Change workstation OU without AD tools in Powershell - powershell

Right now I have a pushbutton tool, which is basically a fancy GUI that calls the DSMOVE command.
Is it possible to change a workstation account to another OU (in powershell natively) without actually having the AD tools for powershell installed? I do have the syntax to be able to see what OU I am in, but I can't find a way to change it. I'd like to cut out the DSMOVE executable.
The next question would be, how do I?

Without any tools (or error checking, or anything similar):
$User = [adsi]'LDAP://CN=BielawB,CN=Users,DC=monad,DC=ps1'
$User.MoveTo('LDAP://OU=Destination,DC=monad,DC=ps1')
Obviously, it would be wise to wrap it in some function and add some checking/ error handling.
I've used user object, but that's not different for any other AD object...

Related

Pass arguments to application hosted by Appv but run up via Citrix

ok I'm no expert in this so I might explain wrong. We are trying to find a way to pass parameters to an app in appV but is launched by Citrix SelfService. So I guess when you have apps in appv you tell it you want to call an app by calling ctxAppVLauncher.exe and then pass it an app key of like "asdasd-123asd-asdd1234" etc etc... so to do that via Citrix selfservice you use the exe box for the txAppVLauncher.exe and then your params are the key... which then leaves you no where to pass in arguments for your real endpoint which for example you want to be notepad.exe but you want to pass notepad a text file path as an argument to auto open... there is no way to do that... at least none that we can find..
anyone have any experience with this ?

Detect in script whether being run via normal PowerShell window, or Exchange Management Shell

Does anyone know of a way to detect within a PowerShell script if it's being run from within a normal PowerShell window or from the Exchange Management Shell?
Some functionality that works in one doesn't work in the other, or produces different results, so I want to detect which UI the user is using to run the script, and then where appropriate direct them to use the other.
Thanks to #mklement0 for the suggestion
Confirmed his solution works, eg :
$isEMS = [bool] (Get-Command –eq Ignore Get-ExCommand)
if ($isEMS)
{ Write-Host “Using EMS” }
Else
{ Write-Host “Using normal PS }
Also checked and confirmed this works even if you’re using the Exchange snapin (eg Microsoft.Exchange.Management.PowerShell.Snapin) in your script in the normal PS window, so the query only seems to pick up if you’re using the EMS specifically, not that you’re working with Exchange in general which is what I was after.

Issue in removing user to a mailbox Exchange Server 2010 (set-mailbox remove)

I tried with many options like checking add/remove permissions users to the others mailbox users, but its not working.
I executed below command in my Exchange Management Shell :
Set-Mailbox 'mailboxname' –GrantSendOnbehalfto #{ Remove="john#ncbb.com","kim#fghgh.com" }
error: the command completed successfully but no settings of 'mailboxname' have been modified.
The error that you have listed isn't really an error, it's more of a warning. It's not telling you that it can't do something, it's just saying the parameters you provided don't exist.
I recently wrote a script that had the same issue, and I just had to mess around with it. Mine ended up needing the sAMAccountname instead of email or surname/givenname. In other words, instead of using 'test.account#abc.com', it wanted TAccount which was the username.
It may help to dig into your AD, or install an LDAP browser or AD Explorer to see what your organization names things. When I did this, I found out that half of the things I was calling in my scripts by name was completely incorrect just because of the naming convention.

Add entire group to active directory

I'm trying to create a script that queries active directory for a group named $server-Administrators, checks to make sure if the group is in local admins, and if not in local admins adds the group to local admins. I know that get-ADGroup allows you to easily check for if there is an administrator group, however I'm not sure how to add an entire group to AD. I'm aware of add-ADGroupMember, however I don't think that is the cmdlet that would let me add an entire group to active directory.
$serverName = hostname
$query = get-adgroup administrators
if ($query == false){
#add group to local admins
}
Does anyone know of a way to add an entire group?
Since it doesn't look like you're trying to work through a problem (you don't really show any attempts to solve the issue yourself, and only have pseudo-code shown), I'll just give reference to what will solve the question without doing much real work myself.
I flexed my Google muscles and searched for 'powershell local administrators group' and the 6th result showed me the answer to your question (second thing I clicked on, because I can't help but read the Hey Scripting Guy! site first).
Use Jaap Brasser's script from the TechNet Script Gallery. The work has already been done, there's no need for you to re-invent the wheel here. Save that script, then run it as described in the in-script help.
.\Get-Set-ADAccountasLocalAdministrator.ps1 -Computer 'Server01,Server02' -Trustee YourDomain\Server-Administrators

Unlocking Locked Out accounts using PowerShell (not with Quest AD cmdlets)

I'm writing a GUI tool using PowerShell that is able to do most AD related tasks with just a user name and button click. I've done all the usual ones (Create / Remove Users, Create / Remove Security & Distribution Groups, Resetting Passwords, etc) but can't find away of unlocking a "Locked Out" account.
I'm trying to do this without using Quest AD cmdlets as I want a more stand alone solution. So I'm wondering whether is possible with plain PowerShell (1.0 or 2.0) in a Windows 2003 Domain.
Many thanks.
Set the lockoutTime property of the DirectoryEntry to 0.
Sample:
$x = [ADSI]'LDAP://SomeDN'
$x.lockoutTime = 0
$x.CommitChanges()
$x.Close()
Been out of the AD world for a few years. I haven't worked with PowerShell at all but does the link below offer what you're looking for?
http://dmitrysotnikov.wordpress.com/2007/08/14/enable-disable-unlock-user-accounts/