I have been searching everywhere, and have tried many different combinations, but I can't seem to figure out how to get the "Job title" from the organization part of AD.
Here are a few things that I have tried
get-aduser -Filter * -SearchBase "Bob.Barker" -Properties sAMAccountName,Title
Get-ADUser -identity "Bob.Barker" -Filter * -Properties title | group title -NoElement
Also, as a bonus question how would you set the job title.
Thank you all for your assistance.
In your example, if the user's username is Bob.Barker then use this:
get-aduser -Filter {samAccountName -eq "Bob.Barker"} -Properties sAMAccountName,Title
or if surname is Barker
get-aduser -Filter {sn -eq "Barker"} -Properties sAMAccountName,Title
(old thread I'm aware, I'm just happy I know the answer to some of these questions - hopefully help out the next guy/gal that needs this reference quickly)
These chunks of powershell are correct:
get-aduser -Filter {samAccountName -eq "Bob.Barker"} -Properties sAMAccountName,Title
(looking up by SamAccountname, a little more accurate)
get-aduser -Filter {sn -eq "Barker"} -Properties sAMAccountName,Title
(Looking up by surname/lastname, if you have a big AD you'll have a lot of results to go through)
The other question above was
Also, as a bonus question how would you set the job title.
Here it is below:
Get-aduser -identity bob.barker | set-aduser -replace #{title="New Job Title"} -whatif
I like using the -whatif, just in case something goes terribly wrong and I make the CEO the janitor or something.
And here you commit it: Notice, you find the user first with get-aduser, then in the pipe |, you set-aduser with the new value between the #{} braces
Get-aduser -identity bob.barker | set-aduser -replace #{title="New Job Title"}
And here's a bonus answer. If you want to export a whole bunch of users with the same title who need a new title, export your search results into a CSV:
Get-Aduser -filter 'Title -like "Old Job Title"' -Properties * | select samaccountname | Export-csv "C:\some_path\change_these_titles_samaccountnames.csv"
The exported CSV will only have the SamAccountnames that match that job title you're looking for (in this case "Old Job Title").
Now, create a few $variables to store the new job title, the CSV to import, and the samaccountname, and a for-loop to look at the CSV File.
$Set_Title=Import-CSV "C:\some_path\change_these_titles_samaccountnames.csv"
$New_Title="New Title for everyone in CSV file"
foreach ($User in $Set_Title) {
$User.sAMAccountName
Set-ADUser -Identity $User.sAMAccountName -Title $New_Title
}
you could even put a count variable outside the for-loop to show how many users were updated:
$total = ($Set_Title).count
$total
Write-Host "AD User Titles have been updated..."
Hope this helps the next person out!
Use this to get all the information you need, like title related or organizational info
Get-ADUser -Filter {samAccountName -like "*bla*"} -Properties *
Related
the following code should work for prepend an additional description before the current content but how to do the same for every user belong to specific OU? Any suggestion?
get-aduser USERNAME -properties Description | ForEach-Object { Set-ADUser $_ -Description "additional data - $($_.Description)"}
Thanks!!!
get-aduser -filter * -properties Description -searchbase "DistinguishedName_to_OU_containing_Users" | ForEach-Object { Set-ADUser $_ -Description "additional data - $($_.Description)"}
You need the -searchbase parameter to narrow down your focus
I have got the value in the file is under the SMTPproxyaddresses header.So, I'm trying something along this lines.
foreach ($user in $userID)
{
$ADuser = Get-ADUser -Filter "ProxyAddress -eq $($user.SMTPproxyaddresses)" -Properties whenCreated, Enabled, SAMAccountName
}
CSV file :
SMTPproxyaddresses
userproxy#contoso.com
testproxy#contoso.com
user2proxy#contoso.com
user3proxy#contoso.com
I couldn't get it working with a variable inside the Filter parameter, but it worked typed outright. However, the alternative is using an LDAPFilter and this worked for me.
Get-AdUser -LDAPfilter "(ProxyAddresses=*$($user.SMTPaddresses))" -Properties whenCreated, Enabled, SamAccountName
We are looking to create a Powershell script that will automatically sort our user base by Country Code into two AD groups, one for English speakers, and one for French speakers. We are having challenges in getting this to work.
Each account should only be on one list, based on their country. The original source list of members for our list is Staff All, and we are looking into having two groups, one called Staff All EN, and the other called Staff All FR. It should also be able to exclude those in a Disabled OU for accounts that are no longer valid. (see below)
This is what we have so far:
$frenchCC = Get-Content .\CCFrench.txt
$staffAll = "CN=Staff-ALL,OU=Internal,OU=DistributionLists,OU=SFCG,DC=sfcg,DC=org"
$staffAllEn = "CN=Staff ALL EN,OU=Internal,OU=DistributionLists,OU=SFCG,DC=sfcg,DC=org"
$staffAllFr = "CN=Staff ALL FR,OU=Internal,OU=DistributionLists,OU=SFCG,DC=sfcg,DC=org"
$Target = Get-ADGroupMember -Identity $staffAll
We have tried several different approaches. The idea is to populate the French list from the AD based on the country code list. Populate the Staff-EN by copying the Staff-ALL list and then removing everyone in the French list.
And somewhere in the process, Remove everyone who is in HR-Disabled.
foreach ($Person in $Target) {
Add-ADGroupMember -Identity $staffAllEn -Members $Person.distinguishedname -confirm:$false
}
foreach ($Country in $frenchCC) {
Add-ADGroupMember -Identity $staffAllFr -Members (Get-ADUser -Filter '"$country"' -eq '") -confirm:$false
}
foreach ($Country in $frenchCC) {
Remove-ADGroupMember "Staff-ALL-EN" -Members (Get-ADUser -Filter $Country) -confirm:$false
}
$searchOU = Specify the OU where your groups are here (OU=Groups,DC=domain,DC=local)
Get-ADGroupMember Staff-ALL-EN -Properties Disabled | Remove-ADGroupMember Staff-ALL-EN
Get-ADGroupMember Staff-ALL-FR -Properties Disabled | Remove-ADGroupMember Staff-ALL-FR
In the source file for the country code, we have put the country codes in single quotes, double quotes and no quotes. with no difference.
This has really caught us in a pickle. Any suggestions would be appreciated.
I was able to work on the following for Brad, but I am not being able to make it run for each line in the text files (ex: multiple country codes). Anyone know what to change?
$frenchCC = Get-Content .\Countries.txt
$OUs = Get-Content .\OUs.txt
$userListFR = Get-ADUser -Filter {country -eq $frenchCC} -SearchBase $OUs -SearchScope OneLevel
$userListEN = Get-ADUser -Filter {country -ne $frenchCC} -SearchBase $OUs -SearchScope OneLevel
foreach($user in $userListFR) {add-adgroupmember "Staff-ALL-FR" -Members $user}
foreach($user in $userListEN) {add-adgroupmember "Staff-ALL-EN" -Members $user}
I'm attempting to move AD users to different ou's based on a CSV file of employee numbers. I've searched around and I have found a suggestion and tried this code:
Import-Module ActiveDirectory
$TargetOU = "OU=Math,OU=Students,DC=domain,DC=net"
$IDs = Import-CSV "c:\testids.csv" | Select -ExpandProperty employeeID
Get-ADUser -filter * -Properties employeeID | Where { $IDs -contains $_.employeeID } |
Move-ADObject -TargetPath $TargetOU
My csv file looks like this
employeeID
11111
22222
33333
It runs with no errors. But the users never move. Im running Server 2012R2.
Any suggestions? Am I on the wrong track or completely off in left field?
Try this
Import-Module ActiveDirectory
$TargetOU = "OU=Math,OU=Students,DC=domain,DC=net"
$IDs = Import-CSV "c:\testids.csv" | Select employeeID
$IDs | % { Get-ADUser -Filter { employeeID -eq $_.employeeID } -Property employeeID |
Move-ADObject -TargetPath $TargetOU }
Sorry, I pushed 'Enter' too quickly. This has your CSV saved as the $IDs object before you start. I think your pipes were a little out of order. Let me know if this works, and if it doesn't I'll try again.
Ok, I'm on the bandwagon of I want to be sure your finding the correct users first. Theory being that Move-ADObject is not getting any input.
First I would do this to check the CSV file contents.
Get-Content "c:\testids.csv" | Select -Skip 1 | ForEach-Object{"'$_'"}
Then assuming that is working what is the result of this command?
$IDs | ForEach-Object{Get-ADUser -Filter "employeeID -eq '$_'" -Property employeeID
Update from Comments
I wonder now if you are looking at the wrong AD Attribute. Maybe it should be EmployeeNumber.
$IDs | ForEach-Object{Get-ADUser -Filter "employeeNumber -eq '$_'" -Property employeeNumber
Give that a try and see if that is what you need?
Also should try and verify that you have no white-space or special characters in the actual employeeid
"'$(Get-Aduser accountthathasid -properties employeeid | select -expand employeeid)'"
I'm willing to bet that the whole issue you're running into is that Get-ADUser is returning no user objects.
<Previous answer removed>
Edit: Ok, I give up, this makes no sense. I now can not find my own user by looking for it by EmployeeID. I think there may be some issues searching by employeeID because this returns nothing:
$me = get-aduser $env:USERNAME -Properties EmployeeID
Get-ADUser -filter "EmployeeID -eq '$($me.EmployeeID)'" -Properties EmployeeID
I verified that $me does in fact contain my ADUser object info, including my EmployeeID. I thien tried:
Get-ADUser -filter "UserPrincipalName -eq '$($me.UserPrincipalName)'"
This did work, so I am sure that my format works. At this point, I withdraw and wish you luck.
I am trying to get the list of a specific user’s groups and the groups’ descriptions using PowerShell.
import-module activedirectory
$username = Read-Host 'Please enter Username!'
Get-ADPrincipalGroupMembership $username | select name, description
The description field returns blank.
From Get-ADPrincipalGroupMembership manual:
The Get-ADPrincipalGroupMembership cmdlet returns a default set of ADGroup property values. To retrieve additional ADGroup properties pass the ADGroups objects produced by this cmdlet through the pipline to Get-ADGroup. Specify the additional properties required from the group objects by passing the -Properties parameter to Get-ADGroup.
So, let’s do it!
import-module activedirectory
$username = Read-Host 'Please enter Username!'
Get-ADPrincipalGroupMembership $username | Get-ADGroup -Properties * | select name, description
Also, in this case it should be enough to specify name,description instead of asterisk (*). If this is a performance issue, replace it. I am leaving it at asterisk because you might later change your mind about which properties you need.
Here is a simple but effective script to get AD Group info.
Get-ADGroup -filter * -Properties * | Select Name,GroupCategory,Description | Export-Csv D:\Test\SecurityGroups.csv
Just add or remove the attributes you would like to see in the Select area. To see a list of usable attributes you can do something like this:
Get-ADGroup -filter * -Properties * | Where-Object {$_.Name -eq 'DHCP Users' }
Get-ADPrincipalGroupMembership should work but fails if any group has a NAME containing '/' (which is a legal character in names as far as I understood the MS AD documentation).
This forces a heavy workaround:
$Groups = (Get-ADUser -identity $TemplateUserName -server $TemplateUserDomain -Properties MemberOf|select memberof).MemberOf|Get-ADGroup -Server :3268
foreach ($Group in $Groups)
{
Write-Output $Group.Name
}
Notice I use a domain search for the user's properties and then a search in global catalog
(-server :3268) for each group. Else you eventually won't get all of the user's groups or you'll get an error if any group belongs to a different domain than the user.
For a list of groups a user is member of:
(get-aduser NameOfTheUser -properties *).memberof
For Users
Get-ADUser -Filter {name -eq $username} -Properties * | select name,description
For Groups
Get-ADGroup -Filter {displayname -eq $groupname} -Properties * | select name,description