I'm trying to write a single command in PS which lets me the AD account for all lync enabled users by samaccountname
I tried this:
get-csuser | where {$_.Enabled -eq $True -and $_.SipAddress -ne $null} | foreach-object {get-aduser -filter {samaccountname -eq $_.samaccountname}}
This however doesn't work
I know I can do this with a simple script, but the reason I need to do this on the command line is that I am using C# to invoke the above, and I don't want to create 2 powershell objects (for performance reason), so I would like to run the entire command in one powershell unit.
Any ideas how should I fix the above script?
Thanks in advance
Right, here I am answering my own question again (rather than deleting my post, incase it helps someone in the future).
It seems the property name is case-sensitive, so I need to replace:
$_.samaacountname
with
$_.SamAccountName
works like a charm after that
get-csuser | select samaccountname
Related
I have a simple script that is made to search the members of a group introduced as a parameter, and it works properly:
$param1=$args[0]
Get-ADGroupMember "$param1" | ft name,objectclass,samaccountname
But when I try to run this other script (very similar funtionality), it doesn't show anything,, just blank:
$param1=$args[0]
Get-ADUser -Filter 'Name -like "*$param1*"' -Properties LastLogonDate,PasswordLastSet | ft Name,SamAccountName,LastLogonDate,PasswordLastSet
Someone could help me, what am I doing wrong?
PD: When I run the second command manually, replacing $param1 with a letter, it works as intended.
---NEWS---
I have tried this variation of the second script and idk why but it works:
Get-ADUser -Identity "$args" -Properties LastLogonDate,PasswordLastSet | ft Name,SamAccountName,LastLogonDate,PasswordLastSet
May it be, that the option "-Filter 'Name -like "$args"'" it's what is causing all the trouble?
It's very strange because, the second script doesn't show an error, it just doesn't show nothing and goes to the next prompt line. (I have already tried to replace the $param1 with $args like in the last example and it's the same output, nothing)
Thanks in advice :))
Alex, Try this instead. Get-ADUser -Filter "Name -like '*$($param1)*'" -Properties LastLogonDate,PasswordLastSet | ft Name,SamAccountName,LastLogonDate,PasswordLastSet
import-module activedirectory
$DaysInactive = 90
$time = (Get-Date).Adddays(-($DaysInactive))
Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonTimeStamp |
select-object Name,#{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | export-csv C:\users\user\desktop\OLD_Computer.csv
-notypeinformation
This is the script I am trying to run to clean up some stale objects within Active Directory. I am tracking down computer objects that have not been logged into in the last 90 days or longer. This script works fine, but now I need to run it against a specific OU, I know I need to put a searchbase somewhere - but I am unsure where it needs to be placed.
-SearchBase ou=workstations,dc=,dc=
Thanks in advance for all your help, you guys are always great.
thanks for taking the time to respond, sorry for the people that got upset over this question. I was missing the quotes around my parameter - it works now.
I'm having the hardest time getting the following output from powershell. The console just stops at the blinking cursor like the command is running, but I wait 20 min or so, and I still have no output, both in the powershell console, as well as when I try to export as a csv. I'm using the following command:
Search-ADAccount -AccountExpiring -DateTime "01/29/2017" | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass -A | Export-Csv C:\temp
Could someone help? I've scoured the internet to no avail.
You are using format-table inappropriately. Don't use any Format-* cmdlets if you need to process the data after that point - formatting makes that impossible. Always save formatting for the very end, and only for user presentation.
Also, you're going to end up with a file in your C:\ root directory named temp that's not entirely usable as a CSV file, at least from Excel and other readers, because additional information is going to be inserted by Export-CSV. This will be eliminated by the -notypeinformation switch.
Additionally, you can speed this up by specifying the -UsersOnly switch for Search-ADAccount and skipping the where-object loop - the pipeline is really useful, but constructs like this can slow it down. Filter your data as far to the left as possible, and if you can do it inside a cmdlet that offers a filter, do it there.
Corrected script which should work as you expect:
Search-ADAccount -AccountExpiring -DateTime "01/29/2017" -UsersOnly | select-object -Property Name,ObjectClass | Export-Csv C:\temp\expiring.csv -NoTypeInformation;
Forgive me if this isn't perfect code, but this script will get you accounts expiring within the next 7 days. You can change the $DaysAhead variable to alter the time frame.
$maxPwdAge=(Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days;
$daysAhead = 7;
$dateMin=(get-date).AddDays(-$maxPwdAge);
$dateMax=$DateMin.AddDays($daysAhead);
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False -and PasswordLastSet -gt 0} –Properties * | where {($_.PasswordLastSet) -ge $dateMin} |where {($_.PasswordLastSet) -le $dateMax} | select CN,EmailAddress,passwordLastSet | Format-Table;
I've been tasked with finding service accounts (in our shop, that's user accounts starting with 'svc-' in the username) that have expiring passwords. Normally service accounts should not have expiring passwords, so I'm trying to find service accounts incorrectly created so they can be fixed.
I've been using Search-ADAccount and I'm having parameter issues. If I use this:
Search-ADAccount -PasswordNeverExpires | Where {$_.SamAccountName -like 'SVC-*'}
then I get long lists of results, none of which have expiring passwords. But if I'm including the -PasswordNeverExpires parameter, then I'm filtering out any accounts which do have expiring passwords, no?
I've also tried this:
Search-ADAccount | Where {$_.SamAccountName -like 'SVC-*' -and $_.PasswordNeverExpires -like 'FALSE' }
but I only get an error: "Parameter set cannot be resolved using the specified named parameters." That sounds like Search-ADAccount requires certain parameters, but I don't see in the help files which parameters are required.
It's counter-intuitive (to me) that Search-ADAccount has a parameter which can search for one Boolean condition (TRUE) but not the other.
Get-ADUser doesn't seem to have any password configuration info.
Yes, Trondh. That's it. I first looked at Get-ADUser, but the help files didn't mention anything about the PasswordNeverExpires parameter, and piping a single result into Get-Member didn't reveal any relevant property to search against.
In sum, this is the one-liner that worked:
Get-ADUser -filter {PasswordNeverExpires -eq $False} | Where {$_.SamAccountName -like 'SVC-*'}
Thanks again.
I would just use get-aduser (need to clean up the filter param, I just banged this together in my head):
$adusers = Get-ADUser -Filter * -Properties * | where {$_.PasswordNeverExpires -eq $false}
did you try $_.PasswordNeverExpires -eq $false?
How can I add multiple computer accounts from within a text file into a security group in Active Directory? I put this snippet of code together but it only works with user accounts.
Import-Module ActiveDirectory
Get-Content C:\Servers.txt | Foreach-Object {Add-ADGroupMember "WSUS Auto Download and Notify for Install" $_}
The command you are looking for is Add-ADPrincipalGroupMembership.
Get-Content c:\servers.txt | Add-ADPrincipalGroupMember -memberof 'WSUS Auto Download and Notify for Install'
If you need to add the "$" at the end of the computer name, your command could use a scriptblock parameter (an anoymous function that can modify pipeline input).
Get-Content c:\servers.txt | Add-ADPrincipalGroupMember -memberof 'WSUS Auto Download and Notify for Install' -identity {"$_$"}
I use -Identity $_.objectGUID
$_$ didn't work for me.
EDIT: Ah, sorry, that's because I use Get-ADComputer to pipe it, and not a text file.
I had similar task found info on this link worked for me,
Run it in powershell as admin
Import-Module ActiveDirectory
$List=Get-Content c:\computers.txt
$List | foreach {Add-ADGroupMember -id ADGroupName -MEMBERS (Get-ADComputer $_)