I got communitytasks to send mail. But in subject itself if i add display name of LDAP user, I would know who is taking build.
Following Code in Powershell would give me mail id and displayname
$searcher = [adsisearcher]"(samaccountname=$env:USERNAME)"
$mailid= $searcher.FindOne().Properties.mail
$DispName= $searcher.FindOne().Properties.displayname
Is there any way to get mail id and displayname in Msbuild or is it better to call powershell commands through inline task?
In MSBuild you can refer to environment variables as if they were defined properties, so taking the name of the user is as simple as writing $(USERNAME).
Related
Im using
$Manager = Get-aduser ($User.Manager) -replace "#email.com"
To try and process a spreadsheets data based on a form. the manager item the end user puts into the form is managers email aka...their UPN but im trying to use the upn to pull and assign the aduser as the manager for the individuals im trying to process.
any ideas?
trying to automate a part of my job that requires me to audit inactive users and email their managers. This report comes in the form of a CSV with several columns. I was hoping to have a PowerShell script that goes through one of the columns, reads the username and gets the ad-properties such as Full name and manager. I would then like to be able to have the script send a pre-canned response to this manager to let them know that their direct report needs to log in.
Example CSV:
Name | username | last log in | etc
I've read in a similar posting that some create an array and store each item in a column into an array such as
$usernames=#()
$usernames+= $_.username
But I am having difficulties fleshing out the rest of the logic once all items are in an array.
Please forgive any issues, this is my first post. Thanks for your time.
I am having difficulties fleshing out the rest of the logic once all items are in an array.
Once you have an array of usernames, you just need a loop statement - like a foreach loop:
foreach($username in $usernames){
# fetch user account from AD
$ADUser = Get-ADUser $username -Properties manager,displayName
# fetch manager account from AD
$ADManager = Get-ADUser $ADUser.manager -Properties mail,displayName
# compose email content
$subject = "'$($ADUser.displayName)' needs to log in!"
$body = "Dear $($ADManager.displayName),`n`nPlease inform your direct report '$($ADUser.displayName)' that they need to log in!`n`nBest Regards`nMarkM"
# send email to manager
Send-MailMessage -From markm#company.tld -Subject $subject -Body $from -SmtpServer mail.server.fqdn
}
I have the below code C# which works great for querying Azure AD but I need to also read in the property 'PasswordNeverExpires' as shown in the below screenshot. I cannot see the property on the full MS list here - https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0 - only a 'passwordPolicies' property which returns "DisablePasswordExpiration" for all our users which doesn't tally up with the results shown in AD manager. I can see plenty of powershell scripts, for example here - https://serverfault.com/questions/730189/powershell-find-all-users-with-password-never-expires - which mention a 'passwordNeverExpires' property but this only appears blank when I run my C# script.
string Url = $"{config.ApiUrl}v1.0/users?$select=userPrincipalName,lastPasswordChangeDateTime,PasswordNeverExpires,passwordNeverExpires";
do {
string JSON = await apiCaller.CallWebApiAndProcessResultASync(Url, result.AccessToken, Display);
Url = AADR.OdataNextLink;
} while (AADR.OdataNextLink != null);
The powershell scripts you found in this post is for AD rather than AAD. So it doesn't work for AAD. There is not a property named PasswordNeverExpires in AAD Module.
PowerShell Script:
You can use the following PowerShell cmdlet to see if a single user's password is set to never expire (reference here):
Get-AzureADUser -ObjectId <user id or UPN> | Select-Object UserprincipalName,#{
N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}
}
The cmdlet aliases PasswordPolicies -contains "DisablePasswordExpiration" to a new property PasswordNeverExpires.
To see the Password never expires setting for all users, run the following cmdlet:
Get-AzureADUser -All $true | Select-Object UserprincipalName,#{
N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}
}
Microsoft Graph:
Since there is no PasswordNeverExpires property in MS Graph user resource type, you should just query the passwordPolicies property using MS Graph.
GET https://graph.microsoft.com/v1.0/users?$select=userPrincipalName,lastPasswordChangeDateTime,passwordPolicies
Then you will get "passwordPolicies": "DisablePasswordExpiration" in the response. Use your own code logic to handle it (define a PasswordNeverExpires and set it to true).
I'm working on a small work order app with a database back end for our Help Desk. Part of it is tracking some basic information about my organization's laptops (Manufacturer, Model, Serial Number, who it's assigned to, etc). I would use a real programming language like C# or Java, but for reasons dictated by people over my head, I'm stuck with using what is available built into Windows 10 Enterprise, so PowerShell with WPF.
Our network has a Windows domain with a large Active Directory forest and smart card authentication. What I would like to do, if possible, is have the user select their smart card certificate (the user using this app will be different than the user who logged into Windows i.e. there will be multiple smart cards inserted) with a UAC prompt or Get-Credential prompt. Entering their pin is not a requirement, though it would be nice to confirm their identity. All I want is to retrieve some basic information from the certificate/card they select, such as display name and email address. I'll be using the email address to query my database for other information such as which laptop(s) they're assigned. I would like to avoid doing an Active Directory lookup if possible, but that option is not completely off the table.
Below are a few things I have found but they all are sort of partial solutions to what I'm trying to do and I'm not sure how to put it all together. Get-Credential prompts the user to pick a smart card and enter their pin, which does what I'm looking for up front, but in the back it returns a PSCredential object that contains a username (coded somehow, but I can't find which encoding is used, or maybe it's a UID) and SecureString password (not validated, the user can leave this blank or enter anything). I don't know what to do with this to get the information I want. Get-ADUser doesn't seem to be able to return a user object using a PSCredential object as identity. Is there something I am missing or not understanding about this? Is what I'm trying to do possible?
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-credential?view=powershell-5.1
View All Certificates On Smart Card
https://www.akaplan.com/blog/2013/10/get-users-mailaddress-from-smartcard-with-powershell/
https://blogs.msdn.microsoft.com/alejacma/2010/12/15/how-to-enumerate-all-certificates-on-a-smart-card-powershell/
This last link seems like it would work but I'm not sure how to put it into use. The documentation is very sparse.
If I wanted to work with certificates based on the smart cards inserted at the time I would use certutil.exe to pull all of the smart card info. Then grab the certificate serial numbers from the resultant text and query the CurrentUser\MY certificate store matching the serial numbers. Once I had the certificates I would pass that info to Out-GridView with the -OutputMode Single parameter to allow the user to select a certificate. From there you have the user's info based on the certificate shown.
$SCSerials = certutil -scinfo -silent | Where{$_ -match 'Serial Number: (\S+)'} | ForEach {$Matches[1]}
$SelectedThumb = Get-ChildItem Cert:\CurrentUser\my | Where{$_.SerialNumber -in $SCSerials} | Select Subject,Issuer,NotBefore,NotAfter,Thumbprint | Out-GridView -Title 'Select a smartcard certificate.' -OutputMode Single |% Thumbprint
$UserCert = Get-Item Cert:\CurrentUser\My\$SelectedThumb
Then $UserCert.Subject is the distinguished name of the user and you can use that to query AD or whatever you want.
I am currently trying to create an Active Directory contact object in a specific OU in our Active Directory. I am not looking at using Exchange PowerShell. I would like to do this via normal PowerShell directly in to AD.
I have looked online and found that I can create a contact using the below command, this creates it in a specific OU.
New-ADObject -Name SaraDavisSGTContact3 -Type contact -Path "OU=SGTestOU,OU=Contacts,DC=example,DC=Example,DC=local"
How would I also get it to add other attributes such as mail (email address), first name, surname, etc.? I tried -Mail example.com, etc., but this didn't work.
Please bear in mind I will eventually try and get this to read from a CSV to do in bulk, so the simplier the code the better.
Use the -OtherAttributes Parameter to add additional attributes.
See New-ADObject MSDN Documentation
New-ADObject -name SaraDavisSGTContact3 -Type Contact -path "OU=SGTestOU,OU=Contacts,DC=example,DC=Example,DC=local" -OtherAttributes #{
'mail'="sara#gmail.com";
'proxyAddresses'="sara#gmail.com";
'givenName'="Sara";
'sn'="Davis";
'displayname'="Sara Davis"
}