Script to get AD group and members details but group name is to long
Hi, I found this script on the internet and it works but i have a problem when the group name is longer then 31 charaters. Is there away to rename these groups are to shorten them. This is the script. $result = Get-ADGroup -Properties Name -SearchBase "DC=Contac,DC=local" -Filter * | ForEach-Object { $group = $_.Name Get-ADGroupMember -Identity $group -Recursive | Where-Object {$_.objectClass -eq 'user'} | Get-ADUser -Properties Displayname,Name,EmailAddress | Select-Object @{Name = 'Group'; Expression = {$group}}, Displayname,Name,EmailAddress $result | Group-Object -Property Group | ForEach-Object { $group = $_.Name $_.Group | Select-Object * -ExcludeProperty Group | # save as separate csv files # Export-Csv -Path "C:\tmp\$group.csv" -NoTypeInformation # or as separate worksheets in an Excel document Export-Excel -Path 'C:\temp\XXXX-2023.xlsx' -WorkSheetname $group -AutoSize -title "ADGroup: $group" -TitleBold } }
Getting Timeout limit was exceeded while fetching adgroup member
We have requirement of adding users to multiple ad group, before that check if the user is exist in A group then remove and add to B group. Its working fine smoothly for other AD groups, But still getting time limit error for a specific AD group. Followed few article regarding to set the timespan. But none of them worked. Used server name also. cmdlt:- Get-ADGroupMember -Identity "AdgroupName" -Server "myservame" | Where-Object {$_.SamAccountName -eq $Username}
Get users from CSV, foreach user, get country, name, etc., then Export
Hi! I have a problem with PS query. I have a CSV file with +1000 userprincipalname. Id like to export that UPN and for each user get info like userprincipalname, title, country, department, enabled, then export to excel. My example queries: $csv = gc "C:\New folder\Users.csv" $Users=@() $csv | Foreach{ $elements=$_ -split(";") $Users+= ,@($elements[0]) } ForEach ($User in $Users) { Get-ADUser -filter "userPrincipalName -eq '$User'" -Properties * | Select-Object userprincipalname, title, country, department, enabled } OR $Users = Get-contect -path "C:\New folder\Users.csv" ForEach ($User in $Users) { Get-ADUser -filter "userPrincipalName -eq '$User'" -Properties * | Select-Object userprincipalname, title, country, department, enabled } OR $Users = Get-contect -path "C:\New folder\Users.csv" ForEach ($User in $Users) { Get-ADUser -filter $User -Properties * | Select-Object userprincipalname, title, country, department, enabled } My excel has UPN only, like: mailto:email address removed for privacy reasons mailto:email address removed for privacy reasons etc. No headers. Someone will help? 😞
PS Script to remove users from a group in same domain and other domains with in forest
I am trying to remove users from a group using PS but it will only allow me to remove users in that domain and not from other domain within the forest, (user not found error for other domain within forest) This is universal group and have members from other domain. can someone help me update script to remove users from all domains with in forest. This is a Bulk operation. something i found, but need fine tuning $DC_In_Root = (Get-ADDomain us.contoso.com).PDCEmulator $DC_In_Default = (Get-ADDomain eu.contoso.com).PDCEmulator $Group = "Test1234" $Users = Import-Csv ".\Users.csv" ForEach ($user in $Users){ $Default_Domain_User = Get-Aduser $user -server $DC_In_Default Remove-ADGroupMember -Identity $Group -Members $Default_Domain_User -server $DC_In_Root }Get AD Group Members, manipulate samAccountname, and then add to distribution list.
Hello everyone. I can do these 3 things separately but not as a script. 1. Query AD GroupMembers 2. Take the samAccountname and remove the first 3 digits 3. Lookup modified samAccountame and query for email address 4. Add email address to a DL For example. Lets say a user has an account like SA-BondJames and is a member of a group "MI6". They also have an account called BondJames with an email address. I want to query the group "MI6" for members, remove the "SA-" (special agent) then look up the BondJames (SA- removed) for an email address and then add that account/email to a DL. Thank youBlogpost - Retrieving Security events from Active Directory
Wrote a blog post about getting Security events from your Domain Controller, the script is shown below: (More information here https://powershellisfun.com/2022/07/19/retrieve-security-events-from-active-directory-using-powershell/ ) function Get-SecurityEvents { param ( [Parameter(Mandatory = $true, HelpMessage = "Number of hours to search back", Position = 1)][string]$hours, [Parameter(Mandatory = $true, HelpMessage = "Folder for storing found events", Position = 2)][string]$outputfolder, [Parameter(Mandatory = $False, HelpMessage = "Enter email-address to send the logs to", Position = 3)][string]$to_emailaddress, [Parameter(Mandatory = $False, HelpMessage = "Enter the From Address", Position = 4)][string]$from_emailaddress, [Parameter(Mandatory = $False, HelpMessage = "Enter the SMTP server to use", Position = 5)][string]$smtpserver ) # Test admin privileges without using -Requires RunAsAdministrator, # which causes a nasty error message, if trying to load the function within a PS profile but without admin privileges if (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) { Write-Warning ("Function {0} needs admin privileges, aborting..." -f $MyInvocation.MyCommand) break } #Get Domain Controller with PDC FSMO Role to get events from try { $domaincontroller = (Get-ADDomain).PDCEmulator } catch { Write-Warning ("Unable to get Domain information, check ActiveDirectory module installation. Aborting...") } #Event id's from https://www.ultimatewindowssecurity.com/securitylog/book/page.aspx?spid=chapter8 $useraccountmanagementeventids = 4720, #A user account was created 4722, #A user account was enabled 4723, #An attempt was made to change an account's password 4724, #An attempt was made to reset an accounts password 4725, #A user account was disabled 4726, #A user account was deleted 4738, #A user account was changed 4740, #A user account was locked out 4767, #A user account was unlocked 4780, #The ACL was set on accounts which are members of administrators groups 4781, #The name of an account was changed 4794, #n attempt was made to set the Directory Services Restore Mode administrator password 5376, #Credential Manager credentials were backed up 5377 #redential Manager credentials were restored from a backup $computeraccountmanagementeventids = 4741, #A computer account was created 4742, #A computer account was changed 4743 #A computer account was deleted $securitygroupmanagementeventids = 4727, #A security-enabled global group was created 4728, #A member was added to a security-enabled global group 4729, #A member was removed from a security-enabled global group 4730, #A security-enabled global group was deleted 4731, #A security-enabled local group was created 4732, #A member was added to a security-enabled local group 4733, #A member was removed from a security-enabled local group 4734, #A security-enabled local group was deleted 4735, #A security-enabled local group was changed 4737, #A security-enabled global group was changed 4754, #A security-enabled universal group was created 4755, #A security-enabled universal group was changed 4756, #A member was added to a security-enabled universal group 4757, #A member was removed from a security-enabled universal group 4758, #A security-enabled universal group was deleted 4764 #A groups type was changed $distributiongroupmanagementeventids = 4744, #A security-disabled local group was created 4745, #A security-disabled local group was changed 4746, #A member was added to a security-disabled local group 4747, #A member was removed from a security-disabled local group 4748, #A security-disabled local group was deleted 4749, #A security-disabled global group was created 4750, #A security-disabled global group was changed 4751, #A member was added to a security-disabled global group 4752, #A member was removed from a security-disabled global group 4753, #A security-disabled global group was deleted 4759, #A security-disabled universal group was created 4760, #A security-disabled universal group was changed 4761, #A member was added to a security-disabled universal group 4762, #A member was removed from a security-disabled universal group 4763 #A security-disabled universal group was deleted $applicationgroupmanagementeventids = 4783, #A basic application group was created 4784, #A basic application group was changed 4785, #A member was added to a basic application group 4786, #A member was removed from a basic application group 4787, #A non-member was added to a basic application group 4788, #A non-member was removed from a basic application group 4789, #A basic application group was deleted 4790, #An LDAP query group was created 4791, #A basic application group was changed 4792 #An LDAP query group was deleted $otheraccountmanagementeventids = 4739, #Domain Policy was changed 4793 #The Password Policy Checking API was called #Set empty collection variable, date and eventids $collection = @() $date = (Get-Date).AddHours( - $($hours)) $filteruseraccountmanagement = @{ Logname = 'Security' ID = $useraccountmanagementeventids StartTime = $date EndTime = [datetime]::Now } $filtercomputeraccountmanagement = @{ Logname = 'Security' ID = $computeraccountmanagementeventids StartTime = $date EndTime = [datetime]::Now } $filtersecuritygroupmanagement = @{ Logname = 'Security' ID = $securitygroupmanagementeventids StartTime = $date EndTime = [datetime]::Now } $filterdistributiongroupmanagement = @{ Logname = 'Security' ID = $distributiongroupmanagementeventids StartTime = $date EndTime = [datetime]::Now } $filterapplicationgroupmanagement = @{ Logname = 'Security' ID = $applicationgroupmanagementeventids StartTime = $date EndTime = [datetime]::Now } $filterotheraccountmanagement = @{ Logname = 'Security' ID = $otheraccountmanagementeventids StartTime = $date EndTime = [datetime]::Now } #Retrieve events Write-Host ("Retrieving Security events from {0}..." -f $domaincontroller) -ForegroundColor Green foreach ($eventids in ` $filteruseraccountmanagement, ` $filtercomputeraccountmanagement, ` $filtersecuritygroupmanagement, ` $filterdistributiongroupmanagement, ` $filterapplicationgroupmanagement, ` $filterotheraccountmanagement ) { $events = Get-WinEvent -FilterHashtable $eventids -ComputerName $domaincontroller -ErrorAction SilentlyContinue foreach ($event in $events) { Write-Host ("- Found EventID {0} on {1} and adding to list..." -f $event.id, $event.TimeCreated) -ForegroundColor Green $eventfound = [PSCustomObject]@{ DomainController = $domaincontroller Timestamp = $event.TimeCreated LevelDisplayName = $event.LevelDisplayName EventId = $event.Id Message = $event.message -replace '\s+', " " } $collection += $eventfound } } if ($null -ne $collection) { $filenametimestamp = Get-Date -Format 'dd-MM-yyyy-HHmm' Write-Host ("- Saving the {0} events found to {1}..." -f $collection.count, "$($outputfolder)\events_$($filenametimestamp).csv") -ForegroundColor Green $collection | Sort-Object TimeStamp, DomainController, EventId | Export-Csv -Delimiter ';' -NoTypeInformation -Path "$($outputfolder)\events_$($filenametimestamp).csv" if ($to_emailaddress) { $emailoptions = @{ Attachments = "$($outputfolder)\events_$($filenametimestamp).csv" Body = "See Attached CSV file" ErrorAction = "Stop" From = $from_emailaddress Priority = "High" SmtpServer = $smtpserver Subject = "Security event found" To = $to_emailaddress } Write-Host ("- Emailing the {0} events found to {1}..." -f $collection.count, $to_emailaddress) -ForegroundColor Green try { Send-MailMessage @emailoptions } catch { Write-Warning ("Unable to email results, please check the email settings...") } } } }
