Hi all,
I'm new here, and not really a scripting person, I use PS scripts that usually have been created for me or I can find online. This one really has me baffled, I'm trying to append the computer description with the following script, but it just keeps over writing it.
Get-ADComputer Joet -Properties Description | Set-ADComputer -Description {$_.Description + "help"}
It over writes the description with everything inside of the brackets.....any help would be appreciated.
Thanks!
Hi Guys,
I need to access AD CS and AD RMS on remote server (windows 2003 - which do not have powershell or some servers have only powershell 1.0)
From server 2008 onwards, i have below cmdlets
Get-RmsCertChain
Get-RmsCertInfo
Get-RmsChildCert
Get-RmsEncryptedIL
Get-RmsRequestInfo
Get-RmsSvcAccount
Get-RmsSystemHealthReport
Get-RmsUserRequestReport
Get-CAAuthorityInformationAccess
Get-CACrlDistributionPoint
Get-CATemplate
But, how can i do the same for Server 2003, do i need to use any WMI in this case.
Please suggest.
I have a small PS script (created with some help from google) to delegate some control on the AD OU but I am having problem with SET-ACL command apparently due to limited access. With domain account it works perfectly but with an another power account with full rights on the OU , although not domain account, getting "set-acl: access is denied" error. I tried on GUI mode with the same account and it is perfectly ok so not sure what kind of rights does the user needs to run set-acl command. Is there any work around for this? or any other alternative to achieve same result? Thank you for your help. here is the script:
Import-Module ActiveDirectory
$uname= "Accountancy"
$ugroup = $uname+"-DATA"
#####
$rootdse = Get-ADRootDSE
$domain = Get-ADDomain
$guidmap = @{}
Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter `
"(schemaidguid=*)" -Properties lDAPDisplayName,schemaIDGUID |
% {$guidmap[$_.lDAPDisplayName]=[System.GUID]$_.schemaIDGUID}
$extendedrightsmap = @{}
Get-ADObject -SearchBase ($rootdse.ConfigurationNamingContext) -LDAPFilter `
"(&(objectclass=controlAccessRight)(rightsguid=*))" -Properties displayName,rightsGuid |
% {$extendedrightsmap[$_.displayName]=[System.GUID]$_.rightsGuid}
######
$container = "OU=$uname,OU=GLOBAL,DC=WORLD,DC=NET"
cd ad:
$group = Get-ADGroup $ugroup
$sid = new-object System.Security.Principal.SecurityIdentifier $group.SID
$ous = Get-ADOrganizationalUnit -Identity $container
$setacl = Get-acl -path $ous
write-host $setacl
$ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $sid,"ReadProperty, WriteProperty","Allow",$guidmap["member"],"Descendents",$guidmap["group"]
$setacl.AddAccessRule($ace)
set-acl -aclobject $setacl $container
I have a new problem coming up now.
We have bulk updates to be made on some of user attributes which involves updating their city name in Scandinavian format.
For ex. city name is to be updated for various users as "Äänekoski" but when i am trying to update through script i am getting it as "��nekoski".
I have a list of all users which needs city update in csv format.
I am using to below script to perform this:
# Import CSV into variable $userscsv
$users = Import-Csv -Path C:\users\admbharti.gupta\attributeTestExcel.csv
# Loop through CSV and update users if the exist in CVS file
foreach ($user in $users) {
#Search in specified OU and Update existing attributes
Get-ADUser -Filter "SamAccountName -eq '$($user.LogonName)'" -Properties * -SearchBase "OU=MG,DC=mgr,DC=ads" |
Set-ADUser -Replace @{ l = "$($user.city)"}
}
Kindly provide some suggestions so that i can have successful update of this attribute without showing any question marks.
Hi
Some of our User-objects containig an invalid e-mailaddress.
So i tried to find out like this:
Get-ADUser-Filter {emailaddress-like'*ö*'} -Propertiesname,DisplayName,emailaddress,mail|Select-ObjectDisplayName,emailaddress,mail|ft
I get all existing account, wether containing this character or not.
Filtering to something like Name or surname with this character will do it right.
What's going wrong?
Thanks in advance
I was recently in one of Jason Yoder's classes and he mentioned using (I think) new-possession as a means of testing powershell remoting capabilities in scripts. test-connection could be blocked by firewalls where remoting is most likely open. anyone know how to do that?
Hi everyone,
I am trying to compare a .csv which has one column (EmployeeID) with the AD property EmployeeID. This list is an extraction from a certain application where we would like to change from EmployeeID logon to AD Single Sign-on. Therefore we need to get certain data from AD. The current selected fields are:
EmployeeID,Name,EmailAddress,GivenName,Surname,userPrincipalName,SamAccountName
Input file (Example below):
PersonID
999998
999997
123456
789159
753159
258258
I've tried several different approaches but I am missing something.
Example:
Import-Module -Name ActiveDirectory
$ad_users = Get-AdUser -Filter * -Properties EmployeeID, SamAccountName | select EmployeeID, SamAccountName
$users_from_database = Import-Csv "path\userstest.csv" | select PersonID
$ad_employee_numbers = $ad_users | ForEach-Object {$_.PersonID} ## Create an array of strings of only the AD user's employee number
$users_from_database | ForEach-Object {if ($ad_employee_numbers -contains $_.EmployeeID) { $_ }} ## Find all users in the database that are also in Active Directory
Anyone who can shed some light on where I'm making the mistake?
Hi,
I am trying to get the list of disabled users from AD. using the below script,
Get-ADUser -Filter {Enabled -eq $false} | select Name,department,sAMAccountName,givenName,sn,DisplayName,title,AccountExpires,pwdlastset,lastLogon,whenCreated,Descriptions,Mail,ScriptPath,homeDirectory,homeDrive,Company,CN,dstinguishedName |export-csv "C:\Users\admbharti.gupta\Activeusers.csv"
and when i am trying to export the result in csv file its showing this value "Microsoft.ActiveDirectory.Management.ADPropertyValueCollection" for many attributes like 'pwdlastset' ,'lastlogon','description' etc. Although Name, Samaccountname and displayname values are coming fine.
Kindly tell any way or method through which i can get all correct values instead of this value "Microsoft.ActiveDirectory.Management.ADPropertyValueCollection".
I'm looking to create a script to query individual Domain Controllers within an AD site. It's mostly going to be used for comparing the individual records from each Domain Controller within an a single AD site for Autodiscover.
I already have the records I'm attempting to locate:
Normal 0 false false false EN-US X-NONE X-NONE
'(&(objectClass=serviceConnectionPoint)(|(keywords=67661d7F-8FC4-4fa7-BFAC-E1D7794C1F68)(keywords=77378F46-2C66-4aa9-A6A6-3E7A48B19596)))'
But I'm not exactly sure how I can get it to pull from an individual Domain Controller.
Ideally I would like it to use a reference file where I can create a list of DC's to query and then output the results to either a CSV or a text file.
I'm getting conflicting ways on how to perform the query.
There is this: New-ObjectSystem.DirectoryServices.DirectorySearcher
Or as Ed Wilson of the "Hey Scripting Guy" blog recommends using [ADSISearcher]
Any help on which method would be better on completing the query would be appreciated.
I was able to find a starting point but I haven't had much luck getting this to work.
$ADDomain= Get-ADDomain| Select DistinguishedName$DSSearch= New-ObjectSystem.DirectoryServices.DirectorySearcher$DSSearch.Filter= '(&(objectClass=serviceConnectionPoint)(|(keywords=67661d7F-8FC4-4fa7-BFAC-E1D7794C1F68)(keywords=77378F46-2C66-4aa9-A6A6-3E7A48B19596)))'$DSSearch.FindAll() |
I am in the process of writing a script that creates a VM based on param input. The VHD that is attached is an un-syspred image. I need to get the vm into Active Directory.
One option would be to sysprep the vhd.
Is there a way to automate the domain join via powershell remotely?
On AD users there is a tick box called "Password never expires" For a handful of users I need to check this box and I'm having issues.
(Get-ADUser-Filter*-SearchBase"ou=Test,dc=acme,dc=org").Name | ForEach {
$user=get-aduser$_
Set-ADObject-Identity$user-PasswordNeverExpires$True}
this gives many errors. It says it can't find the users yet they are there. How is this done?
Hi,
I have a list of security groups in AD, I need to עo through line by line and get the e-mail address of every group
I tried with get-ADgroup, but I can't find this filed in this command
need help with this issue.
Thanks,
Lior
.
Hi
I am trying to compare all users within a specific OU against a CSV file to check that AD has all the correct information and no spelling mistakes.
The CVS headings are sn, givenName, employeeID and contains 100+ users
I can get the following to work when I only have a single name in the CSV but when I add additional names it doesnt work. The script needs to check the AD user's sn, givenName and employeeID and if any of these fields are different from the CSV it needs to email the name and field that is incorrect to our ICT support email.
At the moment I have only tried to get it to export to a CSV but cannot get that working. Any help please much appreciated.
My script as far as I have got:-
$ID = Import-Csv -Path "c:\scripts\csv\staffchanges.csv" | Select-object -ExpandProperty EmployeeID
$FirstName = Import-Csv -Path "c:\scripts\csv\staffchanges.csv" | Select-object -ExpandProperty givenName
$Surname = Import-Csv -Path "c:\scripts\csv\staffchanges.csv" | Select-object -ExpandProperty sn
$CSVADMismatch = "C:\scripts\output.csv"
Get-ADUser -filter * -SearchBase "OU=Staff,OU=Users,DC=domain,DC=com" -Properties * |
ForEach-Object { Where-Object{$_.givenName -ne $FirstName -or $_.sn -ne $Surname -or $_.EmployeeID -ne $ID} | Select-Object name, givenName, sn, employeeid | Export-Csv -NoTypeInformation -path $CSVADMismatch}
Thanks
$users=Get-Content"C:\Temp\UserList.txt"
foreach ($userin$users) { remove-adgroupmember-identity'onesign'-member$User-Confirm:$false}
The above code works. The UserList.txt file has 277 names inside of it and all were removed from the AD group. My question is why does it take such a long time? It took over 25 min for this script to run and finish. I ran it from within the PowerShell ISE tool.
Hi.
We are changing ou priveliged accounts to a setup where the user can be presented for a number of service accounts with certain priveliges if he has been approved to certain group membership.
Thus, I need to create a script that can provision a number of service accounts with a narrow naming syntax and afterwards provide group membership. User names have a maximum of 20 characters thus:
example username
M1150-DomainAdminP01 |
M1150-DomainAdminP02 |
M1150-DomainAdminP03 |
M1150-DomainAdminP04 |
M1150-DomainAdminP05 |
M1150-DomainAdminP06 |
M1150-DomainAdminP07 |
M1150-DomainAdminP08 |
M1150-DomainAdminP09 |
| M1150-DomainAdminP10 |
Syntax service account name:
12345678901234567890 (20 characters i total)
Character 1---5: Domain name - user specify name for one domain at a time. If I need service accounts for several domains then I will run the script again... (or even better if someone has the scripting abilities give me the opportunity to choose one or several domains from list of 120 (yes 120 domains in total) domains and specify number of service accounts for each domain that I choose)
Character 6-17 Description of service account (if gaps when desciption do not use all 12 characters then use "-")
Character 18 = P
Character 19 and 20 = Forth running number (01, 02, 03, 04, 05)
MemberOf. I need to be able to specify that service users need to be Member of (get-adGroup -filter {name -like "xxxxx"}
Can someone please give me some help where to start. I have never created anything where I Iterate/create a number of users within a narrow naming convention.
Best regards
Carsten
$OUExist= [adsi]::Exists("LDAP://OU=Test,DC=acme,DC=org")
if ($OUExist-like'True') {Start-Sleep-Milliseconds 1}
Else {New-ADOrganizationalUnit-Name'8484'-Path"OU=Test,DC=acme,DC=org"}
Running the above code returns no errors. yet the new OU 8484 never gets created. I've forced AD replication and waited over 30 min on top of that and it never shows up. How come?
I need to use PowerShell to edit a Group Policy object (GPO).
The setting I need to edit is:
User confnguration
Policies
Windows settings
Internet Explorer Maintenance
Security
Security Zones and Content Ratings
and i need to add a site to the Trusted sites list.
I found interesting samples of PowerShell scripts to edit the list of trusted sites by editing the Registry, but I need to edit the GPO instead.
Is it possible?
Is there any example I can start from?
Regards and Season's greetings
marius
I want to extract IPv4 and IPv6 pattern wherever used in the bunch of files/codes. I am using the below script but that fetches me only IPv4.
$regex ="\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b"
cd "D:\"
$excluded = @("*.pdf", "*.jpg", "*.jpeg", "*.dll", "*.exe", "*.gif", "*.png", "*.css", "*.vbproj", "*.vspscc", "*.rpt", "*.pdb", "*.zip", "*.rar", "*.flv", "*.cache", "*.dat", "*.bin", "*.sln", "*.wmv", "*.mpg", "*.mpeg", "*.tif", "*.ppt", "*.pptx" ,"*.pps", "*.pub", "*.swf", "*.msi")
Get-ChildItem -Recurse -exclude $excluded |
Select-String -Pattern $regex | Select-Object path,line,linenumber,filename | Export-Csv -Path "D:\result.csv" -notypeHow can I fetch all the possible patterns of IPv6 addresses along with IPv4, recursively. I am using Powershell 2.0
Is there a way to get the number of updates ready/waiting for install by means of a script without accessing the WSUS server? Like the info you get when you click "Check for updates".
Hallo all,
I'm quite new to Powershell so don't laugh of my script build, but working on a script that will install an application and write the Exitcode to a log file.
I would like to hear your opinion for my apposed. Would there be a better way to install the application?
Would you normally do a check in the script if the application is installed correctly before moving down the script? More if I need to build more into the script after the application install step.
Here is my script:
# Imports MDT Powershell Module for testing outside of MDT
# Import-Module .\ZTIUtility.psm1
# Determine where to do the logging
$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
$logPath = $tsenv.Value("LogPath")
$logFile = "$logPath\$($myInvocation.MyCommand).log"
# Start the logging
Start-Transcript $logFile
Write-Output "Logging to $logFile"
# Start Main Code Here
# Define each variables
$AppName = '<<xx-application>>'
$Appx64 = ".\source\jre1.8.0_51_x64.msi"
$Appx86 = ".\source\jre1.8.0_51_x86.msi"
$psArchitecture = (Get-WmiObject Win32_OperatingSystem).OSArchitecture
$Parameters = "/q"
# Checks that each source files are available in sub directory
If (((Test-path "$Appx64","$Appx86") -eq $False)) {
Write-Output "One of the source files is missing, unable to install."
Exit
}
Else {
Write-Output "Source files found - will start the installation now"
}
# Installs <<xx-application>> x64 and write logs to the DeploymentLogs directory
Write-Output "Starting installation of $AppName"
# Starts a process of installation
If ($psArchitecture -eq '64-bit') {
Write-Output "Installing $AppName : $Appx64"
$ProcessX64 = (Start-Process "$Appx64" -ArgumentList $Parameters -Wait -Passthru).ExitCode
}
ELSE {
# Installs <<xx-application>> x86 and write logs to the DeploymentLogs directory
# Starts a process of installation
If (($psArchitecture -eq '86-bit') -or ($psArchitecture -eq '32-bit')) {
Write-Output "Installing $AppName : $Appx86"
$ProcessX86 = (Start-Process "$Appx86" -ArgumentList $Parameters -Wait -Passthru).ExitCode
}
}
# Write to BDD.log if the whole installation succeeded
If (($ProcessX64.ExitCode -ne 0) -or ($ProcessX86.ExitCode -ne 0)) {
Write-Output "$AppName has been installed succesfully"
}
ELSE {
Write-Output "Installation failed - check your BDD.log for more info"
Write-Output "Installer exit code $($ProcessX64.ExitCode) $($ProcessX86.ExitCode)"
}
# Stop logging
Stop-Transcript
Looking forward to read your suggestion.
BR,
Daniel