I have two questions really, both surrounding the same topic.
I need to be able to create a flat file and use this file to import the users listed in the file to a specific group in Active Directory. They will already exist in AD, just not be in the group.
Secondarily to that, I also need to be able to use similar methodologies to remove users from the AD group using a different flat file.
Can this be done? The list of users will be in the 100s so I really don't want to have to do it by hand....
Yes, this is possible with Powershell: Managing Active Directory with Windows PowerShell This is for Powershell 1.0, there are a lot of tutorials for the same task with Powershell 2, which is a lot easier.
Related
I've tried around a bit, but haven't come up with a good result yet. My powershell skills are also a bit rusty.
What do I have in mind?
I want to read all security groups from a folder. For each security group I search in a domain (Active Directory) for the group and get all users contained in it.
Afterwards I add the user with the same rights again extra to the folder.
Reason: I search for the group or the user in another domain. Both domains are accessible from the same server. The groups will be removed at some point.
How can I do this? I have already tried a bit to read out groups (Get-Acl) etc, but I do not get further.
I do not ask for a complete solution, but just need hints how I could do this. Possibly also how this is then called in Powershell etc.
I'd like to find an automatic way to share OneDrive files with a specific internal user, what's the best approach? My current scripts are using PowerShell, but that's not a hard requirement.
I've tried:
https://learn.microsoft.com/en-us/graph/api/driveitem-invite?view=graph-rest-1.0 - what's the best library to use for this? I've created an AzureAD app with the appropriate delegated permissions. In PowerShell, once I run Connect-MgGraph, what method can I run to call this?
https://learn.microsoft.com/en-us/powershell/module/sharepoint-pnp/set-pnplistitempermission?view=sharepoint-ps - but my OneDrive items aren't part of a list. Could they be? The folder permission works well: https://learn.microsoft.com/en-us/powershell/module/sharepoint-pnp/set-pnpfolderpermission but I don't understand why there isn't a file one just like this folder one
I know the absolute URL of the file, the UPN of the internal user I want to directly share with, and I have owner permissions to the file. How can I do this?
I'm trying to give access to users on an application on AAD by powershell or Graph API. I have a list of 60 users and I don't want to do it by hand. I've investigate in AAD cmdleds but I didn't find anything useful for me. Is there any way for doing that?
Thanks a lot.
You can do so through PowerShell with a module from this blog post.
After you download the module, edit it, create a csv file containing your 60 users, run 4 cmdlets and you're done!
(Remember to restart PowerShell if you make an edit to the psm1 module in the middle of a PowerShell session, reimporting doesn't clear the cache.)
Here's the situation. I'm am completely new to PowerShell so use small words...
I have a new user in Active Directory that I need to add to about 100 computers as efficiently as possible. My hope was that I could make a PowerShell script that would add the user either through a login script or remotely. I need to have a bit of precision control over this deployment because we don't want to push this user to every computer in the company.
Can PowerShell help me with this, and if not do you all have some sage advice that could help?
To add a user to the local administrators group using PowerShell:
([ADSI]"WinNT://./Administrators,group").Add("WinNT://your-domain/new-user,user")
Just replace the your-domain and new-user parts of the command with the appropriate values for your environment.
I've gotten comfortable using icacls to add people to file folders but now I am having trouble figuring out how to do the following:
on a folder with many children, g
get the existing permissions on the folder and store them
Add a bunch of new users, propogating to all children and turning on inheritance, replace and force (already working from previous scripts)
check the top level folder and remove any permissions not placed on in step 2.
now that the parent folder has the correct permissions and all children have inheritance set, set all children to have the same permissions as the parent (recompute acl inheritance?)
thanks for any help you all can provide, I just need a push to get into the right direction.
If you're using PowerShell, you don't need icacls (which returns text instead of objects) since you have have Get-Acl and Set-Acl. However, the help for those two commands is severely lacking, so I recommend supplementing with the .NET framework.
http://technet.microsoft.com/en-us/library/ff730951.aspx is a very good article on ACLs using the .NET framework in PowerShell. If you need more in depth information on System.Security.AccessControl, go to http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.aspx.