I have a query regarding searching AD.
I have written this piece of code for moving HomeDrives of users which does not have an AD account in the AD.
Get-ChildItem -LiteralPath "\\server1\path" -Force |
Where-Object {$_.PSIsContainer} |
ForEach-Object {
$Name = Split-Path -Path $_ -Leaf
$ADResult = ([adsisearcher]"(samaccountname=$Name)").Findone()
if (!($ADResult)) {
$sNewPath = "\\server1\newpath"
Move-Item -Path $_.Fullname -Destination $sNewPath -Force
}
}
The thing is that I want to run this from another server and the AD is on another server.But this:
$ADResult = ([adsisearcher]"(samaccountname=$Name)").Findone()
will run only if AD is on this server.
So I want to replace this line with a solution that can access AD which is on server2.
Can I use Get-ADUser or Search-ADAccount to achieve this?
I use:
Get-WmiObject Win32_UserAccount
You can specify the username with a filter.
Get-WmiObject Win32_UserAccount -filter 'name="username"'
Related
I want to copy a file to all users in a specific OU using powershell (My knowledge is not great and have just tried amending stuff I have found on google)
So this is what I have tried
$Source = '\\\FS1\D$\Component 3 Skills log template.docx'
$users = Get-ADUser -Filter * -SearchBase 'OU=Drama,OU=ComputerBasedExams,OU=TAW100STUDENTS,OU=TAW100,DC=something,DC=co,DC=uk'
$Destination = '\\\FS1\\Homes\taw100students\'
foreach ($i in $users){
{Copy-Item $Source -Destination $Destination\\$i -Recurse}
I do not get any error, but the files do not copy either
If you aren't sold on using powershell for this i would recommend using Group Policy to push files to a group of user or machines.
Here's a good tutorial on how to use gpo:
http://woshub.com/copy-files-on-all-computers-group-policy/
I had some help elsewhere and this code worked
$Source = '\\FS1\D$\Component 3 Skills log template.docx'
$Destination = '\\FS1\Homes\taw100students'
$sb='OU=Drama,OU=ComputerBasedExams,OU=TAW100STUDENTS,OU=TAW100,DC=something,DC=co,DC=uk'
Get-ADUser -Filter * -SearchBase $sb |
ForEach-Object{
$dest = "{0}\{1}" -f $Destination, $_.Name
Copy-Item $Source -Destination $dest
}
I want to compress a directory in a specific place.
The source path is : \\$Computers\Users\$Names
I want than for each computers a copy of each users directory in the sources path of each computers
I tried to use a foreach loop like :
$Computers = Get-ADComputer -Filter "Name -like 'PC*'" | Select-Object -ExpandProperty Name
$Names = Get-aduser -filter * | Select-Object -ExpandProperty givenname
Foreach($Computer in $Computers)
{
Compress-Archive -Path \\$Computer\Users\* -DestinationPath C:\Saves\\$Computer\Test.zip -Force
}
This actually work, but I don't know how can I add a second loop inside the loop.
If anyone can just explain me the function or just some advises please for trying to do that.
Thank you for your time.
You're approaching the problem with the wrong logic, you do need an inner loop, however, instead of attempting to compress a user profile that you don't know for sure is there you can instead query the remote computer's Users folder to see which ones are there and compress only those ones:
$Computers = (Get-ADComputer -Filter "Name -like 'PC*'").Name
# Add the profiles you want to exclude here:
$toExclude = 'Administrator', 'Public'
$params = #{
Force = $true
CompressionLevel = 'Optimal'
}
foreach($Computer in $Computers)
{
$source = "\\$Computer\Users"
Get-ChildItem $source -Exclude $toExclude -Directory | ForEach-Object {
$params.LiteralPath = $_.FullName
# Name of the zipped file would be "ComputerExample - UserExample.zip"
$params.DestinationPath = "C:\Saves\$computer - {0}.zip" -f $_.Name
Compress-Archive #params
}
}
I want to remove ALL AD User objects from a directory/folder security.
So, this maybe a stupid post and i appologise if it is...but basically i want to recurse through a directoery and remove all user objects from permissions. Folder permissions should be secured using groups, buit occasionally there are user onjects directly being added to folders breaking the rules. I've got a simple little script that works great for specific users, but i'm having trouble setting this to use a variable, eg all domain user accounts. If i specify the $user variable as an AD search for instance it just doesnt work, eg $USER = 'Get-ADuser -filter * -Server 'DOMAIN -properties SamAccountName | Select SamAccountName
I'm assumign this doesnt like the variable field set this way. Any help or advise much appreciated. Thanks.
$filepath = 'C:\Temp\ACLTesting'
$user = 'DOMAIN\USER'
Get-ChildItem $filePath -Recurse -Directory | ForEach-Object {
$acl = Get-Acl -Path $_.FullName
$acl.Access | Where-Object {
$_.IdentityReference.Value -eq $user
} | ForEach-Object {
$acl.RemoveAccessRule($_) | Out-Null
}
Set-Acl -Path $_.FullName -AclObject $acl
}
Unfortunately still cant get this to work using user variables... am i missing something or is this not a possible function? Thanks....
Putting this to one side for now as still cant get it to work and other things have cropped up to look at. Will revisit this at somepoint though. Any suggestions always welcome. Thanks.
Slightly modifying what you posted, try this …
$filepath = 'C:\Temp\ACLTesting'
$DomainUsers = (Get-ADUser -Filter *).SamAccountName
ForEach ($DomainUser in $DomainUsers)
{
Get-ChildItem $filePath -Recurse -Directory |
ForEach-Object {
$acl = Get-Acl -Path $_.FullName
$acl.Access |
Where-Object {
$_.IdentityReference.Value -eq $DomainUser
} |
ForEach-Object {
$acl.RemoveAccessRule($_) | Out-Null
}
Set-Acl -Path $_.FullName -AclObject $acl
}
}
I need to create a script to iterate through a list of user samaccountnames and identify network directories matching their samaccountname on the network. It doesn't seem to work though. Users home folders on the network use their samaccountname in the path. Here is what I have so far:
$userList = "C:\Users\sfp01\My
Documents\Data_Deletion_Testing\User_SamAccountName.csv"
$userDirectory = foreach ($user in $userList)
{
Get-ChildItem -Path "\\ceoii\" -Directory -Recurse | ? {}
}
Export-Csv -Path "C:\Users\sfp01\My
Documents\Data_Deletion_Testing\User_Directory.csv"
First, you need to import the csv as your first line just saves the location of the file in the variable rather than the contents of the file.
Second, you didn't provide the column name of the csv file that contains the user's saMAccountName. You'll need to set up your Where-Object to filter using that information. I am using -match on saMAccountName, but edit this to reflect your requirements.
And I don't think that \\servername\ isn't a valid share name, it should be a share like \\servername\share\ If you want to get all the shares from a server you could enumerate them with something like this invoke-command -ComputerName ceoii -ScriptBlock {Get-SmbShare}
You also probably want to only pull the list of folders once and then filter for each user.
Lastly, you save the information in $userDirectory so you'll want to pipe that information into your export-csv.
$userList = Import-CSV 'C:\Users\sfp01\My Documents\Data_Deletion_Testing\User_SamAccountName.csv'
$folders = Get-ChildItem -Path "\\ceoii\sharename" -Directory -Recurse
$userDirectory = foreach ($user in $userList) {
$folders | Where-Object {$_.name -match $user.saMAcountName}
}
$userDirectory | Export-Csv -Path 'C:\Users\sfp01\My Documents\Data_Deletion_Testing\User_Directory.csv'
More efficient than that would be to use -in or -contains if you know that the folder names exactly match.
$folders = Get-ChildItem -Path "\\ceoii\sharename" -Directory -Recurse
$userList = Import-CSV 'C:\Users\sfp01\My Documents\Data_Deletion_Testing\User_SamAccountName.csv' |
Select-Object -ExpandProperty saMAccountName
$folders |
Where-Object {$_.name -in $userList} |
Export-Csv -Path 'C:\Users\sfp01\My Documents\Data_Deletion_Testing\User_Directory.csv'
I need some help with script that will delete AD Disabled users Home Folders and Roaming Profiles folders on the Server (DC).
Steps That I already done, I create a powershell command:
Import-Module ActiveDirectory
Get-ADUser -SearchBase "OU=Marked for Deletion,OU=Disable Users,DC=******,DC=com" -Filter * -Property * |
Select-Object -Property homeDirectory,profilePath | Export-CSV -Path .\Remove.csv
This Command export the properties of home folders and roaming profile folders of disabled users.
Now' the CSV file contains two colmuns, one is "homeDirectory" and second "profilePath"
The Problem is, when i execute this script, i get error.
$folders = Get-Content "C:\lab\remove.csv"
foreach ($homeDirectory in $folders) {
Remove-Item -Path $homeDirectory -force -Recurse
}
foreach ($profilePath in $folders) {
Remove-Item -Path $profilePath -force -Recurse
}
write-host -foregroundcolor yellow "Delete action complete"
Can somebody help me with this, I will appreciate it.
First I would remove the type information from your CSV like so:
Import-Module ActiveDirectory
Get-ADUser -SearchBase "OU=Marked for Deletion,OU=Disable Users,DC=******,DC=com" -Filter * -Property * |
Select-Object -Property homeDirectory,profilePath |
Export-CSV -Path .\Remove.csv -NoTypeInformation
Then for your delete code I would use this:
Import-Csv "C:\lab\remove.csv" | % {
Remove-Item -Path $_.homeDirectory -force -Recurse
Remove-Item -Path $_.profilePath -force -Recurse
}
write-host -foregroundcolor yellow "Delete action complete"
The problem with your code is that you are not looping through a column, you looping by line and then doing it twice. To do it your way you would need to split the line at the comma.