Windows Powershell

From Ever changing code
Jump to navigation Jump to search

Generals

Untitled.ps1 - when working in ISEv2 or v4 in a script edit section, you can select code and press F8 to execute it
$_ - substitute a singular record in array
-eq, -or -and - dash means operator

Modules

Load ActiveDirectory module to have access to AD, pre-requirement to execute most commands below 

Import-Module -Name ActiveDirectory

Extract from Active Directory

get-aduser -Filter {Samaccountname -eq "Smith"} -properties Organization
get-aduser -Filter {(Givenname -eq "Smithy") -and (Surname -eq "Smith")}

Build array $users with all Samaccountname(loginnames) with additional properties: Name, Description 

$users = get-aduser -Filter {Samaccountname -like "*"} -properties Name, Description

Return array object count 

$users.count

Search array $users where $_ each object in array field samaccountname has a given string 

$users | Where-Object {$_.samaccountname -eq "string_to_compare"}

Build array of enabled and disabled accounts in AD where field Enabled equal $true ($true boolean is 1 $false is 0) 

$enabledusers = $users | Where-Object {$_.Enabled -eq $true}
$disabledusers = $users | Where-Object {$_.Enabled -eq $false}

Filter array $disabledusers returning only Samaccountname, GivenName, Surname and display (ft = Format-table) 

$disabledusers | Select-Object Samaccountname, GivenName, Surname | ft -AutoSize

Build create new array from filter of $users array if name or description contains a string 

$aausers = $users | Where-Object {( $_.Name -like "*aa*") -or ($_.Description -like "*bb*")}
$aausers | Select-Object Samaccountname, GivenName, Surname, Enabled | Sort-Object Enabled | ft -AutoSize

Print a table with records matching $aauser if another AD account has the same name and surname 

foreach ($aauser in $aausers)
{
 $realuser = [array](get-aduser -Filter {((Givenname -eq $aauser.Givenname) -and (Surname -eq $aauser.Surname))}) 
 write-host $aauser.samaccountname "|" $aauser.name "|"  $aauser.enabled "|"$realuser[0].SamAccountname "|"$realuser[0].GivenName"|"  $realuser[0].Surname"|" $realuser[0].Enabled
}

Build array with GivenName, Surname that match filter of: Enabled field is false (disabled account) 

$temp = Get-ADUser -Properties GivenName, Surname -filter {Enabled -eq $false}

Export the array to CSV file 

$temp | Export-Csv temp.csv

Create users from csv

Csv file BulkAddADUsers.csv 

Name,GivenName,Surname,SamAccountName,UserPrincipalName,EmailAddress,AccountEnabled,AccountPassword,PasswordNeverExpires,Path
Full Name,Firstname,Surname,fsurname,fsurname@example.com,fsurname@example.com,$true,PassWord123,$true,"OU=Users,OU=Testing ,OU=USA,DC=corp-example,DC=io"

BulkAddADUsers.ps1 

# CSV headline: Name,GivenName,Surname,SamAccountName,UserPrincipalName,EmailAddress,Enabled,AccountPassword,PasswordNeverExpires,Path
# Script            - CSV headline
# Name              - first+last name
# GivenName         - first name
# Surname           - last name
# SamAccountName    - username
# UserPrincipalName - it is user-logon-name, where you need to choose domain, eg. test@example.com or @corp-example.io
# Path - object location, use get-aduser <SamAccountName>

Import-Csv .\BulkAddADUsers.csv | % { `
New-ADUser -Name $_.Name -GivenName $_.GivenName -Surname $_.Surname -SamAccountName $_.SamAccountName `
-UserPrincipalName $_.UserPrincipalName -EmailAddress $_.EmailAddress `
-Enabled $true -AccountPassword (ConvertTo-SecureString $_.AccountPassword -AsPlainText -force) `
-PasswordNeverExpires $true -Path $_.Path }

#errors
#-Enabled cannot read $true value from CSV therefore it has been hard coded

Get membership of a user

Get-ADPrincipalGroupMembership username| select name

References

Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Windows_Powershell&oldid=2210