I am trying to get Powerhsell to echo out for user input and query AD, but am getting stuck right off the bat. When I run the code it simply returns no results with the variable. Also would like to be able to trim down the return to only a few Properties. If multiple users have similar names I will need to create a loop or something to work through the multiple accounts just have not got there yet. The goal of this is to be able to quickly view the necessary information about users on a help desk and eventually be able use it to do simple password resets and moving of objects. Very new at this and am very thankful for any advice or help. This site always dose me well. Thanks in advance.
$Firstname = Read-Host 'What is the users FirstName?'
$Lastname = Read-Host 'What is the users Lastname?'
Get-ADUser -Filter {(Name -Like "$Firstname*") -And (Surname -Like "$Lastname*")} -Properties LastLogondate LockedOut EmployeeID
This is a known issue with the -Filter parameter on AD cmdlets. You can use a variable by itself, but not inside of a string inside the filter.
So you can do this instead:
$Firstname = Read-Host 'What is the users FirstName?'
$Firstname = "$Firstname*"
$Lastname = Read-Host 'What is the users Lastname?'
$Lastname = "$Lastname*"
Get-ADUser -Filter {(Name -Like $Firstname) -And (Surname -Like $Lastname)} -Properties LastLogondate LockedOut EmployeeID
The argument to the Properties parameter is an array of strings, you need to separate those by comma:
Get-ADUser -Filter {(Name -like "$Firstname*") -and (Surname -like "$Lastname*")} -Properties LastLogondate,LockedOut,EmployeeID
Related
I'm trying to create a simple script that will automate membership to a security group for my org.
I think my variables are coming back empty and are likely either defined wrong or I messed up the syntax somehow. Hoping someone here can help me see the error in my ways!
I am going to edit the code below to better explain my issue. The attribute I am calling can either have a value of M or it is null.
If I run the following command, I get back a list of users who have extensionattribute6 = M
get-aduser -filter {extensionattribute6 -like 'M*'}
If I attempt to add in the section that specifies OU, the results become null.
I guess all I'm asking is if there is a syntax mistake with the OUs or, if not, if anyone could hazard a guess as to what I am doing wrong. :)
$OU = "ou=ou1,ou=ou2,ou=ou3,dc=dc1,dc=dc2"
get-aduser -filter {extensionattribute6 -like 'M*'} -searchbase $OU
When you use the filter and like operator, you have to use the * on the right side of the statement.
$managers = Get-ADUser -SearchBase $OU -Filter "extensionattribute6 -like 'M*'"
This will add a list of AD Users that have a value that Starts with M in extensionattribute6. If you dont add the * to the right side, 'M', then it will look for all users with an extensionAttribute6 value that equals M.
If you are comparing them to be equal, then you can use -eq for equality (without stars * inside quote)
$managers = Get-ADUser -SearchBase $OU -Filter "extensionattribute6 -eq 'M'"
If you have multiple specific OUs you want to go over, might i suggest using a list of these OUs and iterating over them.
$OUs = #()
$OUs += "OU=OU1,DC=domain,dc=com"
$OUs += "OU=OU2,OU=someParent,dc=domain,dc=com"
...
$managers = #()
foreach($OU in $OUs) {
$managers += Get-ADUser -SearchBase $OU -Filter "extensionattribute6 -eq 'M'"
}
I arrived at a solution to this. I needed to call a new variable, borrowing heavily from what Jawad suggested.
The code I settled on is as follows.
$Managers = #()
$Managers += get-aduser -filter * -searchbase "ou=ou1,ou=ou2,ou=ou3,dc=dc1,dc=dc2" -properties extensionattribute6 | where-object{$_.extensionattribute6 -like 'M*'}
foreach ($Manager in $Managers) {add-adgroupmember -identity <groupname> -members $Manager}
Two questions, first one is probably quite simple but it's extremely annoying. I'm running a script for AD lookup with the user name variable as an attribute:
[string]$FirstName = Read-Host "User First Name"
[string]$LastName = Read-Host "User Last Name"
[string]$FullName = "*$FirstName* *$LastName*"
write-host
Get-ADUser -Filter {name -like $FullName} -properties * | select-object name, samaccountname | sort-object
read-host "Press Enter to exit"
The problem is that "read host" is interpret as a part of the same command, and the query results appear after the prompt. I'd like to pause the script so the results can be read from the screen before console closes by hitting Enter. I've been experimenting with the brackets or different kind of loops but haven't been able to figure out how this should be done.
My second question is that I want to have samaccountname as a search attribute. Something like this:
[string]$Login = Read-Host "User Login name"
[string]$LoginName = "*$Login*"
The variable should be added to filter similar way the FullName variable is used.
1.)
A better way to pause the script and only continue after input, is to use:
$host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") > $null
The Query should come after the display of the Get-ADUser, if it still isn't working maybe submit some output examples or try getting the AD-User from Get-ADUser * | Where-Object {$_.Fullname like $Fullname}
2.)I'm not fully understanding your problem here, but if you want to get and User by his login name you can do it like this:
$login = Read-Host "Login name"
Get-ADUser $login | select-object name, samaccountname | sort-object
I managed to fix this myself. For the first question, adding "format-table" to the end of the pipeline closed the command and the script proceeded normally after that.
For the second question, as a workaround I just broke down the query as two separate ones. First one is searching for the full name, and the second one is searching for the login name:
Get-ADUser -Filter {name -like $FullName} -properties * | select-object name, samaccountname | sort-object name | format-table
write-host
Get-ADUser -Filter {samaccountname -like $LoginName} -properties * | select-object name, samaccountname | sort-object name | format-table
Good for you finding a solution to your problem,
I will put here also what I did and maybe you can use it.
First of all the first part:
$FirstName = Read-Host "Please provide the Fist name of the User: "
$LastName = Read-Host "Please provide the Last name of the User: "
$Fullname = "$FirstName $LastName"
$Users= Get-AdUser -Filter {name -like $FullName} -Properties * | Select Name, Samaccountname | Sort-Object -Verbose
Get-AdUser -Filter {name -like $FullName} -Properties * | Select Name, Samaccountname | Sort-Object -Verbose
#$Users
you can uncomment the last user variable to get the results on your screen.
as of your second question you can use the -or so you can search with the $fullname or the $login
$Login = Read-Host "User Login name"
Get-ADUser -Filter {name -like $FullName -or samaccountname -like $Login } -properties *
I would prefer a selection before running the code as I do with my checks on the AD
if you want to send you the code I can do it, I just don't want to put in this answer something different from what you ask.
The script below lists some user details, it works only in case I've entered the EXACT user name. Is there a method I could use to get results if I type a partial username?
I mean if for example I enter "elibukin" or "eli.buk" instaed of "eli.bukin" witch is the correct username.
do {
Write-Host "Who r we looking for ? (type EXIT when u done)"
$User = Read-Host
Get-ADUser $User -Properties * |
fl empl*,title, sam*, disp*, mail*, manager*, depa*, giv*, l, last*,
logon*, when*
} until ($user -eq "exit")
I would use -LDAPFilter with ambiguous name resolution (ANR).
Get-ADUser -LDAPFilter "(anr=smith)"
See https://support.microsoft.com/en-us/kb/243299 for more information about ANR.
I have actually worked on a script much like this. I used the -like operator to accommodate partial matches. However, this might give you more than one result.
Get-ADUser -Filter ("SamAccountName -like '*$user*'")
Or use something of this format to narrow down your result:
Get-ADUser -Filter ("SamAccountName -like '*$user*' -and Name -like '*$FirstName*' -and Surname -like '*$Lastname*'")
Use -or instead of -and for a broader result.
If you want fuzzy matching use the parameter -Filter with the -like operator:
do {
$user = Read-Host -Prompt 'Who are we looking for (type EXIT when done)'
if ($user -ne 'exit') {
Get-ADUser -Filter "SamAccountName -like '*$User*'" -Properties * |
Format-List empl*,title, sam*, disp*, mail*, manager*, depa*, giv*, l,
last*, logon*, when*
}
} until ($user -eq "exit")
I am trying to figure out how to grab a userID's last name attribute but not sure how. I have tried to look at some examples but are falling short. Below is what I have so far but want to either get the last name attribute separately or grab the display name (which is first.last) and pull all the information after the period. Please help
Import-Module activedirectory
#$userID = Get-Aduser -filter *
$userIDs = Get-Aduser "w35522"
foreach ($lastName in $userIDs) {
$lastname = (get-Aduser -Filter * -Properties displayname).lastname
}
write-host $lastName
Update:
Thanks to comment below I changed lastname to surname. Only issue is now it prints the OU too which I don't want.
Import-Module activedirectory
#$userID = Get-Aduser -filter *
$userIDs = Get-Aduser "w35522"
foreach ($user in $userIDs) {
$lastname = get-Aduser -Identity $userIDs -Properties * | Select-Object name, GivenName, SurName, DisplayName
$user.SurName
write-host $user
}
prints:
Weyers
CN=w35522,OU=Standard,OU=Users,OU=Corporate,DC=we,DC=dirsrv,DC=com
FINAL UPDATE:
ok figured it out. It needed to say write-host $lastname instead!
thanks
The property which is returned by default that you are looking for is surname. That being said you have other logic issues in your script.
Get-ADUser someuser| select surname
Once in the loop you do another Get-Aduser. Also you assign a value to $lastName which is the pipe object you should be attempting to access.
If you really wanted all the lastnames in the company you would do something like this.
Get-ADUser -Filter * | Select-Object Surname
I have been searching everywhere, and have tried many different combinations, but I can't seem to figure out how to get the "Job title" from the organization part of AD.
Here are a few things that I have tried
get-aduser -Filter * -SearchBase "Bob.Barker" -Properties sAMAccountName,Title
Get-ADUser -identity "Bob.Barker" -Filter * -Properties title | group title -NoElement
Also, as a bonus question how would you set the job title.
Thank you all for your assistance.
In your example, if the user's username is Bob.Barker then use this:
get-aduser -Filter {samAccountName -eq "Bob.Barker"} -Properties sAMAccountName,Title
or if surname is Barker
get-aduser -Filter {sn -eq "Barker"} -Properties sAMAccountName,Title
(old thread I'm aware, I'm just happy I know the answer to some of these questions - hopefully help out the next guy/gal that needs this reference quickly)
These chunks of powershell are correct:
get-aduser -Filter {samAccountName -eq "Bob.Barker"} -Properties sAMAccountName,Title
(looking up by SamAccountname, a little more accurate)
get-aduser -Filter {sn -eq "Barker"} -Properties sAMAccountName,Title
(Looking up by surname/lastname, if you have a big AD you'll have a lot of results to go through)
The other question above was
Also, as a bonus question how would you set the job title.
Here it is below:
Get-aduser -identity bob.barker | set-aduser -replace #{title="New Job Title"} -whatif
I like using the -whatif, just in case something goes terribly wrong and I make the CEO the janitor or something.
And here you commit it: Notice, you find the user first with get-aduser, then in the pipe |, you set-aduser with the new value between the #{} braces
Get-aduser -identity bob.barker | set-aduser -replace #{title="New Job Title"}
And here's a bonus answer. If you want to export a whole bunch of users with the same title who need a new title, export your search results into a CSV:
Get-Aduser -filter 'Title -like "Old Job Title"' -Properties * | select samaccountname | Export-csv "C:\some_path\change_these_titles_samaccountnames.csv"
The exported CSV will only have the SamAccountnames that match that job title you're looking for (in this case "Old Job Title").
Now, create a few $variables to store the new job title, the CSV to import, and the samaccountname, and a for-loop to look at the CSV File.
$Set_Title=Import-CSV "C:\some_path\change_these_titles_samaccountnames.csv"
$New_Title="New Title for everyone in CSV file"
foreach ($User in $Set_Title) {
$User.sAMAccountName
Set-ADUser -Identity $User.sAMAccountName -Title $New_Title
}
you could even put a count variable outside the for-loop to show how many users were updated:
$total = ($Set_Title).count
$total
Write-Host "AD User Titles have been updated..."
Hope this helps the next person out!
Use this to get all the information you need, like title related or organizational info
Get-ADUser -Filter {samAccountName -like "*bla*"} -Properties *