Sorry for the simple (newbie) question - but I have a Perl script using WIN32API::NET.
I have a list of user account cn= values.
Is there a WIN32API::NET command that will give me the sAMAccountName for a cn= ?
Do you have any issues using net::ldap instead?
Perhaps you could take a look at some examples here:
http://metacpan.org/pod/Net::LDAP::Examples
Just plug in the attributes you have and the attributes you need in the relevant locations.
Related
I'm trying to get away from using the Quest tool AD snap-in and need help re-writing a PowerShell script that updates AD group members based on if they are in an OU or not. Can someone help?
Examples of how it is coded currently to the snap-in.
$null=Get-QADUser -NotMemberOf "Domain\Group-A" -SearchRoot "OU=Users,DC=Test" | Add-QADGroupMember "Domain\Group-A"
$null=Get-QADComputer -NotMemberOf "Domain\Group-B" -SearchRoot "OU=Computers,DC=Test" | Add-QADGroupMember "Domain\Group-B"
Depending on availability (and permissions) there's the RSAT ActiveDirectory powershell module providing cmdlets like Get-AdUser -LdapFilter ... -SearchBase ... that you can use to achieve this.
Syntax is more verbose - for example, it doesn't care for RDN -- but is still rather brief.
Without the ActiveDirectory module you need to set up and implement your own LDAP queries using System.DirectoryServices and System.DirectoryServices.ActiveDirectory.
This will be (very) verbose but it will work on any windows machine that's in active support.
Major difference to what you have right now is that you can't just -NotMemberOf <AdGroupPrincipal>. Instead, you'll have to use LdapFilter, memberof attribute and a distinguished name (FQDN rather than RDN) to identify the group you want the member of. Then negate the result for something like
(!(memberof=cn=GroupName,OU=groupOU,DC=my,DC=domain,DC=lan))
If you prefer to stick to one/two liners then you'll probably want to keep using Quest. Especially if using RSAT ActiveDirectory module is not a viable option you're likely to get hundreds of lines rather than the two.
Had a quick and hopefully easy question for you guys. I've tried googling and searching but I haven't been able to find much info.
We've been asked to try and streamline and improve some scripts we have. I was trying to convert some Get-Recipient commands to the newer and quicker Get-EXORecipient module.
I'm having some issues with the below though and would appreciate any help or advice:
As part of one of my scripts, I use the below command to find a specific DDL. This works fine
$var1 = Get-DynamicDistributionGroup -Identity "DDLName"
The issue I have is trying to get details from this DDL using the new module
Extract of old code which works but is quite time consuming depending on the size of the DDL
$var2 = Get-Recipient -RecipientPreviewFilter $var1.RecipientFilter
The new code I'm trying which spits out an error
$var2 = Get-ExoRecipient -RecipientPreviewFilter $var1.RecipientFilter
The error I get from the above is "Get-ExoRecipient : RecipientPreviewFilter is not a supported parameter"
I haven't been able to find out how to apply the DDL filter to this command, I tried putting the entire filter in as a string but that didn't work either. That wasn't an ideal solution as the filter may change on the exchange side.
Would appreciate any help on this one!
Thanks
According to the Get-EXORecipient documentation, the -RecipientPreviewFilter parameter has been reserved for 'internal Microsoft use'.
You should be able to use the -Filter parameter instead though like this:
Get-ExoRecipient -Filter "Title -eq 'Teaching Staff'"
However, the format of the filter returned by the dynamic distribution group may differ slightly and require some changes before it can be used with -Filter
I have been working on an issue and I was able to get done what I need to get done in a relatively decent and acceptable way but I am curious as to why I ran into some of the problems I did.
I'm not too savvy with PowerShell or C# but I have some experience with Java, C++, and a few others. So, if I overlook something really simple, you'll have to forgive me. I'm not looking for a critique of my solution, just some insight into some of the blockades I came across.
What I needed to do was use Powershell to query an LDAP setting. I needed to know MaxConnIdleTime and I needed that either assigned to a variable or accessible through a subroutine [sic] (ex $ldapPolicies.MaxConnIdleTime) so that I could run it through a conditional statement.
Here is how I accomplished it:
$ldap = Get-ADObject -SearchBase "CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=$ENV:COMPUTERNAME,DC=$dc" -Filter 'ObjectClass -like "queryPolicy"' -Properties ldapadminlimits
$ldap = #($ldap.ldapadminlimits)
$ldap | %{
if($_.startswith("MaxConnIdleTime")) {
$match = $_
}
}
I tried NTDSUtil.exe, however, I couldn't redirect the "Show Values" to a text file to read from later and I couldn't write it to a variable in PowerShell.
I tried Start-Transcript and then ran NTDSUtil but it only recorded what occurred within PowerShell and not what happened in NTDSUtil.
Also, I tried giving all of the commands to NTDSUtil at once (NTDSUtil "ldap policies" "connections" "connect to server $ENV:COMPUTERNAME" q "Show Values") but PowerShell doesn't show anything in the console and I have press the exit sequence to return back to PS>.
I know that I could use LDP but I'm not too familiar with ADSI. Research appeared to say that going about attempting to get an LDPdump is a bit antiquated and I pretty much abandoned that attempt.
One of the issues that I had that caused me a small bit of frustration (and the reason I am asking this question) is why can I not search an array and find the index of an item using a wildcard? I tried doing this:
$ldap.IndexOf("MaxConnIdleTime*")
AND
$ldap.IndexOf($ldap -like "MaxConnIdleTime*")
but it always returned -1.
It would work correctly if I tried:
$ldap.IndexOf("MaxConnIdleTime=100")
given that the value was indeed 100. But I am validating that the value was correct.
I know that I could just do something like this:
if($ldap -contains "MaxConnIdleTime=100") {
DO SOMETHING...
} else {
DO SOMETHING ELSE...
}
Why is it that I can't search an array using a wildcard operator? There was no ambiguity, so, it should have worked, right?
I'm not looking for a critique of how I accomplished this, I'm just wanting to understand why it behaved like it did.
Thanks.
I don't think there's a straightforward "search an array by wildcard and return an index" cmdlet, method, statement, etc. in PowerShell.
.IndexOf is not designed to work with a wildcard.
When you used the -like operator on the array, you likely found only a single matching object, but -like returns an array of matches when used on an array.
Passing the array into .IndexOf() then looks for an array element that is itself an array, even if that array only has one object.
This would work:
$ldap.IndexOf(($ldap -like "MaxConnIdleTime*")[0])
As long as you always wanted to find the first one.
I need to find a way to check mailbox size and items count under PowerShell, but without using exchange snapin/module.
Normally this command would look like this:
Get-MailboxStatistics "XXX" | ft TotalItemSize, ItemCount
My goal is to checked those things without exchange specific commands. I don't have much knowledge about ADSI, but maybe this is the key to solve this.
Does anyone have any idea?
I apologize in advance if this is something simple, but I've been researching for a few days now and unable to resolve on my own or find another route to explore.
Essentially I have the below which works and returns exactly what I need:
([adsisearcher]'(&(objectClass=user (samaccountname='*dland*'))').FindOne().Properties['samaccountname']
which returns the username containing dland in it. I want to replace the dland with a variable ($usrNme1), but it errors out with "Unexpected token '$usrNme1'))'' in expression or statement."
I was able to get it working locally with using the ActiveDirectory module using the following:
Get-ADUser -Filter {SAMAccountName -like $usrNme1} | select-object -Property SAMAccountName
But unfortunately I cannot use that against other computers in this environment and have to find another way and this is as far as I've gotten to finding a replacement.
Any assistance here would be greatly appreciated :) This is the last piece of the puzzle for me and its frustrating being so close and not being able to figure it out! Thanks in advance for taking the time :)
Edit: Forgot to comment, this script is going to be pushed out and run locally on windows 7 machines, which is part of the reason why I can't use Get-ADUser.
Thanks,
David
Your query is a little malformed as it is missing a bracket after user but you can put variables in the string easily like in the following example. Variables placed inside double quotes will expand just fine* (Most of the time. Object parameters require subexpressions).
$accountname = "mcame*"
$query = "(&(objectClass=user)(samaccountname=$accountname))"
([adsisearcher]$query).FindOne().Properties['samaccountname']
Note: if you look at this question you will see issues doing the wildcard search that your are. If you have a large organization you might need to reconsider using leading and trailing asterices or whatever the plural is.
You original query
Aside from the bracket the reason it was not working was since you were using the single quotes. If you look at this resource it goes on to say
Comparative strings do NOT appear in quotation marks. A filter for the
displayName 'Philipp Foeckeler' would read as follows:
(displayName=Philipp Foeckeler).
Query should have worked without those inner quotes.
Try this:
$foo = '*jsm*'
([adsisearcher]"(&(objectClass=user) (samaccountname=$foo))")