Displays the date of account expiration - Windows Server 2003 - command-line

I'm using following command:
dsquery user -limit 0 | dsget user -display –samid –acctexpires –disabled
But I get this message
Value for 'Target object for this command' has incorrect format
What is the correct syntax?

I ran into these issues all the time. It is because the people that are creating objects in AD do not follow what Microsoft considers as standards for naming objects and placing objects properly. What I typically have to do to get around this is to break it up into pieces and work on it iteratively. For example above I would create a text file of just the DSQuery command by doing this:
DSQUERY user limit 0 > Results.txt
Now that you have all the user objects in a text file you can run the above command using:
Type Results.txt | Dsget user -display –samid –acctexpires –disabled > NewList.txt
By looking at the very bottom of Newlist.txt you can see that last "successful" record that was retrieved. Go back to the Results.txt file in Notepad and search for that record and look at the record below it. You will need to delete the record (or make a change in AD and start all over). If you delete the record just run the same DSGet command above and keep going until it runs all the way through with no errors.

Related

Passing previous Powershell command properties into a piped command

Can someone show how to pass a property from one Powershell command into the next piped command (in order to pull properties from both levels of the request)?
I need to get archive mailbox sizes for users in Exchange Online. An example of this is here:
Get-EXOMailbox | get-MailboxStatistics -archive | select displayname,totalitemsize
When you run this, obviously you are grabbing properties from the second command. I need to also grab the identity property tied to Get-EXOMAilbox, the first command (which shows the user's active mailbox and is useful for subsequent actions.
Thanks!
As Doug Maurer suggests, you might want to take advantage of the -PipelineVariable common parameter:
Get-EXOMailbox -PipelineVariable mailbox |Get-MailboxStatistics -Archive |Select #{Name='DisplayName';Expression={ $mailbox.DisplayName }},TotalItemSize

How to create specific user log files in PowerShell?

I know there are question that is already answered however those are the log files I don't need and I can't get it to work. This part of PowerShell is something I didn't learned yet. I'm trying to do the following: I wrote a script to create users, mailboxes, folders etc however I want to enable a log file, just simple and plain.
Something only certain people can access and where the log files have the following info, for example: PSmith created on 01/29/2019 the user account JDoe.
How can I do this? I tried a lot found online however I have to rewrite my whole script for some to work.
Easiest option: you can enable transcript which would log every single command that is entered at the console potentially creating a huge file but you would have to filter for the specific messages yourself.
There are tools like microsoft orchestrator that would run your script and log the results automatically but those are expensive other than that you would pretty much have to build the logging yourself.
My suggestion would be to send the message to the windows event logs. This way you dont have to manage the log files, windows does it for you with date and time stamps. This would also make it audit and query friendly.
I believe you need something like this, if not please provide more code.
$creator = (get-aduser $env:username | Select Name).Name
$date = get-date -UFormat "%d/%m/%Y"
I believe you have the $user in your script.
$log = $creator + "created on " + $date + " the user account " + $user.Name
Out-File $log "C:\temp\log.csv"

How to output specific information from a powershell command?

So I've been playing around with Powershell recently, trying some things with a basic command net user $username. As an example net user administrator produces an output that you can see at the bottom of this page.
My question is: How do I output specific elements of this?
I'm aware of pipes and have been trying to use them but I think I'm missing something as it never comes out right. Lets say, for example, I just want user name, full name, password expires and last logon to be shown as an output. What command do I use after the pipe to get this?
Many thanks!
net.exe is not a PowerShell cmdlet. Therefore getting information out it is processing the output of the executable as a string.
For example, retrieving the user name:
$netoutput = net user administrator
#User name is on the first line, separated by spaces, the actual username is last word
$netoutput[1].Split(" ")[-1]
If you are using Win10 1607 or newer, you could retrieve this information with the Get-LocalUser cmdlet
Get-LocalUser administrator | Select-Object Name,FullName,PasswordExpires,LastLogon

PowerShell: Compare CSV to AD

I'm fairly new to PowerShell and I'm posting this on many forums but I've had success with programming assistance from here before and although this isn't strictly programming, I was hoping someone might know the answer.
My organization had about 5,300 users we needed to disable for a client. Someone decided the best use of our time was have people go through AD and disable them one at a time. Soon as I got wind of this I put a stop to it and used PowerShell to take the CSV list we already had, and ran a cmdlet to disable all of the users in the CSV list.
This appeared to work, but I wanted to run a comparison. I want to compare the users from the CSV file, to the users in AD, and confirm that they are all disabled without having to check all 5300 individually. We checked about 60 random ones to verify my run worked, but I want to make sure none slipped through the cracks.
I've tried a couple scripts and I've tried some variations of cmdlets. None of the scripts I tried even worked, spammed with errors. When I try to run a search of AD either using get-content or import-CSV from the csv file, when I export its giving me about 7600 disabled users (if I search by disabled). There were only 5300 users in total, so it must be giving me all of the disabled users in AD. Other cmdlets i've run appear to do the same thing, its exporting an entire AD list instead of just comparing against my CSV file.
Any assistance anyone can provide would be helpful.
Without knowing the exact structure of your CSV I'm going to assuming it is as such:
"CN=","OU=","DC="
"JSmith","Accounting","Foo.com"
"BAnderson","HR","Foo.com"
"JAustin","IT","Foo.com"
That said, if your first field actually has CN= included (i.e. "CN=JSmith","OU=Accounting","Foo.com") you will want to trim that with .TrimStart("CN=").
$ToRemove = Import-CSV UserList.csv
$UserList=#()
ForEach($User in $ToRemove){
$Temp = ""|Select "User","Disabled"
$Temp.User = $User.'CN='
If((Get-aduser $Temp.User -Prop Enabled).Enabled){$Temp.Disabled='False'}else{$Temp.Disabled='True'}
$UserList+=$Temp}
$UserList|?{$_.Disabled -eq 'False'}
That loads the CSV into a variable, runs each listing through a loop that checks the 'CN=' property, creates a custom object for each user containing just their name and if they are disabled, and then adds that object to an array for ease of use later. In the end you are left with $UserList that lists everybody in the original CSV and if they are disabled. You can output it to a file, filter it for just those that are still enabled, or whatever you want. As noted before if your CSV actually has CN=JSmith for each line you will want to update line 5 to look as such:
$Temp.User = $User.'CN='.TrimStart("CN=")
If you don't have any headers in the CSV file you may want to inject them. Just put a line at the top that looks like:
CN=,OU=,DC=
Or, if you have varying OU depths you may be better off doing a GC and then running each line through a split, taking the first part, trimming the CN= off the beginning, and checking to see if they are disabled like:
GC SomeFile.CSV||%{$_.split(",")[0].trimstart("CN=")|%{If((get-aduser $_ -prop enabled).enabled){"$_ is Enabled"}else{"$_ is Disabled"}}}
Assuming your CSV has a column called DN you can run the following which will return all users from your spreadsheet which are enabled
import-csv YourUsersCSV.csv | Get-ADUser -Filter
{DistinguishedName -eq $_.DN } |
where{$_.enabled -eq $true} |
Select-Object -Property DistinguishedName,samaccountname,enabled

Powershell: How to capture output from the host

I am using powershell to automate some tasks related to checking out/merging in TFS. When I call
tf get * /recurse
I get a bunch of data scrolling by about the files that are getting checked out. The last line generated by this command (assuming its success) is one telling the checkin number. I would like to parse this out so it can be used later on in my script.
I know that I can do something like
$getOutput = tf get * /recurse
but then the output is suppressed entirely and I want the output of that command to be scrolled in realtime. I would basically like to grab everything that just got sent to the output buffer.
Try something like this:
tf get * /recurse | tee-Object -Variable getOutput
The tee-object in PowerShell 2.0 allows you to pipe results to two sources. If you leave the second source empty, the results go to the console.
ls | tee-object -filePath directoryListing.txt
This will write the directory listing to both the console and a text file.