So I read stackoverflow a lot and it always helps me with my understanding, at the moment, I'm a bit stumped on the matching any of multiple variables and as such, thought I'd ask the exports.
A bit of background on my task.
I am a systems admin for an AD forest with multiple child domains (+4), we are going through a process to consolidate these domains into one - however, unfortunately, as each was managed independently we have comes across the age old 'duplicate SAM' issue (and will for sure come across dupe UPNs too once we start digging).
As such - I am trying to build a script to find these duplicates so I can address them with the teams who support the users in these domains.
I've got a fair way through this, I've exported a list of the SAMs for one migrating domain, and I can parse this into PS and have it look up each SAM against all of my domains and either give me a variable with the username OR $null.
So, I now just want to understand what the 'IF' command is for matching more than one variable and showing which ones match.
So, for example, from these variables...
$one="MSmith01"
$oneNT="DOMAIN1\MSmith01"
$two="MSmith01"
$twoNT="DOMAIN2\MSmith01"
$three=$null
$threeNT=$null
$four=$null
$fourNT=$null
$five="MSmith01"
$fiveNT="DOMAIN5\MSmith01"
$six=$null
$sixNT=$null
How do I write the IF command to show me if more than one variable matches??
If I write this:
if ($one -match $two -match $three -match $four -match $five -match $six) {write-host "Duplicate Found - $oneNT, $twoNT, $threeNT, $fourNT, $fiveNT, $sixNT." -foregroundcolor "yellow"}
It will show me :
Duplicate Found - DOMAIN1\MSmith01, DOMAIN2\MSmith01, , , DOMAIN5\MSmith01,.
But, if the variables are:
$one=$null
$oneNT=$null
$two="MSmith01"
$twoNT="DOMAIN2\MSmith01"
$three="MSmith01"
$threeNT="DOMAIN3\MSmith01"
$four=$null
$fourNT=$null
$five=$null
$fiveNT=$null
$six=$null
$sixNT=$null
Then the result seems to ignore the fact that DOMAIN 2 and DOMAIN3 have matching SAMs and it appears that "x -match y -match z" is really actually only comparing x and y, so I get nothing.
Which is obviously incorrect.
Can anyone explain how I compare and look for ANY duplicate amongst several variables?
Thanks
To further elaborate:
To get my variables I'm doing this:
$SAMAccountList=gc "C:\My Documents\Domain2SAMList.txt"
$SamAccountList | % {
$one=Get-QADUser -SamAccountName $_ -IncludedProperties SamAccountName -Server dc.domain1.local | foreach { $_.SAMAccountName }
$oneNT=Get-QADUser -SamAccountName $_ -IncludedProperties NTAccountName -Service dc.domain1.local | foreach { $_.NTAccountName }
$twoSAM=Get-QADUser -SamAccountName $_ -IncludedProperties SamAccountName -Service dc.domain2.local | foreach { $_.SAMAccountName }
$twoNT=Get-QADUser -SamAccountName $_ -IncludedProperties NTAccountName -Service dc.domain2.local | foreach { $_.NTAccountName }
#...
#...
#...etc for each domain
}
This then gives me a set of variables as I mentioned above
I would put them in a customobject and search with the unique names.
$NAMES = #()
$NAMES += [pscustomobject] #{name=$one;nameNT=$oneNT}
$NAMES += [pscustomobject] #{name=$two;nameNT=$twoNT}
$NAMES += [pscustomobject] #{name=$three;nameNT=$threeNT}
$NAMES += [pscustomobject] #{name=$four;nameNT=$fourNT}
$NAMES += [pscustomobject] #{name=$five;nameNT=$fiveNT}
$NAMES += [pscustomobject] #{name=$six;nameNT=$sixNT}
$UniqueNames=($NAMES | Sort-Object -Property name -Unique).Name
ForEach($Uniquename in $UniqueNames){
if($Uniquename -ne $NULL){
$SEARCH_RESULT=$NAMES|?{$_.Name -eq $Uniquename}
if ( $SEARCH_RESULT.Count -gt 1)
{
$SEARCH_RESULT
}
}
}
I get the following results
First data set
name nameNT
---- ------
MSmith01 DOMAIN1\MSmith01
MSmith01 DOMAIN2\MSmith01
MSmith01 DOMAIN5\MSmith01
Second data set
name nameNT
---- ------
MSmith01 DOMAIN2\MSmith01
MSmith01 DOMAIN3\MSmith01
Related
I have a PowerShell script that is generating from a file.txt a list of users and groups where they belong to.
The next step that I need to achieve is to confirm if the group from file Groups.txt is assigned to users.
To do this I used logical operator -contains so the code is looking like that:
$UserList = Get-Content ("C:\users.txt")
$GroupList = Get-Content ("C:\Groups.txt")
$result = #()
foreach ($UserList in $UserList){
$data = New-Object PSObject
$Group = (Get-ADPrincipalGroupMembership -Identity $UserList | foreach {$_.SamAccountName}) -contains $GroupList
$data = get-aduser $Userlist -properties samaccountname,givenname,surname | select samaccountname,givenname,surname, #{name="Groups";expression={$Group}}
$result += $data
}
$result
The code is working when I have only one group in file Groups.txt. If I have two or more it is applying only the last one with value True
The resolution what I expecting is
When the user has one or multiple groups from the file Group.txt script should mention that group name and nothing else.
To be more precise I need something like that as results:
samaccountname givenname surname Groups
-------------- --------- ------- ------
User FirstName Surname False (or anything)
User1 Firstname Surname Group1, Group2, Group3
Many thanks for any help in this matter.
You can do the following:
$UserList = Get-Content "C:\users.txt"
$GroupList = Get-Content "C:\Groups.txt"
$result = foreach ($User in $UserList) {
$Groups = Get-ADPrincipalGroupMembership -Identity $User |
Where SamAccountName -in $GroupList
Get-ADUser -Identity $User -Properties GivenName,Surname |
Select-Object SamAccountName,GivenName,Surname,#{name="Groups";expression={$Groups.SamAccountName}}
}
$result
When using a foreach loop, the proper syntax is foreach ($<item> in $<collection>) { statements }. $<item> is just a variable that you can reference within the statements, and it should be a variable that has not been assigned up until that point. See About_Foreach.
If your foreach statements produce output as in this case, they can simply be collected by assigning a variable to the foreach loop. This will result in a more efficient array assignment. Using += to effectively expand an array, just results in creating a new array on each loop iteration that is bigger than the previous. It is not efficient and is unnecessary in cases like these.
Regarding collection comparison, -contains is used when comparing a left-hand side (LHS) single item with a right-hand side (RHS) collection. A sample syntax would be $<collection> -contains $<single_item>. -in is used when comparing a LHS single item with a RHS collection. A sample syntax would be $<single_item> -in $<collection>. See About Comparison Operators.
Since you ultimately wanted to gather groups from a command output based on a certain condition, that is a prime candidate for Where or Where-Object. It's pseudo code usage is out of these 20 items, show me the ones that meet a certain condition. See Where-Object.
Currently, I'm trying to add a function to my powershell script with the following goal:
On a computer that isn't added to the domain (yet), have it search a local AD server (Not azure) for the next available name based off the user's input.
I have tried and failed to use arrays in the past, and I want to use the Get-ADComputer cmdlet in this, but I'm not sure how to implement it.
$usrinput = Read-Host 'The current PC name is $pcname , would you like to rename it? (Y/N)'
if($usrinput -like "*Y*") {
Write-Output ""
$global:pcname = Read-Host "Please enter the desired PC Name"
Write-Output ""
$userinput = Read-Host "You've entered $pcname, is this correct? (Y/N)"
if($usrinput -like "*N*") {
GenName
#name of the parent function
}
Write-Output ""
The above code is part of a larger script that parses a computer name and assigns it to the correct OU in the end.
Our naming scheme works like this: BTS-ONE-LAP-000
So it is: Department - Location - Device Type - Device Count
The code will then take the first part "BTS-ONE" and parse it for the correct OU it should go to, and then assign it using the Add-Computer cmdlet. It will also rename the machine to whatever the user typed in ($pcname).
So, before it parses the name, I'd like it to search all current names in AD.
So, the user can type in: "BTS-ONE-LAP" and it will automatically find the next available Device Count, and add it to the name. So, it will automatically generate "BTS-ONE-LAP-041".
Added Note:
I've used Get-ADComputer -Filter 'Name -like "BTS-ONE-LAP-*"' | FT Name and the output is
Name
----
BTS-ONE-LAP-001
BTS-ONE-LAP-002
BTS-ONE-LAP-006
BTS-ONE-LAP-007
BTS-ONE-LAP-009
BTS-ONE-LAP-010
BTS-ONE-LAP-022
BTS-ONE-LAP-024
BTS-ONE-LAP-025
BTS-ONE-LAP-028
BTS-ONE-LAP-029
BTS-ONE-LAP-030
BTS-ONE-LAP-031
BTS-ONE-LAP-032
BTS-ONE-LAP-034
BTS-ONE-LAP-035
BTS-ONE-LAP-036
BTS-ONE-LAP-037
BTS-ONE-LAP-038
BTS-ONE-LAP-039
BTS-ONE-LAP-040
BTS-ONE-LAP-041
BTS-ONE-LAP-050
BTS-ONE-LAP-051
I don't know how to parse this so the code knows that BTS-ONE-LAP-003 is available (I'm terrible with arrays).
$list = (Get-ADComputer -Filter 'Name -like "BTS-ONE-LAP-*"' | Sort-Object Name[-1])
$i = 1
$found = $false
Foreach($Name in $list.Name)
{
while($i -eq [int]$Name.Split("-")[3].Split("-")[0])
{
$i++
}
}
$i
The above code will go through each name in the list, and will stop when it discovers say the 3rd computer in the set is NOT computer #3.
Example:
BTS-ONE-LAP-001 | $i = 1
BTS-ONE-LAP-002 | $i = 2
BTS-ONE-LAP-006 | $i = 3
It split BTS-ONE-LAP-006 to be 006, and convert it to an integer, making it 6.
Since 6 does not equal 3, we know that BTS-ONE-LAP-003 is available.
Another way could be to create a reusable function like below:
function Find-FirstAvailableNumber ([int[]]$Numbers, [int]$Start = 1) {
$Numbers | Sort-Object -Unique | ForEach-Object {
if ($Start -ne $_) { return $Start }
$Start++
}
# no gap found, return the next highest value
return $Start
}
# create an array of integer values taken from the computer names
# and use the helper function to find the first available number
$numbers = (Get-ADComputer -Filter 'Name -like "BTS-ONE-LAP-*"') |
ForEach-Object { [int](([regex]'(\d+$)').Match($_.Name).Groups[1].Value) }
# find the first available number or the next highest if there was no gap
$newNumber = Find-FirstAvailableNumber $numbers
# create the new computername using that number, formatted with leading zero's
$newComputerName = 'BTS-ONE-LAP-{0:000}' -f $newNumber
Using your example list, $newComputerName would become BTS-ONE-LAP-003
Note that not everything a user might type in with Read-Host is a valid computer name. You should add some checks to see if the proposed name is acceptable or skip the proposed name alltogehter, since all your machines are named 'BTS-ONE-LAP-XXX'.
See Naming conventions in Active Directory for computers, domains, sites, and OUs
I am comparing a predetermined object (VMHostVirtualSwitch Name) value with all object(VMHostVirtualSwitch Names) values within a collection of objects and want the status to be "FAIL" if the objects don't match
I have written the following code so far but it doesn't seem to be working. I know the objects don't match and I should get "FAIL" as an output
$VMHostVirtualSwitch = Get-VMHostNetwork -VMHost abc.com | Select-Object VirtualSwitch*
$Cluster = Get-Cluster -VMHost abc.com
$VMHosts = Get-Cluster $Cluster | Get-VMHost
[int]$Switchcount=0
foreach ($VMHost in $VMHosts){
$CurrentHostVirtualSwitch = Get-VMHostNetwork -VMHost $VMHost | Select-Object VirtualSwitch*
if ($CurrentHostVirtualSwitch -ne $VMHostVirtualSwitch) {
$Switchcount++
}
}
if($Switchcount -ge 1) {
Write-Output "FAIL"
}
$VMHostVirtualSwitch has the following value
VirtualSwitch
-------------
{vSwitch3}
When I expand the $VMHostVirtualSwitch , I get the following values
Name NumPorts Mtu Notes
---- -------- --- -----
vSwitch3 10562 2340
You problem is PowerShell does not know how to compare those objects. Even if they had the same data they are technically two different objects (a blog post touches on this subject). At the end of the day if you are just comparing the names then do your comparison on just those.
$VMHostVirtualSwitch = (Get-VMHostNetwork -VMHost abc.com).VirtualSwitch.Name
$Cluster = Get-Cluster -VMHost abc.com
$VMHosts = Get-Cluster $Cluster | Get-VMHost
[int]$Switchcount=0
foreach ($VMHost in $VMHosts){
$CurrentHostVirtualSwitch = (Get-VMHostNetwork -VMHost $VMHost).VirtualSwitch.Name
if ($CurrentHostVirtualSwitch -ne $VMHostVirtualSwitch) {
$Switchcount++
}
}
if($Switchcount -ge 1) {
Write-Output "FAIL"
}
Now you should just be comparing strings which will get you more predictable results. I have only change the variable expansion in the above example. You might have some error checking to do to account for.
Something like this might be shorter then your loop
$badHosts = $VMHosts | Where-Object{(Get-VMHostNetwork -VMHost $_).VirtualSwitch.Name -ne $VMHostVirtualSwitch}
if($badHosts.count -ge 1) {
Write-Output "FAIL"
}
Compare-Object would also be a way to go for this, especially if there was multiple properties you were comparing: example. Since we are boiling down to simple strings I think what I propose should suffice.
I'm relatively new to PowerShell scripting and have mainly been cobbling together different scripts and cmdlets from Googling what I'm trying to do. One problem that I'm unable to Google, or search for on StackExchange, because of the special characters is having all my results come out as #{ColumnName=ColumnData}.
Here's an example script I found somewhere for pulling all the members of an AD group.
$Groups = Get-ADGroup -Filter {Name -like "!GroupName"}
$path = $groups
$myCol = #()
ForEach ($Group in $Groups)
{
$Members = #(Get-ADGroupMember "$Group")
ForEach ($Member in $Members){
try{
$user = get-aduser -identity $member -properties displayname
$MyObject = New-Object PSObject -Property #{
Displayname = $user.Displayname
}
$mycol += $MyObject}
catch {}}
}
Write-Host $MyCol | FL
I'm pretty sure there are better ways to get the members of an AD group but that's not the issue at the moment. The problem is all the data comes out like #{Displayname=Lawrence, Kimberly} and this happens with many of the scripts I've thrown together.
Any ideas on how to write scripts properly so I can just get DisplayName = Lawrence, Kimberly?
I agree your code is complex and it does not need to be. A couple of things that are important to mention is why your output looks the way it does.
You are creating an array of PSCustomObjects which function similar to hash-tables. In the end of your processing you have an array of objects with the property DisplayName. Since you are using Write-Host to display the the contents of $myCol it needs to cast it a string array in order to display it. You would see similar output if you just typed [string[]]$myCol. I should hope that you are doing something else in the processing as like the other answers show you have a very complicated way of getting what you are looking for.
Without beating the horse about those other solutions I will suggest some minor changes to yours as it stands. Your title and last sentence contradict what you are looking for since you want to remove the ColumnName in the title and the last sentence you are looking for output like DisplayName = Name.
Changing the last line will address both of these. If you just want the displaynames on there own
$myCols | Select-Object -ExpandProperty DisplayName
Lawrence, Kimberly
and if you actually want the other format you could do this
$myCols | ForEach-Object{
"DisplayName = $($_.DisplayName)"
}
Again, like the other answers, I stress that your code could use simple overhaul. If you needed to understand why it was working the way it way I hope I helped a little.
This actually has nothing to do with Active Directory; You are creating custom objects, then outputting them directly, and by default that is how PowerShell will format the output if you use Write-Host (which is intended to customize output). If you would like to be more specific about what your output should look like, we can help, but here is an example that outputs the results as just a list of strings, just using Write-Output:
$myCol = #()
$MyObject = New-Object PSObject -Property #{ DisplayName = "Lawrence, Kimberly" }
$myCol += $MyObject
$MyObject = New-Object PSObject -Property #{ DisplayName = "Hello, World" }
$myCol += $MyObject
# The default will show at-symbols, etc: Write-Host $MyCol | FL
Write-Output $myCol
The output will be:
DisplayName
-----------
Lawrence, Kimberly
Hello, World
Try this:
Get-ADGroup -Filter "Name -like '!GroupName'" |
Get-ADGroupMember |
Get-ADUser -Properties DisplayName |
Select-Object DisplayName
When I ran your code, I also got the hashes, even without special characters. Your code is way too unnecessarily complex.
I am trying to make a list of all groups that contain members from a specific OU. To do this, I am reading a file with the list of all group names and using get-ADGroupMember $groupName to find the members of each group. I am converting the value of each member to string and comparing to $member.indexOf("specific OU"). The problem is, I haven't figured out how to get $member[$i].indexOf("specific OU"). My code is below.
EDIT: If I use a for-each loop I can loop through the members properly, but I cannot use the break, which prevents duplicates.
Import-Module ActiveDirectory
#declaring end result group array
$results = #()
#sets path for files
$pathName = $MyInvocation.MyCommand.Path
$pathLen = $pathName.LastIndexOf("\")
$pathStr = $PathName.Substring(0,$pathLen +1)
$APgroupFile = $pathStr + "APGroups.csv"
$groupFile = $pathStr + "GGroups.csv"
#gets the list of group names and loops through them
get-content $groupFile | foreach-object{
#sets all of the group names
#start of if1
if($_.IndexOf("CN=") -ge 0){
$nameStart = $_.IndexOf("CN=")+3
$nameEnd = $_.indexOf(",")-$nameStart
$name = $_.substring($nameStart, $nameEnd)
#issue starts here
#goal is to find member of "specific OU".
#If found, add group to $results. If not, go to next group
$members = get-ADGroupMember -Identity $name
if($members.length -gt 0){
$i=0
for($i=0; $i -le ($members.length -1); $i++){
#need to check users OU for specific OU. If a user is member, save group to .txt. If none are members, move to next group
$OU = $members.toString()
if($OU.indexOf("OU=specific OU") -ge 0){#start of if OU
$results += New-Object psObject -Property #{'GroupName'=$name; 'Member'=$OU}
break
}#end if OU
}#end for mem.length
}#end if mem.length
}#end if1
}#end foreach
$results | Export-Csv $APgroupFile -NoTypeInformation
Try this:
Get-ADGroupMember -Identity $name |
Where-Object {$_.distinguishedName -like '*OU=specific OU*'}
A consideration that you did not explicitly mention: what about nested OUs? I.e., are you only considering a member immediately within your target OU? Or would a member of an OU two or three levels deep also logically, for your purposes, be included? E.g., if "California" is your target OU, do you want only objects directly under California? Or do you want to include all the members of San Francisco and all the members of San Diego (which are sub-OUs of California) in the result set? Either way:
Get-ADUser includes search and filter capability - http://technet.microsoft.com/en-us/library/ee617241
Get-ADuser -Filter {sAMAccountName -eq "jdoe"} -SearchBase "OU=IS,DC=foodomain,DC=com" -SearchScope SubTree
Get-ADuser -Filter {sAMAccountName -eq "jdoe"} -SearchBase "OU=IS,DC=foodomain,DC=com" -SearchScope OneLevel
So the approach here is to search your target OU for your target user, a separate search for each user. You will get that user in the returned result-set, or not. That can be the condition you test for. Obviously you will want to replace "jdoe" with the appropriate variable (I think $members[i].SamAccountName will do the trick there).
Just saw Shay Levy's answer. Much more concise, good job. Without explicit searchbase, you might end up visiting containers with the same name that are buried under other parent OUs, but the result set should be the same. E.g., if every city contains a standard "Office Staff" OU, each of them will be searched with the "OU=Office Staff" expression. You might want to try both approaches and test for performance differences. That being equal, Shay Levy's reads more pleasantly.