled in AD. Once you have that you can use the -contains operator to check if the account is enabled. Once again there's a little extra work to add the "Enabled" property.
This should give you a general idea. There are probably a dozen more ways to do this, but hopefully this give you a good idea of what has to happen. Let me know if this helps.
I've got a script which does a permission report on all mailboxes from csv file but need to add source mailbox identity string to the report.
import-csv "\\networkshare\import.csv" | foreach {Get-MailboxFolderPermission -Identity $_.user | Select Identity,User,AccessRights} | Export-csv \\output.csv
The problem is that report is useless unless I get information about to whom other users have access. So I'm wondering how can I add something like:
Select Identity,User,AccessRight,$_.user
But in this way it does not work...
Store $_.User in a variable and use calculated propeties to add it later. Ex.
Import-Csv "\\networkshare\import.csv" | ForEach-Object {
$u = $_.user
Get-MailboxFolderPermission -Identity $_.user |
Select Identity,User,AccessRights,#{n="InputUser";e={$u}}
} | Export-csv \\output.csv
You've to:
Select Identity,User,AccessRight,#{l="somethingAdded";e={$_.propertyToAdd}}
This is called a calculated property
Hope that helps
I am trying to create a script that will do the above,
I did something like that:
Search-ADAccount -AccountDisabled | Export-Csv -Path C:\csv\DisabledUsers.csv -NoTypeInformation
$csv = Import-Csv -Path c:\csv\DisabledUsers.csv
foreach ($SamAccountName in $csv)
{
Get-ADPrincipalGroupMembership | format table | Export-Csv -Path C:\csv\DisabledUsersGroupM.csv -NoTypeInformation
}
It is work fine until the foreach part. Seems like no values imported from the CSV.
I get this:
cmdlet Get-ADPrincipalGroupMembership at command pipeline position
Supply values for the following parameters:
(Type !? for Help.)
Identity:
What am I doing wrong?
You're calling Get-ADPrincipalGroupMembership without a required parameter (the identity of the object whose group membership you want to obtain).
Change
Get-ADPrincipalGroupMembership
to
Get-ADPrincipalGroupMembership $SamAccountName
Also, the Export-Csv inside the loop would overwrite the output file with every iteration, so you'd end up with just the groups of the last user. Add the parameter -Append to avoid this.
With that said, a much simpler approach would probably be a pipeline like this:
Search-ADAccount -AccountDisabled |
Select-Object SamAccountName, #{n='Groups';e={(Get-ADPrincipalGroupMembership $_.SamAccountName | Select-Object -Expand Name) -join ';'}} |
Export-Csv 'C:\csv\DisabledUsers.csv' -NoType