I want to find description of computer in AD by specific word that exists in Description.
$username = "test111"
Get-ADComputer -filter {Description -Like 'test111*'} -Properties Description | select Description # this works ok
Get-ADComputer -filter {Description -Like "$username*"} -Properties Description | select Description # shows nothing, no error
How can I make the search using variable?
You could just do a query like this:
$username = "test111"
Get-ADComputer -Filter "Description -Like '$username*'" -Properties Description | Select -Expand Description
I think what was happening is that $username was probably $null since it was not passed to the script block. Changing the -Filter to be using quotes allows the variable to expand properly. Threw and -Expand in there so you just get back a string array instead of an Object array.
Related
My Get-ADComputer script gives too much information. I would like to shorten it out a little.
$Computer = Read-Host -Prompt 'Input computer name'
$ManagedBy = Get-ADComputer $Computer -Properties ManagedBy |
foreach { $_.ManagedBy }
Write-Output $ManagedBy
When I tried to run my scrip it gives this to output
CN=Last Name First Name ,OU=XX ,OU=XXX ,OU=XXX ,DC=XXX,DC=XXX
I would like to get only CN in the output (First name and Las Name).
Your code returns the distinguished name of the computer's manager. You can use that DN to query the AD user object and obtain the desired properties from that (like FullName, or DisplayName, or the individual values FirstName and LastName).
Get-ADComputer $Computer -Properties ManagedBy |
Select-Object -Expand ManagedBy |
Get-ADUser -Property FullName |
Select-Object -Expand FullName
Firstly have you looked at the objects properties?
These Properties are auto assigned to the variable, when created.
You can see them with:
$ManagedBy | Get-Member
You may well find that $ManagedBy.Name will give exactly what you want.
Further reading for you: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-member?view=powershell-6
Two questions, first one is probably quite simple but it's extremely annoying. I'm running a script for AD lookup with the user name variable as an attribute:
[string]$FirstName = Read-Host "User First Name"
[string]$LastName = Read-Host "User Last Name"
[string]$FullName = "*$FirstName* *$LastName*"
write-host
Get-ADUser -Filter {name -like $FullName} -properties * | select-object name, samaccountname | sort-object
read-host "Press Enter to exit"
The problem is that "read host" is interpret as a part of the same command, and the query results appear after the prompt. I'd like to pause the script so the results can be read from the screen before console closes by hitting Enter. I've been experimenting with the brackets or different kind of loops but haven't been able to figure out how this should be done.
My second question is that I want to have samaccountname as a search attribute. Something like this:
[string]$Login = Read-Host "User Login name"
[string]$LoginName = "*$Login*"
The variable should be added to filter similar way the FullName variable is used.
1.)
A better way to pause the script and only continue after input, is to use:
$host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") > $null
The Query should come after the display of the Get-ADUser, if it still isn't working maybe submit some output examples or try getting the AD-User from Get-ADUser * | Where-Object {$_.Fullname like $Fullname}
2.)I'm not fully understanding your problem here, but if you want to get and User by his login name you can do it like this:
$login = Read-Host "Login name"
Get-ADUser $login | select-object name, samaccountname | sort-object
I managed to fix this myself. For the first question, adding "format-table" to the end of the pipeline closed the command and the script proceeded normally after that.
For the second question, as a workaround I just broke down the query as two separate ones. First one is searching for the full name, and the second one is searching for the login name:
Get-ADUser -Filter {name -like $FullName} -properties * | select-object name, samaccountname | sort-object name | format-table
write-host
Get-ADUser -Filter {samaccountname -like $LoginName} -properties * | select-object name, samaccountname | sort-object name | format-table
Good for you finding a solution to your problem,
I will put here also what I did and maybe you can use it.
First of all the first part:
$FirstName = Read-Host "Please provide the Fist name of the User: "
$LastName = Read-Host "Please provide the Last name of the User: "
$Fullname = "$FirstName $LastName"
$Users= Get-AdUser -Filter {name -like $FullName} -Properties * | Select Name, Samaccountname | Sort-Object -Verbose
Get-AdUser -Filter {name -like $FullName} -Properties * | Select Name, Samaccountname | Sort-Object -Verbose
#$Users
you can uncomment the last user variable to get the results on your screen.
as of your second question you can use the -or so you can search with the $fullname or the $login
$Login = Read-Host "User Login name"
Get-ADUser -Filter {name -like $FullName -or samaccountname -like $Login } -properties *
I would prefer a selection before running the code as I do with my checks on the AD
if you want to send you the code I can do it, I just don't want to put in this answer something different from what you ask.
I'm attempting to write a Powershell script that allows me to do the following:
Use Get-ADGroupMember to get users that are apart of a specific group
Use info from step one in Get-ADUser to get user info in lastname, firstname format
Use string from step 2 in Get-ADComputer to search the description field of all computers to find computers that have that string within its description field.
Here is what I was trying (thought it would work in my head):
Get-ADGroupMember 'Group Name' | Get-ADUser -Properties givenName, sn | select givenName, sn | Get-ADComputer -filter 'description -like "$sn,$givenName"' -property description | select Name*
Bold text works, I know Italics text wouldn't work but thats the format of how I'd think it would work
Let me know if I made any since, definitely a Powershell newbie
TLDR: trying to get Names of users and their computer name's based on a search of specific AD group
At that point in the pipeline, you're no longer directly using the output object of Get-ADUser as the input object of Get-ADComputer. That's where the ForEach-Object cmdlet comes in. It takes a scriptblock that allows you the define the behavior for each item in the pipeline:
Get-ADGroupMember 'Group Name' |
Get-ADUser -Properties givenName, sn |
ForEach-Object -Process {
$sn = $_.sn
$givenName = $_.givenName
Get-ADComputer -Filter 'description -like "$sn,$givenName"' -property description
} | select Name*
I am trying to get the list of a specific user’s groups and the groups’ descriptions using PowerShell.
import-module activedirectory
$username = Read-Host 'Please enter Username!'
Get-ADPrincipalGroupMembership $username | select name, description
The description field returns blank.
From Get-ADPrincipalGroupMembership manual:
The Get-ADPrincipalGroupMembership cmdlet returns a default set of ADGroup property values. To retrieve additional ADGroup properties pass the ADGroups objects produced by this cmdlet through the pipline to Get-ADGroup. Specify the additional properties required from the group objects by passing the -Properties parameter to Get-ADGroup.
So, let’s do it!
import-module activedirectory
$username = Read-Host 'Please enter Username!'
Get-ADPrincipalGroupMembership $username | Get-ADGroup -Properties * | select name, description
Also, in this case it should be enough to specify name,description instead of asterisk (*). If this is a performance issue, replace it. I am leaving it at asterisk because you might later change your mind about which properties you need.
Here is a simple but effective script to get AD Group info.
Get-ADGroup -filter * -Properties * | Select Name,GroupCategory,Description | Export-Csv D:\Test\SecurityGroups.csv
Just add or remove the attributes you would like to see in the Select area. To see a list of usable attributes you can do something like this:
Get-ADGroup -filter * -Properties * | Where-Object {$_.Name -eq 'DHCP Users' }
Get-ADPrincipalGroupMembership should work but fails if any group has a NAME containing '/' (which is a legal character in names as far as I understood the MS AD documentation).
This forces a heavy workaround:
$Groups = (Get-ADUser -identity $TemplateUserName -server $TemplateUserDomain -Properties MemberOf|select memberof).MemberOf|Get-ADGroup -Server :3268
foreach ($Group in $Groups)
{
Write-Output $Group.Name
}
Notice I use a domain search for the user's properties and then a search in global catalog
(-server :3268) for each group. Else you eventually won't get all of the user's groups or you'll get an error if any group belongs to a different domain than the user.
For a list of groups a user is member of:
(get-aduser NameOfTheUser -properties *).memberof
For Users
Get-ADUser -Filter {name -eq $username} -Properties * | select name,description
For Groups
Get-ADGroup -Filter {displayname -eq $groupname} -Properties * | select name,description
I am trying to combine some info from our Active directory - computer names, description and the user samAccountName since we have users that have nonstandard login names.
We have for computer description "FirstName LastName" of the user that is using it and I was able to put out the Computer name and description.
But when I try to extract the login with the following script:
Get-ADComputer -Filter 'name -like "wks-*"' -properties description|
sort name|
%{"$($_.name),$($_.description),$(get-aduser -Filter {name -eq $_.description})"}
I just get the distinguish name for the given user.
Is there a way to return by default a different property? If not how can such a thing can be accomplished?
I tried adding .samaccountname at the end like this:
%{"$($_.name),$($_.description),$(get-aduser -Filter {name -eq $_.description}).samaacountname"}
but this just concatenate it to the distinguished name.
If I understand the question, then I think this would do what you want:
Get-ADComputer -Filter 'name -like "wks-*"' -properties description |
Select-Object Name, Description, #{name='User'; expression = {(Get-ADUser -Filter {name -eq $_.description}).SamAccountName}}