I can't seem to figure out why this script won't work. There are no errors, but the $User object isn't getting evaluated to $True. The object is to enable a re-hired user's AD account if another system shows the re-hire date to be less than or equal to 8 days out from today.
$CSVLine = "C:\scripts\adp\Test ADP Import spec.csv"
$ErrorLog = "C:\scripts\adp\ADPProcessErrors.csv"
$a = Get-Date
ForEach ($row in (import-csv $CSVLine)) {
$User = Get-ADUser -LDAPFilter ("(sAMAccountName=" + $Row.sAMAccountName + ")") -Properties *
#Write-Host ("User:" + $user.samaccountname + " enabled =" + $user.enabled + " ")
If ((($User.Enabled -eq $False)) -and ($Row.'Date of hire/rehire' -gt $a) -and (($Row.'Date of hire/rehire') -le ($a.AddDays(8))) ) {
(Set-ADUser -Enabled $True -Identity $User)
("SID:" + $Row.sAMAccountName + ", User:[" + $User.givenName + " " + $User.sn + "] Re-Hire date is in range. Account enabled.") | Out-File -FilePath $ErrorLog -Append
}
}
Write-Host ("CSV Object: " + $Row.'Date of hire/rehire'.GetType())
Write-Host ("CSV Object Value:" + $Row.'Date of hire/rehire' + " " )
Write-Host ("User:" + $user.samaccountname + " enabled =" + $user.enabled + " ")
Those dates might need to be casted as [datetime]/dates so that the math against $a would work. It is most likely treating those as string to just doing alphabetical comparison.
PS C:\Users\mcameron> "b" -gt "a"
True
Can't tell you exactly what to do without sample dates so we can see the formats. From the comment if you dates are formatted like "2/8/2015" then a simple cast would address this.
PS C:\Users\mcameron> [datetime]"2/8/2015"
Sunday, February 08, 2015 12:00:00 AM
Update your if to the following:
If ((($User.Enabled -eq $False)) -and ([datetime]($Row.'Date of hire/rehire') -gt $a) -and ([datetime]($Row.'Date of hire/rehire') -le ($a.AddDays(8))) ){
#.....Process
}
It's a bit difficult to say without a sample of the input file but, if you're getting no error, I'd start by checking if $Row.sAMAccountName is evaluating to anything inside the loop. Like you have with your commented-out Write-Host line, for the $user properties.
Cheers.
Related
I would need help with the powershell command for setting logonhours property to login denied in AD.
Screen Capture for Logon Hours Window in AD
Thanks.
So best to make template user, then pull the values from that. I wrote this that will give you what you need:
$hours = get-aduser TempUserYouCreatedToGetItSetTheWayYouWanted -property logonhours | select -ExpandProperty logonhours
$Counter = 0
$HoursString = "[byte[]]`$hours = #("
foreach ($h in $hours) {
if ($Counter -gt 0) {
$HoursString = $HoursString + ","
}
$HoursString = $HoursString + "$($h)"
$Counter++
}
$HoursString = $HoursString + ")"
write-output $HoursString
The output will look like this:
[byte[]]$hours = #(255,255,255,255,255,255,255,255,128,255,255,128,255,255,128,255,255,128,255,255,255)
Which can be used by set-adusers like this:
set-aduser -identity whoeverYouWant -replace #{logonhours = $hours}
I have been trying to re-format this command by making it cleaner but I just can't seem to get around the write-output.
Get-QARSOperation -ParentContainer 'somedomain.com/OU1/OU2' -TargetObjectType 'user' |
Where-Object {$_.Status -eq 'Completed' -and $_.Controls.ID -eq 'OperationReason'} |
ForEach-Object {Get-QARSApprovalTask -Operation $_.ID} |
ForEach-Object {
Write-OutPut ("Target: " + $_.Operation.TargetObjectInfo.DN.Replace("CN=","").Replace("cn=","").Replace("\","").Replace(",","").Replace("OU","").Split('=')[0]);
Write-OutPut ("Operation ID: "+ $_.Operation.ID);
Write-OutPut ("Approver: " + $_.CompletedBy.DN.Replace("CN=","").Replace("\","").Replace(",","").Replace("OU","").Split('=')[0]);
Write-OutPut ("StartedOn: " + $_.Created);
Write-OutPut ("Completed: " + $_.Completed);
Write-OutPut ("Comments: " + $_.CompletionReason);
Write-OutPut ("Operation Type: " + $_.Operation.Type);
Write-OutPut ""
}
Also the format when I export to csv doesn't put the data into columns. What suggestions do you have to make this script look neater?
Thank you!
As suggested in the comments the correct thing to do is use Export-Csv to generate a CSV file. As for creating an object that you want to export and making that easy to read in the code you could do something similar to what you have, and use it to create a custom object that could then be piped to Export-Csv. Also, I think your whole .Replace("CN=","").Replace("cn=","").Replace("\","").Replace(",","").Replace("OU","").Split('=')[0] can be simplified to .Split('=,')[1]. The string's .Split() method accepts multiple characters to split on, and it will split on any of the characters provided. Here's what I would suggest, you will need to update the path at the end, and may have to revert to your longer .Replace bit if mine doesn't work for you.
Get-QARSOperation -ParentContainer 'somedomain.com/OU1/OU2' -TargetObjectType 'user' |
Where-Object {$_.Status -eq 'Completed' -and $_.Controls.ID -eq 'OperationReason'} |
ForEach-Object {Get-QARSApprovalTask -Operation $_.ID} |
ForEach-Object {
[PSCustomObject][Ordered]#{
"Target" = $_.Operation.TargetObjectInfo.DN.Split('=,')[1]
"Operation ID" = $_.Operation.ID
"Approver" = $_.CompletedBy.DN.Split('=,')[1]
"StartedOn" = $_.Created
"Completed" = $_.Completed
"Comments" = $_.CompletionReason
"Operation Type" = $_.Operation.Type
}
} |
Export-Csv C:\Path\To\File.csv -NoTypeInformation
You could use a Select statement, but I think this looks cleaner for you.
Running this code in a script (that grabs details from a form) to get a list of users groups and remove from all except group named "Group1" and "Group2":
#remove any group memberships except Group1 and Group2
$groups = Get-ADPrincipalGroupMembership $Inputsamaccountname.Text | Where-Object -filter {$_.name -ne 'Group1' -And $_.name -ne 'Group2'}
foreach ($group in $groups) {
$group = $groups.Name
$RemovegroupMsg = "Removing " + $inputSamAccountName.Text + " from " + $group
logentryDateTime $removeGroupMsg
Remove-ADPrincipalGroupMembership -Identity $inputSamAccountName.Text -MemberOf $group -Confirm:$false
if ($Error) {
$errorMessage = "Error removing " + $inputSamAccountName.Text + " from " + $group + " " + ($Error[0].ToString()) + " continuing."
logentryDateTime $errorMessage
$Error.Clear()
continue
} elseif (!$Error) {
Write-Output "" >> $outlogfile
logentryDateTime "Successfully removed " + $inputSamAccountName.Text + " from " + $group
}
}
The script works and you can see that the groups have been removed, however logs show a "Cannot bind argument to parameter 'Name' because it is null." error for each group that matches that criteria":
[2016-10-19 113117-820] : Removing user.test1 from Other-group
[2016-10-19 113117-820] : Error removing user.test1 from Other-group Cannot bind argument to parameter 'Name' because it is null. continuing.
I know it's likely something really simple in the logic of the foreach loop I'm missing.
This line seems like your problem: $group = $groups.name It is surprising to see you accessing the array ($groups) inside a foreach loop iterating across those elements. Did you mean $group = $group.name?
I have created a simple GUI to enter some values that are stored in a .txt file as soon as the User clicks OK.
For verification I'm displaying the data of the just created file with its input in a popup window.
As I want to use the data of the config file in several other .ps1 files that I'm using for a project, I started to move things into a globals.ps1 file. Everything works great, with the exception that I can no longer display the hashtable.
Here's what I have in my globals.ps1 :
# Wshell popup
$wshell = New-Object -ComObject Wscript.SHell
# read config
function readcfg
{
Get-Content -Path $cfg | foreach-object -begin { $conf = #{ } } -process {`
$key = [regex]::split($_, ':');
if (($key[0].CompareTo("") -ne 0) -and ($key[0].StartsWith("[") -ne $True))`
{ $conf.Add($key[0], $key[1]) }
}
}
And this is the part in my settings GUI which is executed if the OK button is pressed:
$cfgData = "
[Account]
Screds:" + $Admaccount.text + "
Spw:" + $PW + "
[Domainconfig]
Sdomain:" + $domain.text + "
SSearchBase:" + $searchBase.text + "
SdeactivatedUsers_OU:" + $deactivatedUsersOU.text + ""
Out-File -filepath $cfg -inputobject $cfgData -Force
Start-Sleep -s 1
$wshell.Popup("Settings saved:`nAccount: " + $conf.Screds + "`nDomain: " + $conf.Sdomain + "`nSearchBase: " + $conf.SSearchBase + "`ndeactivatedUsersOU " + $conf.SdeactivatedUsers_OU + "", 0, "Yarr...!", 0x0)
If I move the get-Content out of the readcfg function, I can display the values again. But that's of course not the solution, as it will display the old data if the settings are changed and the popup comes up again.
What am I missing here?
As stated by Kayasax in the comments, it was simply a "out of scope" issue.
after declaring the function and hashtable as global, it all works perfectly again.
# read config
function global:readcfg
{
Get-Content -Path $cfg | foreach-object -begin { $global:conf = #{ } } -process {`
$key = [regex]::split($_, ':');
if (($key[0].CompareTo("") -ne 0) -and ($key[0].StartsWith("[") -ne $True))`
{ $global:conf.Add($key[0], $key[1]) }
}
}
I am new in powershell world , I got some project on powershell for inventory reconciling .
I am not sure how to proceed on this , I tried some basic steps and I am able to export
users/group/group membership.
Following are the requirements :
Now What I have achieved - Thanks to Govnah
AD query:
Get-QADUser -searchRoot $OuDomain -SizeLimit 0 |
Select-Object dn, sAMAccountName, #{Name="Groups";Expression={(Get-QADMemberOf $_ | Select-Object -expandProperty Name) -join ";"}} |
Sort-Object SamAccountName |
export-csv $FilePath
I have now two csv files likes AD_users.csv and Oracle_users.csv
I want to compare both files and redirect the difference like
AD users does not exist in Oracle
Oracle User does not exist in AD
Sample data
AD_users.csv
u388848993
K847447388
u994888484
Oracle_users.csv
k095848889
u388848993
I can query oracle database , AD query is also fine the only concern is that I am not able to compare the output.
I did it something like this in a script I wrote:
[System.Collections.ArrayList]$adlist = Get-Content c:\users\sverker\desktop\ad.csv |Sort-Object
[System.Collections.ArrayList]$oraclelist = Get-Content c:\users\sverker\desktop\oracle.csv |Sort-Object
$Matching_numbers = #()
ForEach ($number in $adlist)
{
if ($oraclelist.Contains($number))
{
$Matching_numbers += $number
}
}
ForEach ($number in $Matching_numbers)
{
$adlist.Remove($number)
$oraclelist.Remove($number)
}
now $Matching_numbers now contains the matching numbers
and $adlist contains only numbers from AD
and $oraclelist only numbers from Oracle
you can then loop through the list and display values:
Write-Host "Matches:"
ForEach ($value in $Matching_numbers)
{
$Message += $value + [Environment]::NewLine
}
Write-Host $Message
Write-Host "AD only:"
ForEach ($value in $adlist)
{
$MessageAd += $value + [Environment]::NewLine
}
Write-Host $MessageAd
Write-Host "Oracle only:"
ForEach ($value in $oraclelist)
{
$MessageOracle += $value + [Environment]::NewLine
}
Write-Host $MessageOracle
or simply by writing
$Matching_numbers
will output the list to console
You can output the $Message variables to a file or so..
No doubt, there is a nicer way to do it, but this worked for me for a certain type of file.