active directory (ad)

13 Topics

Site to Zone Assignment List - Powershell
I need to replicate the steps of adding a list of URLs to the Site to Zone Assignment List of a GPO. Is there a way to edit that GPO via PowerShell, enable Site to Zone Assignment List, and pass the list of URLs to it? - Open the Group Policy Management Editor. Go to User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page. Select the Site to Zone Assignment List. Select Enabled and click Show to edit the list. The zone values are as follows: 1 — intranet, 2 — trusted sites, 3 — internet zone, 4 — restricted sites. Click OK. Click Apply and OK.
Solved
KvotheRCD
Mar 13, 2024 Place Windows PowerShell
20KViews
0likes
1Comment
Get users from CSV, foreach user, get country, name, etc., then Export
Hi! I have a problem with PS query. I have a CSV file with +1000 userprincipalname. Id like to export that UPN and for each user get info like userprincipalname, title, country, department, enabled, then export to excel. My example queries: $csv = gc "C:\New folder\Users.csv" $Users=@() $csv | Foreach{ $elements=$_ -split(";") $Users+= ,@($elements[0]) } ForEach ($User in $Users) { Get-ADUser -filter "userPrincipalName -eq '$User'" -Properties * | Select-Object userprincipalname, title, country, department, enabled } OR $Users = Get-contect -path "C:\New folder\Users.csv" ForEach ($User in $Users) { Get-ADUser -filter "userPrincipalName -eq '$User'" -Properties * | Select-Object userprincipalname, title, country, department, enabled } OR $Users = Get-contect -path "C:\New folder\Users.csv" ForEach ($User in $Users) { Get-ADUser -filter $User -Properties * | Select-Object userprincipalname, title, country, department, enabled } My excel has UPN only, like: mailto:email address removed for privacy reasons mailto:email address removed for privacy reasons etc. No headers. Someone will help? 😞
SS9911
Sep 07, 2023 Place Windows PowerShell
7.8KViews
0likes
2Comments
How to fetch / filter users from AD faster using Get-ADUser command.
Recently I saw few scripts which are fetching users from AD like below mentioned. Get-ADUser -LDAPFilter "(whenCreated>=$date)" or Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False -and PasswordLastSet -gt 0} or Get-ADUser -Filter 'Enabled -eq $True' But using like above is taking quite a lot of time or sometimes giving Timeout error. is there any way can make this faster? Will using -LDAPFilter instead of -Filter make it faster? Error Message: The operation returned because the timeout limit was exceeded.
Solved
Imadnazim
May 21, 2024 Place Windows PowerShell
5.5KViews
0likes
2Comments
List off all AD groups that have between 1 and 3 users
I am looking for help with listing off all AD Groups that have between 1 and 3 members.
sparkislife
Apr 21, 2022 Place Windows PowerShell
4.6KViews
0likes
14Comments
Blogpost - Report on changed Active Directory groups using PowerShell
Wrote a blog post on how to monitor Active Directory admin groups and how to log/report changes on them. The script below monitors the groups you specify and emails them to an admin address if there are changes. (More details here https://powershellisfun.com/2022/07/13/report-on-changed-active-directory-groups-using-powershell/ ) #Set Logs folder $logs = 'c:\scripts\logs' #Create Logs folder it it doesn't exist if (-not (Test-Path -Path $logs -PathType Any)) { New-Item -Path $logs -ItemType Directory | Out-Null } #Start Transcript logging to $logs\run.log Start-Transcript -Path "$($logs)\run.log" -Append #Configure groups to monitor $admingroups = @( "Account Operators", "Administrators", "Backup Operators", "Domain Admins", "DNSAdmins", "Enterprise Admins", "Group Policy Creator Owners", "Schema Admins", "Server Operators" ) #rename previous currentmembers.csv to previousmembers.csv and rename the old #previousmembers.csv to one with a time-stamp for archiving if (Test-Path -Path "$($logs)\previousmembers.csv" -ErrorAction SilentlyContinue) { #Set date format variable $date = Get-Date -Format 'dd-MM-yyyy-HHMM' Write-Host ("- Renaming previousmembers.csv to {0}_previousmembers.csv" -f $date) -ForegroundColor Green Move-Item -Path "$($logs)\previousmembers.csv" -Destination "$($logs)\$($date)_previousmembers.csv" -Confirm:$false -Force:$true } if (Test-Path -Path "$($logs)\currentmembers.csv" -ErrorAction SilentlyContinue) { Write-Host ("- Renaming currentmembers.csv to previousmembers.csv") -ForegroundColor Green Move-Item -Path "$($logs)\currentmembers.csv" -Destination "$($logs)\previousmembers.csv" -Confirm:$false -Force:$true } #Retrieve all direct members of the admingroups, #store them in the members variable and output #them to currentmembers.csv $members = foreach ($admingroup in $admingroups) { Write-Host ("- Checking {0}" -f $admingroup) -ForegroundColor Green try { $admingroupmembers = Get-ADGroupMember -Identity $admingroup -Recursive -ErrorAction Stop | Sort-Object SamAccountName } catch { Write-Warning ("Members of {0} can't be retrieved, skipping..." -f $admingroup) $admingroupmembers = $null } if ($null -ne $admingroupmembers) { foreach ($admingroupmember in $admingroupmembers) { Write-Host (" - Adding {0} to list" -f $admingroupmember.SamAccountName) -ForegroundColor Green [PSCustomObject]@{ Group = $admingroup Member = $admingroupmember.SamAccountName } } } } #Save found members to currentmembers.csv and create previousmembers.csv if not present (First Run) Write-Host ("- Exporting results to currentmembers.csv") -ForegroundColor Green $members | export-csv -Path "$($logs)\currentmembers.csv" -NoTypeInformation -Encoding UTF8 -Delimiter ';' if (-not (Test-Path "$($logs)\previousmembers.csv")) { $members | export-csv -Path "$($logs)\previousmembers.csv" -NoTypeInformation -Encoding UTF8 -Delimiter ';' } #Compare currentmembers.csv to the #previousmembers.csv $CurrentMembers = Import-Csv -Path "$($logs)\currentmembers.csv" -Delimiter ';' $PreviousMembers = Import-Csv -Path "$($logs)\previousmembers.csv" -Delimiter ';' Write-Host ("- Comparing current members to the previous members") -ForegroundColor Green $compare = Compare-Object -ReferenceObject $PreviousMembers -DifferenceObject $CurrentMembers -Property Group, Member if ($null -ne $compare) { $differencetotal = foreach ($change in $compare) { if ($change.SideIndicator -match ">") { $action = 'Added' } if ($change.SideIndicator -match "<") { $action = 'Removed' } [PSCustomObject]@{ Date = $date Group = $change.Group Action = $action Member = $change.Member } } #Save output to file $differencetotal | Sort-Object group | Out-File "$($logs)\$($date)_changes.txt" #Send email with changes to admin email address Write-Host ("- Emailing detected changes") -ForegroundColor Green $body = Get-Content "$($logs)\$($date)_changes.txt" | Out-String $options = @{ Body = $body Erroraction = 'Stop' From = 'email address removed for privacy reasons' Priority = 'High' Subject = "Admin group change detected" SmtpServer = 'emailserver.domain.local' To = 'email address removed for privacy reasons' } try { Send-MailMessage @options } catch { Write-Warning ("- Error sending email, please check the email options") } } else { Write-Host ("No changes detected") -ForegroundColor Green } Stop-Transcript
Harm_Veenstra
Jul 14, 2022 Place Windows PowerShell
3.6KViews
1like
2Comments
Export AD manager name
Hi all, I'm not advanced with PowerShell and won't admit to being, but wondered if someone may be able to help me with this one ? This is to work with AD on-prem, not AAD I've got the below script which works perfectly at the moment, but i'm looking to take this a step further, which is that instead of displaying the Manager along with the OU detail, i'd like this to display only the Manager display name, whilst also exporting the other information as in the script as required. Any help would be greatly appreciated. Get-ADGroup "UK-Admin-Users" -Properties Member | Select-Object -ExpandProperty Member | Get-ADUser -Properties * | select name, enabled, samAccountName, CanonicalName, manager | Export-CSV C:\Temp\PS\Output\Usersdetail.csv
Solved
shadowwebs
Mar 18, 2024 Place Windows PowerShell
2.8KViews
0likes
1Comment
Need help importing user data from csv
I need to fill in the Manager Attribute for employee accounts using a CSV export from HR. I have the added bonus of the fact that SamAccountNames do not follow a consistent naming convention. So I need to use the EmployeeID attribute for finding accounts. Here is an example of the CSV. "LAST_NAME","FIRST_NAME","EmployeeID","SupervisorID" "Doe","John","12345","13324" "Jane","Laura","13456","3455" "Mclane","John","12351","11331" In this case, John Doe's Manager has an EmployeeID of 13324. So I need to search AD for a User object with the EmployeeID attribute of 13324. Then I need to pull the DistinguishedName attribute from that User Object, for example "CN=LSkywalker,OU=Department,DC=contoso,DC=com" Then I'd have to copy that data into the Manager attribute of John Doe's account. I've been trying to outline the script and so far this is what I have. Variables $User $SupervisorID $EmployeeID $DistinguishedName For each $User in CSV find $EmployeeID and $SupervisorID Search AD for Supervisor Account where EmployeeID attribute = $SupervisorID Pull $DistinguishedName Attribute value from Supervisor's account Input $DistinguishedName value into original $EmployeeID's Manager Attribute Proceed to next line of CSV and repeat Hopefully I've explained the situation well and someone can help me flesh this out more, any help would be greatly appreciated, thank you.
Solved
Baron164
Jun 24, 2022 Place Windows PowerShell
2.5KViews
0likes
8Comments
Getting users and group
Hello everyone, Hopefully you are find when you read this. I have pull out all my users with their groups in a CVS file, so I'm aware to approach this the command Get-ADGroupMember is the one for that but even I have read some articles about it, I haven't be able to get the info. Do you mind give me a hand with that and explaining how to do it? Thank you in advance,
Solved
ADumith
Jan 24, 2023 Place Windows PowerShell
1.8KViews
0likes
7Comments
Assigning groups to AD user.
Hello everyone, I have the following situation: In my work we are always hiring people and depending on their position they may be assigned to different groups. So the process of creating users and assigning them to groups has become a nightmare because my team always gets it wrong, so I either have to add or remove a group. So it occurred to me to create a kind of template to make sure that when they create a user for a specific area they put the groups that corresponds, however still have been wrong, so it occurred to me that it might be possible to create that template in files and through a PowerShell script assign the groups to the user, is that possible? Thank you in advance,
ADumith
Feb 09, 2023 Place Windows PowerShell
1.1KViews
0likes
2Comments
Help with PS script for computers in AD onprem
Hi guys, I want to automate a task by adding new computers to the domain. By default, they appear in Computers OU and we have different OUs per office and computers. My idea is a script to run every 20 min as scheduled tasks which will check for new computers in the computers OU and then move computers to specific OU based on the name of the PC. For example, when a computer name begins with BN1-N- then it will be moved to Notebooks OU in BN1 OU, when computer name begins with KN1-W- then it will be moved to Workstations OU in KN1 OU and so on. All solutions were related to Identity with specific computer name. Is it possible to be done? Thanks
Borislav_Vit
Jul 27, 2023 Place Windows PowerShell
700Views
0likes
2Comments