I have a requirement to test each Domain Controller in a very large AD schema to assure that user creates are successful. I am building a script to do this in PowerShell so I can repeat the test as necessary. The script will create a user in each AD, and then check the public properties of the user on each DC to assure the creation was successful.
The input to this script will be a text file of DC names.
The Active Directory Cmdlets has New-ADUser, which creates a new AD user. It does not, however, allow the developer to specify a specific Domain Controller.
Is there a way to create an AD user using a specific Domain Controller?
Almost all cmdlets in the ActiveDirectory module have the ability to target a specific DC.
For New-ADUser use the -Server parameter. See the MDSN documentation
Related
is there a complete Script for an export and import OU Sturcture, AD User, Groups and Membership from one Domain to other. Like from Prod to Test.
I´m looking for something in powershell, as I know, the password are not possible, but thats ok.
Export-
Ou Structure
Users with all attributes
Groups
Groupmembership
This is no complete Powershell script. You can how ever use the Microsoft AD migration tool atet will allow you to do what you need
https://www.microsoft.com/en-us/download/details.aspx?id=56570
I'm trying to answer what I hope is a simple question. I have a device enrolled in AzureAD and autopiloted. Using the IntuneManagementExtenstion I'd like to acquire the FULL user name of the user currently logged in to use elsewhere in scripts. I cannot see a way of doing it.
All the example I can find return either the short name, or the AzureAD domain and the user name for example:
Tenant is mytestdomain.onmicrosoft.com
User is mytestuser#mytestdomain.com
most methods if you just google or search stackoverflow will return either:
AzureAD\mytestuser
or
mytestuser
I need one that returns the full mytestuser#mytestdomain.com. This is because the tenant has several vanity names so I need to determine which one is logged in (for example mytestuser#mytestdomain.com is a different user account to mytestuser#mytestdomain2.com or mytestuser#mytestdomain3.com). Therefore, I can't just append my tenant name on the end of the output other methods.
Any thoughts appreciated. Methods that require installation of msol/azuread modules don't seem to work as they require user login, which defeats the point, and as it's being run by the intune management extension, the user can't interact anyway.
Thanks
I'm a little busy to test this right now, but it should do the trick.
You can have Intune run a Powershell script. This command will return the full user account name in the format you've described.
whoami.exe /UPN
Since you've stated you want the user who is logged in already. When you are configuring the settings in Intune, make sure to select the option to "Run this script using the logged on credentials".
This line will return UPN from domain join info in registry.
Must be run with admin priveleges
[string]$($1='Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\JoinInfo\';if(Test-Path -Path $1){(Get-ItemProperty -Path ('{0}\{1}' -f ($1,(Get-ChildItem -Path $1).Name.Split('\')[-1])) -Name 'UserEmail' | Select-Object -ExpandProperty 'UserEmail')}else{''})
I run a script to get permissions to a file share.
Recently i've had to add permissions from users in a separate domain.
Now when i run the script, the script returns the SID of the users, rather than their names. However if i go into the NTFS properties, the UI shows the names.
I assume since it takes awhile for NTFS to actually reference the SID to the name before it shows the name (as initially it too only shows SID) - that the script is just running and pulling the data without waiting for reference... but i don't see a 'busy' member for the get-item cmdlet...
And unfortunately since i don't have access to the other domain, i wouldn't be able to run another command to get the user names from the SID.
If push comes to shove i'll either have to get access to that domain, or run the script under an account that does - but i was just wondering if there was something i could do in my current position.
Any ideas?
((((Get-Item "D:\shares\sharelocation").GetAccessControl('access')).Access).identityreference).value
We have a requirement to create new AD users through perl using NET::LDAPS.
The new user needs to be a copy of an existing user.
On the Active Directory GUI (dsa.msc), we would simply select the existing user and create a copy with new username and details. This copies all attributes including groups the user is a member of.
Is there similar code using LDAP that would copy all attributes of an existing user into a new user(including groups).
Alternatively, do we need to first create the AD user and then add the user to existing groups. In this case, how do we find out the groups that the existing user is a member of?
No, you have to update the directory manually. Keep in mind that perl-ldap is a library for the protocol LDAP and not for Active Directory which is just one application for LDAP.
And, by the way, it's Net::LDAPS, not Net::LDAP. The latter will only work on case-insensitive file systems.
I want to automate the steps for creating a new Office 365 tenant and I would like to know if it's possible to brand an Office 365 tenant with powershell. For example saving the banner and logo pictures in a local folder and upload them to Office 365 with powershell. Is that possible?
You can not automate the whole tenant creation process using powershell;
Powershell and all other APIs requires the tenant to be created at first place, so you can connect to it and hence start playing around with remote powershell.
you will need to add custom domain (the one will be used and assigned to all O365 services), this requires adding txt DNS records apart of the domain ownership validation, thankfully managing doamins using powershell is something doable, please check this reference for complete information
Inspecting the MSOnline reference page (the one has all powershell module commands), there is no command that allows you to customize the sign-in page look using powershell, check this reference please.