I am trying to figure out how to grab a userID's last name attribute but not sure how. I have tried to look at some examples but are falling short. Below is what I have so far but want to either get the last name attribute separately or grab the display name (which is first.last) and pull all the information after the period. Please help
Import-Module activedirectory
#$userID = Get-Aduser -filter *
$userIDs = Get-Aduser "w35522"
foreach ($lastName in $userIDs) {
$lastname = (get-Aduser -Filter * -Properties displayname).lastname
}
write-host $lastName
Update:
Thanks to comment below I changed lastname to surname. Only issue is now it prints the OU too which I don't want.
Import-Module activedirectory
#$userID = Get-Aduser -filter *
$userIDs = Get-Aduser "w35522"
foreach ($user in $userIDs) {
$lastname = get-Aduser -Identity $userIDs -Properties * | Select-Object name, GivenName, SurName, DisplayName
$user.SurName
write-host $user
}
prints:
Weyers
CN=w35522,OU=Standard,OU=Users,OU=Corporate,DC=we,DC=dirsrv,DC=com
FINAL UPDATE:
ok figured it out. It needed to say write-host $lastname instead!
thanks
The property which is returned by default that you are looking for is surname. That being said you have other logic issues in your script.
Get-ADUser someuser| select surname
Once in the loop you do another Get-Aduser. Also you assign a value to $lastName which is the pipe object you should be attempting to access.
If you really wanted all the lastnames in the company you would do something like this.
Get-ADUser -Filter * | Select-Object Surname
Related
Recently completed an Azure AD provisioning integration between SuccessFactors and On-Prem AD.
In order for some of our existing users to get 'scoped in' to the Update provisioning, they first need to match on employee id (we currently do not use the Create functionality).
There are about 400 users that we've identified need to be matched, and our HR team has provided us with a csv with the following attributes (Full Name, EmployeeID). I need to somehow compare this file with all users in AD who have no employee id, and if not, update EmployeeId with the contents from the HR provided file.
I'm a bit stuck on how to attack this. Need a Big Brain :)
#import HR file with required attributes "Formal Name, EmployeeId"
#returns ~6500 entries
$SFUsers = Import-Csv Z:\ExportsFromProd\Global_ActiveHeadcountReport_08292022.csv
#returns ~1400 entries
#some accounts never get an employee id
$users = Get-ADUser -Filter "*" -Properties EmployeeID | Where-Object {$_.employeeID -eq $null}
foreach ($account in $users) {
$accountName = $account.name
get-aduser -Filter {Name -eq $accountName} -Properties * | Select-Object samaccountname, displayName
#this is where i need help:
<#
try {
Lookup $SFUser.'Formal Name' in $SFUsers array???
Get $SFUser.'EmployeeID' | set-aduser $account -employeeId $SFUser.'EmployeeId'
}
catch {
}
finally {
}
#>
}
'''
You can use the faster -Filter or LDAPFilter parameters of Get-ADUser to find only users where the EmployeeID property is unset.
Also, your code could be done by using Get-ADUser only once:
#import HR file with required attributes "Formal Name, EmployeeId"
#returns ~6500 entries
$SFUsers = Import-Csv -Path 'Z:\ExportsFromProd\Global_ActiveHeadcountReport_08292022.csv'
#returns ~1400 entries
#some accounts never get an employee id
$users = Get-ADUser -Filter "employeeid -notlike '*'" -Properties DisplayName, EmployeeID
# or use LDAPFilter
# $users = Get-ADUser -LDAPFilter "(!employeeID=*)" -Properties DisplayName, EmployeeID
foreach ($account in $users) {
# try and find this user in the csv file either by .Name or .DisplayName property
$HRUser = $SFUsers | Where-Object { $_.'Formal Name' -eq $account.Name -or
$_.'Formal Name' -eq $account.DisplayName}
if ($HRUser) {
$account | Set-ADUser -EmployeeID $HRUser.EmployeeId
}
else {
Write-Warning "AD user $($account.Name) not found in the CSV file.."
}
}
Im trying to pull just the names in specific AD fields, however I keep getting: "#{(Property)=Data}" when I write-host
'''
$TargetUserName = "User.test"
$Firstname = Get-ADUser -identity $TargetUserName -properties GivenName | Select-object GivenName
$Lastname = Get-ADUser -identity $TargetUserName -properties Surname | Select-object SurName
Write-Host $Firstname
Write-Host $Lastname
'''
Result:
#{GivenName=user}
#{SurName=Test}
I want it to just display the data within the result, so it needs to look like:
Result Desired:
user
Test
Im newer at Powershell, so bear with me please
You do not need write-host to display values of a variable or object property. You can reference them directly:
$TargetUserName = "User.test"
$ADUser = Get-ADUser -identity $TargetUserName
$ADUser.GivenName
$ADUser.Surname
The Get-ADUser command automatically returns an ADUser object with a default list of properties. Surname and GivenName are included so there is no need to use the -Properties switch in this case. The ADUser object property values can be accessed by using the objectname.property or (Object Expression).property.
I want to make a script that deletes bulk users, instead of using SAMACCOUNTNAME I want to use the first and last name, is that possible?
Import-Module ActiveDirectory
$ADusers = Import-csv C:\TEST\Delete.CSV
Foreach ($user in $ADusers) {
#Confirming the identity
$users = Get-ADUser -Identity $user -Properties | Select-Object Givenname, Surename
#Removing the user
Remove-ADUser -Identity $user.samAccountName -Confirm:$false
}
I like Ambiguous Name Resolution when searching for users in AD:
Get-ADUser -LDAPFilter "(anr=Jim Smith)"
This will search for all objects where any of the naming attributes (see link above for list) start with the string "jim smith", plus all objects where (givenName=jim*) and (sn=smith*), plus objects where (givenName=smith*) and (sn=jim*).
This is useful when 'Jims' account uses his fully name of 'Jimmy', this would be returned by ANR but not by a direct givenName/sn filter.
You can have multiple users with the same First/Last name, so you will need to deal with the situation of multiple users being returned.
SAMAccoutName, however is unique to a single account
EDIT:
If you've got a csv with the two columns GivenName & Surname:
foreach ($user in $ADusers) {
$firstname = $user.GivenName
$lastname = $user.Surname
Get-ADUser -LDAPFilter "(anr=$firstname $lastname)"
}
The above just lists the users returned from Get-ADUser, to remove them just pipe to Remove-ADUser. I'm using WhatIf to test, remove to actually delete the users:
Get-ADUser -LDAPFilter "(anr=$firstname $lastname)" | Remove-ADUser -WhatIf
Yes it is.
Get-ADUser -Filter {GivenName -eq "Max" -and sn -eq "Muller"} | Remove-ADUser
You need to alter your script accordingly.
I am trying to get Powerhsell to echo out for user input and query AD, but am getting stuck right off the bat. When I run the code it simply returns no results with the variable. Also would like to be able to trim down the return to only a few Properties. If multiple users have similar names I will need to create a loop or something to work through the multiple accounts just have not got there yet. The goal of this is to be able to quickly view the necessary information about users on a help desk and eventually be able use it to do simple password resets and moving of objects. Very new at this and am very thankful for any advice or help. This site always dose me well. Thanks in advance.
$Firstname = Read-Host 'What is the users FirstName?'
$Lastname = Read-Host 'What is the users Lastname?'
Get-ADUser -Filter {(Name -Like "$Firstname*") -And (Surname -Like "$Lastname*")} -Properties LastLogondate LockedOut EmployeeID
This is a known issue with the -Filter parameter on AD cmdlets. You can use a variable by itself, but not inside of a string inside the filter.
So you can do this instead:
$Firstname = Read-Host 'What is the users FirstName?'
$Firstname = "$Firstname*"
$Lastname = Read-Host 'What is the users Lastname?'
$Lastname = "$Lastname*"
Get-ADUser -Filter {(Name -Like $Firstname) -And (Surname -Like $Lastname)} -Properties LastLogondate LockedOut EmployeeID
The argument to the Properties parameter is an array of strings, you need to separate those by comma:
Get-ADUser -Filter {(Name -like "$Firstname*") -and (Surname -like "$Lastname*")} -Properties LastLogondate,LockedOut,EmployeeID
Can someone please tell me how I can rename sn and givenName of a contact object in active directory?
This is how I query the data in my contacts OU:
Get-ADObject -Filter {(ObjectClass -eq "contact") -and (givenName -like "*myName*") } -Properties sn, givenName -SearchBase "OU=contacts,DC=domain,DC=name"
From Microsoft:
To modify the given name, surname and other name of a user, use the
Set-ADUser cmdlet
My goal is to modify the values of both properties because I have text that is all in lowercase and I was hoping to use something like:
$TextInfo = (Get-Culture).TextInfo
$TextInfo.ToTitleCase("one-two three")
Desired Output: One-Two Three
to get a capital letter for each word.
Some examples would be great.
If you know of a GUI-Tool that does what I need then please share as well.
To change the attributes on a contact AD object you will need to use the Set-ADOject Cmdlet, with the -Replace parameter. Set-ADUser will only set attributes of an AD object of type user.
The following code will take the full name of the contact object, search for it in AD and then change the GivenName, SN and DisplayName to title case.
I have added the DisplayName as this field is not automatically update when you change the first and last name, but you can delete this part if it's not needed.
$fullname = "My Name"
$contact = Get-ADObject -Filter {(ObjectClass -eq "contact") -and (Name -like $fullname)} -Properties * -SearchBase "OU=contacts,DC=domain,DC=name"
$TextInfo = (Get-Culture).TextInfo
$GivenNametoTitleCase = $TextInfo.ToTitleCase(($contact.givenName).ToLower())
$SNtoTitleCase = $TextInfo.ToTitleCase(($contact.sn).ToLower())
$DisplayNametoTitleCase = $TextInfo.ToTitleCase(($contact.DisplayName).ToLower())
$contact | Set-ADObject -Replace #{GivenName=$GivenNametoTitleCase;`
sn=$SNtoTitleCase;`
DisplayName=$DisplayNametoTitleCase;}