Hi I'm having some trouble getting the information on who joined the computer to the domain.
I can use this code but this is to be used by some non-administrative users that dont have access to the Powershell ActiveDirectory module.
Get-ADComputer myComputer -Properties ntSecurityDescriptor | Select ntSecurityDescriptor -ExpandProperty ntSecurityDescriptor
It's the owner property I am interested in here.
But now to the real deal
I need to make it work with ADSI
$Computer = [ADSI](([ADSISearcher]"(name=myComputer)").FindOne().Path)
$Computer.nTSecurityDescriptor
System.__ComObject
How do I "expand" the properties of the nTSecurityDescriptor using ADSI?
Powershell is smart enough that it will try to show you the best representation of an object with the most common properties it thinks you will need. Sometimes though you need to get the raw object underneath which you can do by using the PSBase property. Here's a link to Jeffrey Snover talking about it. Try this
$Computer = [ADSI](([ADSISearcher]"(name=myComputer)").FindOne().Path)
$Computer.PsBase.ObjectSecurity.Owner
Related
It might look silly but I'm struggling with finding user with Powershell by providing his full name and his manager full name. Purpose of script is to get SamAccountName and Email Address by using mentioned values which are provided by other team (these are the only unique values I get - getting user by Full Name is not any kind of problem, but it's possible that it'll return multiple results, and that's why Manager Full Name would determine appropriate result).
First I was using simple command
Get-ADUser -server $gc -Filter { (CN -eq $uFullName) -and (extensionAttribute4 -eq $mFullName) }
It worked great, but unfortunately I noticed that not all accounts use extensionAttribute4 to hold manager full name. I thought of using Filter on manager property but when I tried to use (Manager -like "*value*") it returned that like operator isn't supported by this attribute.
I'm still trying to find solution for this but maybe someone will have some solution to this situation.
Thank you in advance.
As per the subject, I'm trying to get the name of a property and the value assocaited with that property, for a specific mailbox.
So, the line below gets me a nice list of the available object properties, and a default column displayed in the output has the heading 'Name'
Get-Mailbox -Identity "Person Name" | gm
I then want to say something like:
For the object: "Mailbox of Person Name"
Where the property of "Mailbox of Person Name" has a name like 'quota'
List both the actual property name and it's value for "Mailbox of Person Name"
I've tried a number of things using -ExpandProperty/Select-Object/Where-Object but they're all failing. I'm sure this is pretty basic, but Powershell is definitely not my strength. Can anyone show me how to structure this pipeline correctly?
You do not need to use Where-Object, only Select-Object:
Get-Mailbox -Identity "Person Name" | Select-Object -Property *quota*
You seem to have used the correct commandlets. Where-Object filters. Select-Object selects specific properties.
From my experience, sometimes what you see on the console doesn't match the actual property name because there is a formatter that can even change the column name. If you you drive the Where-Object and Select-Object with that virtual property name then they do fail. Also sometimes, the output is not really a recordset that works well with these cmdlets.
My advice is to always check the type of an object when things go strange. Starting from $items=Get-Mailbox -Identity "Person Name".
Then $items.GetType() reveals the actual .net type.
Then $items.Count reveals if it is actually an array or a single object.
Then $items|ForEach-Object {$_.GetType()} reveals the type of each object.
Also the $items|Get-Member is very helpful to figure out the property names. If necessary use it also within your loop.
That is how I troubleshoot strange behaviors and if you can post your findings and the code you tried with Where-Object and Select-Object that would be a great help.
So I have an interesting script I am trying to figure out, basically I need to change a custom attribute value to a new one. The problem is its for both users and computers and not specific to the groups. So for instance the value might be Billing1 for several users in an OU and this need to be Billing2. So I need to find any instance of the Value of Billing1 and change it to Billing2 not knowing the user or computer object. I can successfully change one at a time if I know who the user is by using Set-ADUser, Set-ADComputer and even with Set-AdObject but I need to figure out a Find and replace function.
I have searched for this and I have found examples of where I can use CSV for users and computers but again I don't know who has what since the value in the attribute can vary and also changes if a reorg happens.
got the correct script...
Get-ADComputer -Properties enterattributename -Filter {enterattributename -like "value to search" } |Set-ADComputer –replace #{ enterattributename =”value to change”}
this also can be applied to Get-ADUser and Get-ADObject
I'm trying to create a script that will remove the mobile phone partnership from a user in Exchange 2010. My plan of implementation was to use Get-ActiveSyncDeviceStatistics to find the identity of the mobile device then use Remove-ActiveSyncDevice to remove it. However, I cant seem to get the identity into a variable. I've tried 2 methods that done seem to work which are
Method 1:
$UserMailbox = Get-ActiveSyncDeviceStatistics -Mailbox R68Fred
Remove-ActiveSyncDevice -Identity $UserMailbox.identity -Confirm $true
Method 2:
Get-ActiveSyncDeviceStatistics -Mailbox R68Fred | Select-Object -Property "Identity"
I'm still fairly new to Powershell so I dont know if my plan of attack is correct so I appreciate any advice in the matter.
You should instead use Get-ActiveSyncDevice cmdlet, this gets you the device identity. You can still filter on Get-ActiveSyncDeviceStatistics to get only those devices that are deemed inactive based on say LastSuccessSync property.
In PowerShell, I already know how to use DirectoryEntry and DirectorySearcher to get a list of users in a certain OU. The results of this method are mostly what I am looking for in AD, but it seems easier to get the same information by using a WMI query Win32_UserAccount. I like the properties of this class better and the SID is already in the correct string format (in the first method it needs to be converted from a hex byte array to string).
The problem I have with using Win32_UserAccount is that I cannot find a way to filter it by an OU. I can successfully filter by domain and name, and have tried several guesses with WQL, but can't seem to find any syntax for an OU filter. Most of my attempts result in "Invalid query." The following is an example of a query that works:
$user = gwmi Win32_UserAccount -filter "name='somebody' AND domain='mydomain'"
If there is no way to filter this by OU then I will go back to using the DirectoryEntry/DirectorySearcher.
Given that there are no LDAP related properties for the Win32_Account class I think you're out of luck unfortunately.
You could of course use this to get the SID in the format you want in addition to the directory searching to get the LDAP related data.
Are you familiar with the free AD cmdlets from Quest?
http://www.quest.com/powershell/activeroles-server.aspx
You can filter users based on OU and get the SID in various formats:
PS> Get-QADUser SizeLimit 0 -SearchRoot <OU_DistinguishedName>' | fl *sid*
objectSid : 0105000000000005150000006753F33372134F3FF673476FF4023001
Sid : S-1-5-21-54781788-1045369324-1866953526-501
(...)