I have a script to output names for a report so I'm trying to use
Get-ADUser -Filter * -SearchBase "OU=Staff,DC=solutions,DC=local"
-Properties GivenName, Surname | Export-Csv -NoType $filepath;
It works fine but it returns a csv file with extra unwanted fields
It should only return GivenName and Surname, however it returns:
DistinguishedName
Enabled
GivenName
Name
ObjectClass
ObjectGUID
SamAccountName
SID
Surname
UserPrincipalName
Some properties are returned by defualt. -Properties is used to specify the properties you need to make sure that they are included if they're not part of the default properties.
To only export the properties you need, run your data through Select-Object before exporting, like:
Get-ADUser -Filter * -SearchBase "OU=Staff,DC=solutions,DC=local" -Properties GivenName, Surname |
Select-Object GivenName, Surname |
Export-Csv -NoType $filepath
I usually use a pattern like this:
$Props = #(
'GivenName',
'SurName'
)
Get-ADUser -Filter * -SearchBase "OU=Staff,DC=solutions,DC=local" -Properties $Props |
Select $Props | Export-Csv -NoType $filepath
Then just change/rearrange the properties to select and the order to output them in the $Props array.
Related
I am working on a powershell script together which will
query an existing OU
select the first and last name, samaccountname, and objectguid, of all users in the OU
Take the objectguid of each user and convert it to a base64string (immutableid)
output the results in a table format with users' first and last name, samaccountname, objectguid, and immutableid, sorted in alphabetical order by users' firstname.
The below script works just fine if I wanted to pull the base64string for one user at a time:
Import-module ActiveDirectory
$UserSamAccount = Read-Host "Provide SamAccountName of a user"
$User = Get-ADuser $UserSamAccount -Properties * | select ObjectGUID
$ImmutableID = [convert]::ToBase64String(([GUID]($User.ObjectGUID)).tobytearray())
Write-Host "ImmutableID for user $UserSamAccount is:" -ForegroundColor Cyan
$ImmutableID
Any help with this will be most appreciated. Thank you in advance!
If I understand correctly your need the following should do the trick. It uses [pscustomobject] to construct your desired output and a ForEach-Object to process each object from the pipeline:
Get-ADUser -Filter * -SearchBase "OU=myOU,DC=myDomain,DC=xyz" -SearchScope OneLevel |
Sort-Object GivenName |
ForEach-Object {
[pscustomobject]#{
GivenName = $_.GivenName
Surname = $_.Surname
SamAccountName = $_.SamAccountName
ObjectGuid = $_.ObjectGuid
ImmutableId = [convert]::ToBase64String($_.ObjectGuid.ToByteArray())
}
} # | Export-Csv path\to\myExport.Csv -NoTypeInformation <= Can pipe this to export later :)
You could also use Select-Object with a calculated property (might be simpler but harder to read):
Get-ADUser -Filter * -SearchBase "OU=myOU,DC=myDomain,DC=xyz" -SearchScope OneLevel |
Sort-Object GivenName |
Select-Object GivenName, Surname, SamAccountName, ObjectGuid, #{ N='ImmutableId'; E={ [convert]::ToBase64String($_.ObjectGuid.ToByteArray()) }}
This is what I have so far:
Get-ADUser -Filter 'Department -like "*"' -Properties * |
Select -Property DisplayName,GivenName,Surname,Title,Department,Office,OfficePhone |
Export-CSV "C:\ad-users.csv"
You can use a Where-Object clause to filter on the users OU
# fill in the DistinguishedName of the 'Disabled Users' OU here
$ouToExclude = 'OU=...'
# Get-ADUser by default returns these properties:
# DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
# so you only need to ask for extra properties not already in this list
Get-ADUser -Filter "Department -like '*'" -Properties DisplayName,Title,Department,Office,OfficePhone |
Where-Object { $_.DistinguishedName -notlike "*$ouToExclude" } |
Select-Object DisplayName,GivenName,Surname,Title,Department,Office,OfficePhone |
Export-Csv "C:\ad-users.csv" -NoTypeInformation
I believe you could do it this way using -LDAPFilter, first you need to query the OU to Exclude and get it's DistinguishedName then you can query all users and filter them where their DistinguishedName does not contain the OU to exclude.
NOTE: This assumes there is only 1 OU with Name Disabled Users. If there are more OUs with the same I would recommend you to hardcode the DistinguishedName of the excluded OU in $ouDN.
It's also worth noting that querying all attributes (-Properties *) for all users is highly inefficient, you should always query only the attributes of interest (-Properties attrib1, attrib2, etc).
$properties = #(
'DisplayName'
'GivenName'
'Surname'
'Title'
'Department'
'Office'
'OfficePhone'
)
$ouToExclude = 'Disabled Users'
$ouDN = (Get-ADOrganizationalUnit -LDAPFilter "(Name=$ouToExclude)").DistinguishedName
Get-ADUser -LDAPFilter "(Department=*)" -Properties $properties | & {
process {
if($_.DistinguishedName -notlike "*$ouDN") { $_ }
}
} | Select-Object $properties | Export-Csv "C:\ad-users.csv" -NoTypeInformation
My goal is to list extended properties of a list of users by Display Name or SamAccountName pulling those names from a Csv. I am using the following script and it works but it either skips names in the Csv or repeats them. If I do one at a time it returns what I need but from the Csv it doesn’t. Csv has one column named Name.
Import-Csv C:\Users\Administrator\Documents\test.txt | Foreach {
Get-ADUser -Filter "DisplayName -eq '$($_.Name)'" -Properties *
} | Select-Object DisplayName, SamAccountName, Title, Department, EmailAddress, ObjectGUID | Sort-Object Displayname | FT
There is nothing wrong with your current code, except for using Import-Csv on a .txt file (test.txt), I would assume this was a typo. I've added an if condition to help you troubleshoot so at least you would know which users where not found.
You should also avoid the use of -Properties *, querying all properties for the users is inefficient and slow.
$properties = #(
'DisplayName'
'SamAccountName'
'Title'
'Department'
'EmailAddress'
'ObjectGUID'
)
Import-Csv C:\Users\Administrator\Documents\test.csv | ForEach-Object {
$adUser = Get-ADUser -Filter "DisplayName -eq '$($_.Name)'" -Properties $properties
if(-not $adUser) {
Write-Warning "'$($_.Name)' could not be found on AD"
return # Go next
}
$adUser
} | Select-Object $properties | Sort-Object Displayname | Format-Table
$csv = Get-Content "ListOfNames.csv"
foreach($item in $csv){
Get-ADUser -LDAPFilter '(cn=$item)' -Properties * | Ft sAMAccountName, givenName, emailAddress
}
I'm new to powershell,
I'm trying to enter a list of users only by names by their cn parameter
I don't get any result, but when I enter a name instead of $item it works great...
What am I missing here ? can't I enter an array in the -LDAPFilter?
Thanks in advance
You need to use double quotes in this case for the variable to be able to expand
$csv = Get-Content "ListOfNames.csv"
foreach($item in $csv){
Get-ADUser -LDAPFilter "(cn=$item)" -Properties emailaddress |
Format-Table sAMAccountName, givenName, emailAddress
}
Also note that emailaddress is the only property from your desired output not returned by default. Try to avoid -Properties * unless you need all those properties.
It looks like a string formatting issue to me.
Try this:
$csv = Get-Content "ListOfNames.csv"
foreach ($item in $csv) {
$filter = [string]::Format("'(cn={0})'", $item)
Get-ADUser -LDAPFilter $filter -Properties * | Ft sAMAccountName, givenName, emailAddress
}
I'm trying to use a list of usernames to perform a simple get-aduser command. It works fine for a single user, but I can't input a file to perform this for a list.
This command works fine for a single user:
get-aduser -identity myusername -properties passwordlastset, passwordneverexpires |
sort name | ft Name, passwordlastset, Passwordneverexpires | out-file c:\PS\Output.txt
This works fine, but rather than use -filter * for all AD or identity pointing to a file, I am completely lost. I have tried doing a get-content and link to a file but I'm just getting into a pickle.
If I have a text file with a list of usernames in, how do I run the above command against that single text file list, rather than all of AD?
As a side query, is there a way that I can perform the above command, but for a specific OU?
If you have a list that isn't an object, either import it to an object or iterate over the values
Try something like:
$Userlist = Get-Content -path 'c:\temp\test.txt'
$Results = $Userlist | ForEach-Object {
Get-aduser -identity $_ -properties passwordlastset, passwordneverexpires
}
$Results | sort name | ft Name, passwordlastset, Passwordneverexpires | out-file c:\PS\Output.txt
This will work as long as you supply valid SamAccountNames in your list
I would do it this way. You can pipe in identity byvalue. You can import the csv later and get objects back.
get-content userlist.txt |
Get-aduser -properties passwordlastset, passwordneverexpires |
sort name |
select Name, passwordlastset, Passwordneverexpires |
export-csv users.csv
# searchbase example
get-aduser -filter 'name -like "j*"' -SearchBase 'OU=People,DC=stackoverflow,DC=com'