When I run get-user|get-member in powershell with the exchange add-in I noticed there is no description property.
Does anyone know if it has been renamed to something else or another way of accessing it?
If you aren't looking to change the description this should work:
[PS] C:\>$ANR = "testuser#example.com"
[PS] C:\>$foo = [adsi]("LDAP://" + (get-user $ANR).DistinguishedName)
[PS] C:\>$foo.description
My Description
If you are wanting to edit, you will need to get further into System.DirectoryServices & look at how to write objects back to AD. It would likely be simpler to use quest of another package that does some wrapping. If you want to roll your own there are gobs of blogs on AD programming in Powershell.
Exchange itself provides minimal interaction with AD - essentially, it gives you some AD stuff because AD and Exchange are so connected, but it doesn't try to expose all of AD's functionality.
Check out quest.com/powershell; that is an add-in library (it's free), and it has a cmdlet called Get-QADUser which will get you what you need - somewhat more easily, and in a more PowerShell-ish fashion, than using ADSI (which is also completely legit for what you're after).
get-user? do you mean get-qaduser from the quest cmdlet suite?
if so, I believe not all properties are retrieved by default. There's an -Include parameter that lets you specify additional properties to retrieve from AD, IIRC.
It works on the console; however in the CSV file, it keeps appending
System.DirectoryServices.PropertyValueCollection
to the end of each line instead of the value
When I run it on the prompt by typing out the distinguishedname, the ldap query works..
$tmp =adsi
$tmp.description
bill
any ideas?
solved it.. its just $tmp.description.value
Related
In Azure AAD, I want to use Powershell to clear the value for a user's extension attribute named "employeeId". When I try to Set-AzureAdUserExtension to $null or "", it gives a binding error. Will Remove-AzureAdUserExtension do this? All the help files, docs and internet searches about this command say that it "Removes a user extension from Azure Active Directory". I'm pretty sure that means it will clear the attribute value for one user, as I want. But I'm afraid it might try to remove the user extension attribute from the schema, which is absolutely what I don't want.
Please help me confirm this command's effect before I blow up my customer's directory.
It will just remove the attribute value for one user, rather than remove the user extension attribute from the schema, feel free to use it.
Test sample:
Get-AzureADUserExtension -ObjectId <user-object-id>
Remove-AzureADUserExtension -ObjectId <user-object-id> -ExtensionName employeeId
With most ActiveDirectory commands, you can add a parameter: -server. This parameter has proven to be extremely useful to me, since where I am working seems to have some kind of slow updating system, and when I don't only use one of the servers, my programs can lag and completely bug.
I'm also trying to modify the ACL of a folder. To do this, I have a function that takes the -PassThru of a New-ADGroup command, and then pipes this into a custom function.
The custom function creates and returns new AccessRules (which are added to array $AccessRules), which are then added to an $acl variable:
$AccessRules |
%{$acl.AddAccessRule($_)}
This inconsistently returns errors: Sometimes, it runs smoothly, but other times, it returns the classic "Some or all identity references could not be translated". I am 90% sure this comes from the fact that it is not checking the right server, because even between
Get-ADGroup -filter {name -eq "[group name]"}
and
Get-ADGroup -filter {name -eq "[group name]"} -Server [server name/address]
I only get results for the second.
Is there a way I could add a similar -Server Parameter to something like .AddAccessRule()? Perhaps a slightly different method?
You can use a neat trick specified in this answer. You create a New-PSDrive to your AD using a certain server, then you call cd or set-location to that drive, voila, any .NET functions called (and any cmdlets that are not otherwise redirected to a different server) will use that server to process the requests, resolve AD entities into SIDs, etc, without you waiting for AD replication.
I'm using powershell to get the Status/Availability of certain users by using the following code:
Import-Module "C:\...\Microsoft.Lync.Model.dll"
$Client = [Microsoft.Lync.Model.LyncClient]::GetClient()
$Contact = $Client.ContactManager.GetContactByUri( $args[0] )
Write-Host $Contact.GetContactInformation("Activity")
Let's say I'm passing in testuser#testcompany.com as the script argument.
If I run this script, it will return "Presence unknown". However, if I open up the Skype client manually and search for the user, I can see their availability then (let's say this user is set to Available).
Now, if I run my script again now after I've searched for them in Skype, the script will return the proper result by printing "Available" to the console. The script will continuously return the proper result until I restart Skype. At the point, it will return "Presence unknown" again until I search for the user in Skype.
If the user is in my Recent Conversations in Skype and I simply view my Recent Conversations tab rather than searching for them, that is enough to have the script start returning the proper result.
It would appear as though it is unable to query their availability until it is manually loaded into cache(?) from my client. Any idea why this would possibly happen or how I can have it return the proper results without manually searching for the user first?
Only workaround I have found is to create a conversation with the target user like this:
Import-Module "Microsoft.Lync.Model.dll"
$client = [Microsoft.Lync.Model.LyncClient]::GetClient()
$contact = $client.ContactManager.GetContactByUri($email)
$convo = $client.ConversationManager.AddConversation()
$convo.AddParticipant($contact) | Out-Null
Write-Host $contact.GetContactInformation("Activity")
$convo.End() | Out-Null
It doesn't appear to cause any IM windows to popup on the users side.
It would be interesting to see your powershell code for the subscription solution
Looks like you have to subscribe to user presence information. Lync SDK MSDN documentation has outlined the solution at https://msdn.microsoft.com/en-us/library/office/jj937284.aspx.
Similar solution at https://social.msdn.microsoft.com/Forums/en-US/12357db7-769f-4808-bc99-9b2fb2ed8ce2/presence-unknown?forum=communicatorsdk
I am writing a script to disable old workstation objects (and I have to remake the wheel due to some unique things on my system). I'd like to make some test computer objects with known LastLogonDate to validate my script.
How can I, preferably just with PowerShell, set the LastLogonDate property to what I want it to be? I'd prefer it to be in PowerShell so I can include the necessary changes in order self-test my code when it runs. I am also heavily restricted on what programs can be placed on the network.
I haven't found a pure PowerShell solution, and TechNet indicates that Set-ADComputer doesn't have that functionality. In desperation I've tried running ADSIedit on a domain controller to set LastLogon and LastLogonTimestamp, but get error 0x209a (attribute is owned by the Security Accounts Manager).
Worst case scenario, I can use a previously disabled workstation but that workaround is getting a lot of frowns from my security folks.
Thank you.
Edit:
If I can figure out how to get around that "error 0x209a (attribute is owned by the Security Accounts Manager" issue, I think I can use the following PowerShell to set it:
Get-ADComputer -Identity <ComputerName> -Server <DomainController> | Set-ADObject -DisplayName <ComputerName> -Replace #{LastLogon=<NewTimeStamp>}
Where NewTimeStamp is the tick count of the date you want to set.
Do not modify! Both LastLogon and LastLogonTimeStamp are system-owned attributes and even if you found a way to bypass the restriction, you would most likely break the replication of the object.
There's nothing wrong with disabling and moving old unused computer objects. Your security folks would however hate you if you broke AD by doing unsupported modifications.
LastLogonDate is a virtual/calculated property created by the AD-module for easy access to a datetime-converted property of for the LastLogonTimeStamp-attribute.
I have a problem with some old apps and I need to set an environment variable from AD (hurray)
I'm quite new to PS scripting, so I can use some help.
In my AD I have filled the attribute departmentNumber with information, that part works fine.
Now I need to create a logon script which reads this field from the current user (attribute: departmentNumber, derived from: inetOrgPersonUser) and set this as an environment variable called AFDELING.
I know this can be done using a VB script, but I prefer PS. Can anyone help me with this one?
Thanks in advance for your help,
Peter
Working with environment variables in PowerShell involves the special variable $Env and unfortunately you need to use a .NET method to set environment variables as no cmdlet exists (at least as of v2):
[Environment]::SetEnvironmentVariable("AFDELING", "DeptNo", "User")
The first string parameter is the variable name, the second is the value and the third is basically the persistance level requested for the variable: Machine, User or Process - both machine and user will survive a reboot and future applications will have access to them, though you will need to be running PowerShell with an administrative account to modify the machine-level variables.
Getting the user info should be equally easy. There are a variety of ways that you can access Active Directory, though one of the simplest in your case would be to use the System.DirectoryServices.DirectoryEntry class:
$de = New-Object System.DirectoryServices.DirectoryEntry
$DeptNo = $de.Properties["departmentNumber"]
That should query the current user record from a domain controller, and assign the value from the departmentNumber attribute to the $DeptNo variable. You can then just pop that variable into the second parameter from the first example.