I am trying to create a script that will compare our AD against all the users in a CSV. Our HR department has the master database for all staff but when they make changes they rarely inform us so they now export all users from the HR database to a CSV.
I need to compare this against our AD and amend anyone that has been found to have changed or any new staff.
I have the below script but it just outputs all staff, I only want the staff that have changed or new staff that are not in AD to be emailed.
write-host "Using default CSV file or C:\scripts\csv\StaffChanges.csv"
$StaffCSVUPath = "C:\scripts\csv\StaffChanges.csv"
$logfile = "C:\scripts\logs\ADvsCMIS.csv"
if(test-path $logfile) {
remove-item $logfile -force
}
function Email {
#Send an email, called with recipient email address and message body
param(
[string] $emailaddress="",
[string] $bodymsg=""
)
$bodymsg += "<p>"
$bodymsg += Get-Content($logfile)
Send-MailMessage -To $emailaddress -From "email#domain.co.uk" -Subject "(AD-CMIS_errors) Errors found between Active Directory and CMIS" -Body $bodymsg -BodyAsHTML -SMTPServer "exchserver"
}
function CheckOutputFile {
#Called with folder\filename and type of file
param(
[string]$outputfilename = "",
[string]$type = ""
)
if(test-path($outputfilename)) {
} else {
write-host "Creating $outputfilename"
$msg = "Forename,Surname,Username,ID"
$msg | out-file($outputfilename)
}
}
#Snap-ins needed to use the commands within the script
if((Get-pssnapin -Name Microsoft.Exchange.Management.Powershell.E2010 -ErrorAction SilentlyContinue) -eq $null){Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010}
if((Get-pssnapin -Name Quest.activeroles.admanagement -ErrorAction SilentlyContinue)-eq $null){Add-pssnapin Quest.activeroles.admanagement}
#import users from csv file
$users = (import-Csv $StaffCSVUpath)
$count=0
$countAD=0
Get-QADUser -searchroot "domain/Users/Staff" -SizeLimit 0 -includedproperties employeeid,displayname | ForEach-Object ($_.samaccountname) {
$found = 0
$countAD+=1
ForEach ($user in $users) {
$count+=1
$inital = $user.forename.substring(0,1)
$name = $user.forename+" "+$user.surname
$dispname = $inital+" "+$user.surname
if ($user.id -eq $_.employeeid) {
if ($user.surname -eq $_.lastname) {
if ($inital -eq $_.firstname) {
if ($name -eq $_.name) {
if ($dispname -eq $_.displayname) {
$found = 1
}
}
}
}
}
if ($found -eq 1){break}
}
if ($found -eq 0) {
if(($_.company -ne "testing") -band ($_.company -ne "service")) {
CheckOutputFile $logfile "LOG"
$msg = "<p>" + $_.firstname +" " + $_.lastname + " " + $_.samaccountname + " "+$_.employeeid +"<p>"
$msg | Out-File $logfile -append
}
}
}
if (test-path $logfile) {
#If there is anything to report
write-host "Emailing Log file to ict"
#Email file if $outputB exists
$email = "email#domain.co.uk"
$body = "Action Required: The users below do not exist within HR. Contact HR Data manager to resolve issue, delete users manually if required."
#email ict
Email $email $body
}
I don't use the Quest AD cmdlets, so my answer will be based on the built-in ones. Also, I'm going to assume that the (unique) employee ID for any given employee is not going to change and that there are no user accounts with an empty employeeId attribute.
First, prepare your data like this:
Import-Module ActiveDirectory
$hrUsers = #{}
Import-Csv 'C:\path\to\your.csv' |
select id, firstname, surname,
#{n='inital';e={$_.forename.substring(0,1)}},
#{n='name';e={$_.forename+" "+$_.surname}},
#{n='dispname';e={$_.forename.substring(0,1)+" "+$_.surname}} |
% { $hrUsers[$_.id] = $_ }
$adUsers = Get-ADUser -Filter * -Property employeeid |
? { 'testing', 'service' -notcontains $_.company }
This creates a hashtable mapping each employee ID to the object with the respective user's attributes (including the derivative attributes initial, name, and dispname) and a list of AD users (excluding service and test accounts).
With the above you can determine new users like this:
$employeeIDs = #($adUsers | select -Expand employeeId)
$hrUsers.Values | ? { $employeeIDs -notcontains $_.id }
obsolete accounts like this:
$adUsers | ? { $hrUsers.Keys -notcontains $_.employeeId }
and modified users like this:
$adUsers | ? {
$hrUsers[$_.employeeid].surname -ne $_.lastname -or
$hrUsers[$_.employeeid].inital -ne $_.firstname -or
$hrUsers[$_.employeeid].name -ne $_.name -or
$hrUsers[$_.employeeid].dispname -ne $_.displayname
}
I have managed to get it working by changing the search fields
if($user.firstname -eq $_.firstname)
if($user.surname -eq $_.sn)
if($user.ID -eq $_.employeeID)
This now checks AD against the CSV, emails any discrepancies and excludes any emails with the firstname "test" or "careers"
write-host "Using default CSV file or C:\scripts\csv\StaffChanges.csv"
$StaffCSVUPath = "C:\scripts\csv\StaffChanges.csv"
$logfile = "C:\scripts\logs\ADvsHR.csv"
if(test-path $logfile) {
remove-item $logfile -force
}
function Email {
#Send an email, called with recipient email address and message body
param(
[string] $emailaddress="",
[string] $bodymsg=""
)
$bodymsg += "<p>"
$bodymsg += Get-Content($logfile)
Send-MailMessage -To $emailaddress -From "email#domain.co.uk" -Subject "(AD-CMIS_errors) Errors found between Active Directory and CMIS" -Body $bodymsg -BodyAsHTML -SMTPServer "exchserver"
}
function CheckOutputFile {
#Called with folder\filename and type of file
param(
[string]$outputfilename = "",
[string]$type = ""
)
if(test-path($outputfilename)) {
} else {
write-host "Creating $outputfilename"
$msg = "Forename,Surname,Username,ID"
$msg | out-file($outputfilename)
}
}
#Snap-ins needed to use the commands within the script
if((Get-pssnapin -Name Microsoft.Exchange.Management.Powershell.E2010 -ErrorAction SilentlyContinue) -eq $null){Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010}
if((Get-pssnapin -Name Quest.activeroles.admanagement -ErrorAction SilentlyContinue)-eq $null){Add-pssnapin Quest.activeroles.admanagement}
#import users from csv file
$users = (import-Csv $StaffCSVUpath)
$count=0
$countAD=0
Get-QADUser -searchroot "domain/Users/Staff" -SizeLimit 0 -includedproperties employeeid,displayname | ForEach-Object ($_.samaccountname) {
$found = 0
$countAD+=1
ForEach ($user in $users) {
$count+=1
if ($user.firstname -eq $_.firstname) {
if ($user.surname -eq $_.sn) {
if ($user.ID -eq $_.employeeID) {
$found = 1
}
}
}
if ($found -eq 1){break}
}
if ($found -eq 0) {
if(($_.firstname -ne "careers") -band ($_.firstname -ne "test")) {
CheckOutputFile $logfile "LOG"
$msg = "<p>" + $_.firstname +" " + $_.lastname + " "+$_.employeeid +"<p>"
$msg | Out-File $logfile -append
}
}
}
if (test-path $logfile) {
#If there is anything to report
write-host "Emailing Log file to ict"
#Email file if $outputB exists
$email = "email#domain.co.uk"
$body = "Action Required: The users below do not exist within HR. Contact HR Data manager to resolve issue, delete users manually if required."
#email ict
Email $email $body
}
Related
The below script to get the logon users and send as email was working great but only on the console output only.
I am trying to get the result as a table so the result in the console and the email body will be like:
Server, ConnectionType, User, ID, State
PRDSVR16, rdp-tcp#44, SVC-SQL, 4, Active
PRDSVR10, rdp-tcp#27, Admin.domain, 6, Disc
SVR25-VM,console,domain.admin,8,Active
Open in new window
This is the script:
$Today = Get-Date -Format 'F'
$SessionList = "`n`nRDP Session List - " + $Today + "`n`n"
$CurrentSN = 0
# Get a list of servers from Active Directory
write-progress -activity "Getting list of servers from Active Directory" -status "... please wait ..."
$Servers = (Get-ADComputer -Filter { Enabled -eq $True -and OperatingSystem -like "*Server*" } -Properties OperatingSystem -SearchBase "OU=Data Center,DC=Company,DC=com") |
Where-Object { Test-Connection $_.Name -Count 1 -Quiet } |
Select-Object -ExpandProperty Name
$NumberOfServers = $Servers.Count
# Iterate through the retrieved list to check RDP sessions on each machine
ForEach ($Server in $Servers)
{
Write-Host "Processing $Server ..." -ForegroundColor Yellow
Write-progress -activity "Checking RDP Sessions" -status "Querying $Server" -percentcomplete (($CurrentSN / $NumberOfServers) * 100)
try
{
$SessionList += qwinsta /server:$Server |
Select-Object -Skip 1 |
% {
[PSCustomObject] #{
Type = $_.Substring(1, 18).Trim()
User = $_.Substring(19, 20).Trim()
ID = $_.Substring(41, 5).Trim()
State = $_.Substring(48, 6).Trim()
}
} |
? { $_.Type -notin 'console', 'services', 'rdp-tcp' -and $_.User -ne $null -and $_.User -ne 65536 } |
% {
"`n$Server logged in by $($_.User) on $($_.Type), session id $($_.ID) $($_.state)"
}
}
catch
{
$SessionList += "`n Unable to query " + $Server
write-host "Unable to query $Server! `n $($Error[0].Exception)" -foregroundcolor Red
}
$CurrentSN++
}
# Send the output the screen.
$SessionList + "`n`n"
$sendMailArgs = #{
From = "$env:USERNAME#$env:userdnsdomain"
To = 'SOC#domain.com'
SmtpServer = 'SMTP.domain.com'
Priority = 'High'
Body = $SessionList | Select-Object #{ N = 'Server'; E = { $Server } },
#{ N = 'User'; E = { $_.User } },
#{ N = 'LogonType'; E = { $_.Type } },
#{ N = 'ID'; E = { $_.ID } },
#{ N = 'State'; E = { $_.State } }
Subject = "$($SessionList.Count) Logged On users from $($NumberOfServers) online servers as at $($Today)"
}
Send-MailMessage #sendMailArgs
Rendering collected information in different places is way easier if you keep strict separation between data and presentation (or formatting) of said data.
For the $SessionList for example, that means doing less than what you're currently trying to do inside the loop:
$ErrorList = #()
$SessionList = foreach($server in $servers){
try{
qwinsta /server:$Server |Select-Object -Skip 1 |ForEach-Object {
[PSCustomObject] #{
Server = $server
Type = $_.Substring(1, 18).Trim()
User = $_.Substring(19, 20).Trim()
ID = $_.Substring(41, 5).Trim()
State = $_.Substring(48, 6).Trim()
}
} |Where-Object { $_.Type -notin 'console', 'services', 'rdp-tcp' -and $_.User -ne $null -and $_.User -ne 65536 }
}
catch{
$ErrorList += [pscustomobject]#{
Server = $server
ErrorRecord = $_
}
}
}
Notice how I don't construct any strings - I just create the custom objects, filter them - and then leave them as-is.
Now it becomes much easier to format the data as desired for different output media:
# For console output, simply pipe to Format-Table
$SessionList |Format-Table
if($ErrorList.Count -gt 0){
Write-Warning "The following servers had errors, please inspect"
$ErrorList |Format-Table
}
# For email output we can use `ConvertTo-Html`
$Body = $SessionList |ConvertTo-Html -As Table -Fragment
if($ErrorList.Count -gt 0){
$ErrorTable = $ErrorList |ConvertTo-Html -As Table -Fragment
$Body = $Body,$ErrorTable -join '<br />'
}
$sendMailArgs = #{
# ...
Body = ConvertTo-Html -Body $Body -Title "Session list"
BodyAsHtml = $true
# ...
}
I've been working on a PowerShell script that sends an automated email out to AD users when their password is about to expire. My script has a ForEach statement in it but nothing within this actually runs. I've set it up so that it logs all activities in a .txt file so I can see when each step is being worked on. It's running on a Windows 2016 Essentials.
Script Below:
# VAR
$SMTPHost = "smtp.office365.com"
$FromEmail = "***"
$expireindays = 3
$Date = Get-Date
# Set DIR
$DirPath = "C:\TEMP"
# Check is DIR is present
$DirPathCheck = Test-Path -Path $DirPath
if (!($DirPathCheck)) {
try {
#Create DIR if not present
New-Item -ItemType Directory $DirPath -Force
}
catch {
$_ | Out-File ($DirPath + "\" + "Log.txt") -Append
}
}
# CredObj
$CredObj = ($DirPath + "\" + "EmailExpiry.cred")
# Check if CredObj is Present
$CredObjCheck = Test-Path -Path $CredObj
If (!($CredObjCheck))
{
"$Date - INFO: creating cred object" | Out-File ($DirPath + "\" + "Log.txt") -Append
#If not present get O365 cred and store
$Credential = Get-Credential -Message "Please enter your Office 365 credentials."
#Export CredObj
$Credential | Export-Clixml -Path $CredObj
}
Write-Host "INFO | Importing Cred Object" -ForegroundColor Yellow
$Cred = (Import-Clixml -Path $CredObj)
"$Date - INFO: Importing AD Module" | Out-File ($DirPath + "\" + "Log.txt") -Append
Import-Module ActiveDirectory
"$Date - INFO: Getting Users" | Out-File ($DirPath + "\" + "Log.txt") -Append
Write-Host "INFO | Getting Users" -ForegroundColor Yellow
$users = Get-ADUser -properties Name, PasswordExpired, PasswordLastSet, EmailAddress -filter { (enabled -eq 'True') } | Where-Object { $_.PasswordExpired -eq 'False'}
# Process Each User for Password Expiry
ForEach ($User in $Users) {
$Name = (Get-ADUser $user | Get-ADUser -Property Name)
Write-Host "Working on $Name..." -ForegroundColor White
Write-Host "Getting email address for $Name..." -ForegroundColor Yellow
$emailaddress = $user.EmailAddress
if (!($emailaddress)) {
Write-Host "$Name has no E-Mail address listed, looking at their proxy address attributes..."
if (!($emailaddress)) {
Write-Host "$Name has no email address to send an e-mail to!" -ForegroundColor Red
"$Date - WARNING: No email found for $Name" | Out-File ($DirPath + "\" + "Log.txt") -Append
}
}
#Get password last set
$passwordSetDate = (Get-AAUser $user -properties * | ForEach-Object { $_.PasswordLastSet})
#Get the count on how many days until the password expires and stores it in the $daystoexpire VAR
$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
if (($daystoexpire -ge "0") -and ($daystoexpire -lt $expireindays)) {
"$Date - INFO: Sending expiry notice email to $Name" | Out-File ($DirPath + "\" + "Log.txt")
Write-Host "Sending Password expiry email to $Name" -ForegroundColor Yellow
$SmtpClient = New-Object system.net.mail.smtpclient
$MailMessage = New-Object system.net.mail.mailmessage
#Email Sender
$MailMessage.From = $FromEmail
#SMTP Server
$SmtpClient.Host = $SMTPHost
#SMTP SSL
$SmtpClient.EnableSsl = $true
#SMTP Credentials
$SmtpClient.Credentials = $Cred
#Email Recipients
$MailMessage.To.add($emailaddress)
#Subject
$MailMessage.Subject = "Your password will expire $daystoexpire days"
#Delivery Success
$MailMessage.DeliveryNotificationOptions = ("onSuccess", "onFailure")
#Set Priority
$MailMessage.Priority = "High"
#Body
$MailMessage.Body = "Password will expire, better change it!"
Write-Host "Sending email to $emailaddress..." -ForegroundColor Green
try {
$SmtpClient.Send($MailMessage)
}
catch {
$_ | Out-File ($DirPath + "\" + "Log.txt") -Append
}
else {
"$Date- INFO: Password for $Name not expiring for another $daystoexpire days" | Out-File ($DirPath + "\" + "Log.txt") -Append
Write-Host "Password for $Name does not expire for $daystoexpire days" -ForegroundColor White
}
}
}
Output:
I noticed you did not set the $Expireson variable anywhere, so you would not get a correct value for $daystoexpire aswell.
As a matter of fact, I made a script to do the same some time ago. I have edited it a bit for you to try out.
This uses the Send-Mailmessage instead of the System.Net.Mail.SmtpClient to make things easier. This way, we can also use Splatting to make the code more readable.
Import-Module ActiveDirectory
$smtpServer = "smtp.office365.com"
$expireInDays = 3 # 3 is a bit close... better do something like 7
$from = "YOUR EMAILADDRESS"
$logPath = "C:\TEMP"
$logFile = Join-Path -Path $logPath -ChildPath 'PasswordExpiryLog.txt'
$logDate = '{0:dd-MM-yyyy}' -f (Get-Date)
$credPath = Join-Path -Path $logPath -ChildPath 'EmailExpiry.cred'
# create the output path if it does not exist
if (!(Test-Path -Path $logPath -PathType Container)) {
New-Item -Path $logPath -ItemType Directory | Out-Null
}
# Credentials
If (!(Test-Path -Path $credPath -PathType Leaf)) {
# write to the log and screen
$msg = "Creating credentials object"
Add-Content -Path $logFile -Value "$logDate - INFO: $msg"
Write-Host $msg -ForegroundColor Yellow
# If not present get O365 cred and store
$cred = Get-Credential -Message "Please enter your Office 365 credentials."
# Export CredObj
$cred | Export-Clixml -Path $credPath
}
else {
# write to the log and screen
$msg = "Importing credentials Object"
Add-Content -Path $logFile -Value "$logDate - INFO: $msg"
Write-Host $msg -ForegroundColor Yellow
$cred = Import-Clixml -Path $credPath
}
# create a template for the emails
$emailTemplate = #"
<html>
<head>
<title>Password Expire Notification</title>
<meta name="generator" content="PowerShell" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css">
body {
font-family: verdana, arial, helvetica, sans-serif;
font-size: 12px;
}
</style>
</head>
<body>
Dear _NAME_,
<p>Your password will expire in _DAYS_ days.<br /><br />
To change your password on a Windows pc in the office press CTRL-ALT-Delete and choose <strong>Change a password...</strong><br />
</p>
Regards
</body>
</html>
"#
# get all users that are enabled and that have a password expiry date
# test it out on dummy user(s) first of course !
$users = Get-ADUser -Filter * -Properties GivenName, Name, SamAccountName, PasswordNeverExpires, PasswordExpired,
PasswordLastSet, EmailAddress, AccountExpirationDate, accountExpires |
Where-Object { $_.Enabled -eq $true -and $_.PasswordNeverExpires -eq $false}
# get the domains default max password age
$defaultMaxPasswordAge = (Get-ADDefaultDomainpasswordPolicy).MaxPasswordAge
$mailCount = 0
foreach ($user in $users) {
if ([string]::IsNullOrWhiteSpace($emailAddress)) {
# write to the log and screen
$msg = "$userName has no email address to send an e-mail to!"
Add-Content -Path $logFile -Value "$logDate - INFO: $msg"
Write-Host $msg -ForegroundColor Yellow
# skip this user because we cannot send mail..
continue
}
# just for convenience, store some properties in variables
$firstName = $user.GivenName
$userName = $user.Name
$accountName = $user.SamAccountName
$emailAddress = $user.EmailAddress
$passwordSetDate = $user.PasswordLastSet
$passwordPolicy = (Get-AduserResultantpasswordPolicy $user)
# check if there is a 'Fine Grained Password' policy for this user
if ($null -ne $passwordPolicy) {
$maxPasswordAge = ($passwordPolicy).MaxPasswordAge
}
else {
# no 'Fine Grained Password' policy, so use the default domain password age
$maxPasswordAge = $defaultMaxPasswordAge
}
# prevent errors when the 'User must change password at next logon' checkmark is set
if (!$passwordSetDate -or !$maxPasswordAge) {
# write to the log and screen
$msg = "Please check if the 'User must change password at next logon' checkmark is off for user '$userName'"
Add-Content -Path $logFile -Value "$logDate - INFO: $msg"
Write-Host $msg -ForegroundColor Yellow
}
# calculate the expiry date for the password
$passwordExpiresAt = $passwordSetDate + $maxPasswordAge
# check if the account does not expire before the password does using the accountExpires property.
# 0 means the expiration date has been removed. 9223372036854775807 means the account never had an expiration date
if ($user.accountExpires -ne 0 -and $user.accountExpires -ne 9223372036854775807 -and $user.AccountExpirationDate -ne $null) {
if ($user.AccountExpirationDate -le $passwordExpiresAt) {
# skip this user if the account expires before the password needs changing
$msg = "The account for user '$userName' expires before the password needs changing."
Add-Content -Path $logFile -Value "$logDate - INFO: $msg"
Write-Host $msg -ForegroundColor Yellow
continue
}
}
# calculate how many days are left
$daysToExpire = [int](New-TimeSpan -Start (Get-Date) -End $passwordExpiresAt).Days
if (($daysToExpire -ge 0) -and ($daysToExpire -lt $expireInDays)) {
# if there are still days left to change the password, send an email
# using Send-MailMessage rather than System.Net.Mail.SmtpClient
$msg = "Sending expiry notice email to '$userName'"
Add-Content -Path $logFile -Value "$logDate - INFO: $msg"
Write-Host $msg -ForegroundColor Yellow
# use splatting for cmdlets that take a lot of parameters
$params = #{
SmtpServer = $smtpServer
From = $from
To = $emailAddress
Subject = "Your password will expire in $daysToExpire days."
Body = $emailTemplate -replace "_NAME_", $firstName -replace "_DAYS_", $daysToExpire
BodyAsHtml = $true
Encoding = [System.Text.Encoding]::UTF8
Credential = $cred
UseSsl = $true
Priority = 'High'
DeliveryNotificationOption = 'OnSuccess', 'OnFailure'
# Port = 587
}
Send-Mailmessage #params
# update the counter for the users that were sent an email
$mailCount++
}
elseif ($daysToExpire -le 0) {
$msg = "Password for user '$userName' is already expired!"
Add-Content -Path $logFile -Value "$logDate - WARNING: $msg"
Write-Host $msg -ForegroundColor Red
}
}
$msg = "Password expiry notifications have been sent to $mailCount users"
Add-Content -Path $logFile -Value "$logDate - INFO: $msg"
Write-Host $msg -ForegroundColor Green
Note: As always, create a couple of testusers to try this out first. You can use the -Filter parameter on the Get-ADUser cmdlet to only get the testuser or use the -SearchBase parameter and put your test accounts in a special OU.
I am trying to capture the changing variable '$server' everytime the parameters go through a foreach loop. To summarize, the $sever value is always changing, and I want to capture it and add it into a collective csv file
Thank you!
Here is the code main part of the code that I have.
function Convert-QueryToObjects
{
[CmdletBinding()]
[Alias('QueryToObject')]
[OutputType([PSCustomObject])]
param
(
[Parameter(Mandatory = $false,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
Position = 0)]
[Alias('ComputerName', 'Computer')]
[string]
$Name = $env:COMPUTERNAME
)
Process
{
Write-Verbose "Running query.exe against $Name."
$Users = query user /server:$Name 2>&1
if ($Users -like "*No User exists*")
{
# Handle no user's found returned from query.
# Returned: 'No User exists for *'
Write-Error "There were no users found on $Name : $Users"
Write-Verbose "There were no users found on $Name."
}
elseif ($Users -like "*Error*")
{
# Handle errored returned by query.
# Returned: 'Error ...<message>...'
Write-Error "There was an error running query against $Name : $Users"
Write-Verbose "There was an error running query against $Name."
}
elseif ($Users -eq $null -and $ErrorActionPreference -eq 'SilentlyContinue')
{
# Handdle null output called by -ErrorAction.
Write-Verbose "Error action has supressed output from query.exe. Results were null."
}
else
{
Write-Verbose "Users found on $Name. Converting output from text."
# Conversion logic. Handles the fact that the sessionname column may be populated or not.
$Users = $Users | ForEach-Object {
(($_.trim() -replace ">" -replace "(?m)^([A-Za-z0-9]{3,})\s+(\d{1,2}\s+\w+)", '$1 none $2' -replace "\s{2,}", "," -replace "none", $null))
} | ConvertFrom-Csv
Write-Verbose "Generating output for $($Users.Count) users connected to $Name."
# Output objects.
foreach ($User in $Users)
{
Write-Verbose $User
if ($VerbosePreference -eq 'Continue')
{
# Add '| Out-Host' if -Verbose is tripped.
[PSCustomObject]#{
ComputerName = $Name
Username = $User.USERNAME
SessionState = $User.STATE.Replace("Disc", "Disconnected")
SessionType = $($User.SESSIONNAME -Replace '#', '' -Replace "[0-9]+", "")
} | Out-Host
}
else
{
# Standard output.
[PSCustomObject]#{
ComputerName = $Name
Username = $User.USERNAME
SessionState = $User.STATE.Replace("Disc", "Disconnected")
SessionType = $($User.SESSIONNAME -Replace '#', '' -Replace "[0-9]+", "")
}
}
}
}
}
}
$Servers = Get-Content 'H:\demo\computernames.txt'
foreach ($Server in $Servers)
{
if (-not( Test-Connection $Server -Count 1 -Quiet )) { continue }
if (-not( Convert-QueryToObjects $Server -ErrorAction SilentlyContinue)) {
$server | Out-File 'H:\demo\session\run1.csv' -Append
}
else
{
Convert-QueryToObjects -Name $Server | select ComputerName, Username, Sessionstate, IdleTime, ID | Export-Csv 'H:\demo\session\run.csv' -NoTypeInformation
}
}
Create an array outside of your foreach loop and add the $server variable value to the array during your foreach. At the end export the array to a csv.
Not tested, but are you wanting to do something like this?
Get-Content "H:\demo\computernames.txt" | ForEach-Object {
$computerName = $_
if ( Test-Connection $computerName -Count 1 -Quiet ) {
Convert-QueryToObjects $computerName -ErrorAction SilentlyContinue
}
else {
"$_ not pingable" | Out-File "H:\demo\session\notpingable.log" -Append
}
} | Export-Csv "H:\demo\session\run.csv" -NoTypeInformation
I have a script file that when ran from within ISE or from the powershell window it works fine. But when ran trough the task scheduler with "runas" the same account it only outputs half the data.
After some troubleshooting i have concluded that the part of the code that is not working is:
Get-ADOrganizationalUnit -SearchBase $OU -Filter {objectclass -eq "organizationalunit"} -SearchScope onelevel -Properties description |
% {
$mailbox = #( get-user -OrganizationalUnit $_.distinguishedName -resultsize unlimited |
? { $_.title -ne "xxx" -and $_.RecipientType -eq "usermailbox" -and $_.RecipientTypeDetails -ne "RoomMailbox" } )
if ($mailbox.count -gt 0) {
$name = $_.name
$mail_customer = $body
$mail_customer += "<h3>" + $name + "</h3>"
$mail_customer += $mailbox | get-MailboxStatistics |
select displayname, lastlogontime, #{ label = "Mailbox Size(MB)"; expression = {
if ($_.totalitemsize.value.toMB() -gt 25600) { "!!!" + $_.TotalItemSize.Value.ToMB() }
else { $_.TotalItemSize.Value.ToMB() }
} } | Sort-Object displayname | ConvertTo-Html -Fragment | Out-String
$count += $mailbox.count
$stattable += #{$name = $mailbox.count}
$mail_customer = $mail_customer | ForEach-Object { $_ -replace '!!!', '<font color="#FF0000">' }
if ( $_.description -ne $null ) {
$mailaddresses = $_.description.split(",")
Send-MailMessage `
-SmtpServer $SMTPserver `
-Encoding $encoding `
-From "$company <noreply#$companylower.se>" `
-To $mailaddresses `
-Subject "$company report - $name - $date" `
-BAH `
-Body $mail_customer
}
$mail += $mail_customer
$mailaddresses = "";
}
}
I get the email but it does not include the information that these lines should output, any ideas?
Script is called like this: powershell -file c:\temp\scriptname.ps1
This is a classic case of not running something elevated. Nothing in the code was wrong.
In Task Scheduler, make sure "Run with highest privileges" is ticked in for the task or it will not work.
As part of my job i'm constantly auditing active directory for given properties of cross domain accounts.
I've constructed a powershell script to output information to a CSV based on properties given to the script. This is fine, the script works beautifully for a small list of people however i'm noticing that the script slows down considerably when i provide a big list of users to audit.
This is the script:
$inputfile = "C:\Powershell\input.txt"
$users = Get-Content $inputfile
$audit = Read-Host "Audit Name"
$csv = ".\output\Audit\$audit.csv"
$failed = #()
$serv = #("server1", "server2", "server3")
if((Test-Path $csv) -eq $true){Remove-Item $csv}
foreach($domain in $serv)
{
$count = $users.Count
for( $i=0; $i -le $count - 1; $i++ )
{
if (($users.Get($i)) -ne "")
{
try
{
Write-Host "Checking for $($users.get($i)) on" -NoNewline
switch($domain)
{ # with fancier text for which domain we're searching
"server1" {write-host "...Server1" -ForegroundColor Cyan -NoNewline; $domainCsv = "Server1"}
"server2" {Write-Host "...Server2" -ForegroundColor White -NoNewline; $domainCsv = "Server2"}
"server3" {Write-Host "...Server3" -ForegroundColor Magenta -NoNewline; $domainCsv = "Server3"}
}
$usr = Get-ADUser -Identity $users.get($i) -Properties $properties -Server $domain | ? { ($_.distinguishedname -notlike '*Suspended*')}
if ($usr -ne $null)
{
$usr = Get-ADUser -Identity $users.get($i) -Properties $properties -Server $domain | ? { ($_.distinguishedname -notlike '*Deletion*')}
if ($usr -ne $null)
{
Write-Host "...Found" -ForegroundColor Green
$userobj = New-Object PSObject
Add-Member -InputObject $userobj -MemberType NoteProperty -Name "User" -Value $($users.Get($i))
Add-Member -InputObject $userobj -MemberType NoteProperty -Name "Domain" -Value $domainCsv
foreach($prop in $properties) {$userobj | Add-Member -MemberType NoteProperty -Name $prop -Value "$($usr.$prop)"}
$userobj | Export-Csv $csv -Append -NoTypeInformation
}
else
{
Write-Host "...Pending Delete" -ForegroundColor Red
$failed += "$($users.Get($i)),Pending deletion on $domainCsv"
}
}
else
{
Write-Host "...Suspended" -ForegroundColor Red
$failed += "$($users.Get($i)),Suspended on $domainCsv"
}
}
catch [System.Exception]
{
Write-Host "...Not found" -ForegroundColor Red
$failed += "$($users.Get($i)),Could not find on $domainCsv"
} # </Try
} # </If user ""
} # </For users
} # </For Domains
Add-Content $csv ""
Add-Content $csv "Those who failed, (Not found or Suspended or Pending deletion)"
Add-Content $csv ""
Add-Content $csv "User,Domain"
foreach($fail in $failed) {Add-Content $csv $fail}
Write-Host " "
Write-Host " Audit saved to $csv" -ForegroundColor Green
What the script does
Gets input file full of users (one name per line) (mostly 20 or so lines but sometimes the input file has been over 200)
user1
user2
user3
user4
user5
goes through each domain
checks if they're in an OU for suspended accounts
checks if they're in an OU for accounts pending deletion
if not in either OU grabs the information and puts it into a PSObject for insertion into a CSV
after its done it lists the accounts it couldnt find or were in an OU that i dont need to worry about.
As i'm quite new to powershell i have no idea if theres a way i can condense parts of the code to be quicker, i have read a few pages on optimizing powershell but the only change i could see was to change
for( $i=0; $i -le $users.count - 1; $i++ )
to
$count = $users.count
for( $i=0; $i -le $count - 1; $i++ )
My question is: How can i improve my script to loop faster when given more users?
As far as I understand your script spent most of the time in Get-ADUser. You call it twice with the same parameters, using $usr you should call it just one time, your script execution time should bedevided by two.
Another thing, I can't find the defenition of $properties in your script, reducing this list can also reduce the network payload.
Test something like this.
$usr = Get-ADUser -Identity $users.get($i) -Properties $properties -Server $domain | ? { ($_.distinguishedname -notlike '*Suspended*')}
if ($usr.distinguishedname -notlike '*Suspended*')
{
if ($usr.distinguishedname -notlike '*Deletion*')
{