FatDex

PowerShell – Adding Proxy Addresses by CSV

by Dexter on September 30, 2020 at 10:22

Posted In: IT Blog

This is going to be a little different. As per usual, we need to follow our regular set of steps when dealing with a large amount of data that needs validation.

Export list of users into CSV format
Add new values into CSV
Import CSV list with values

Export list of users into CSV format

get-aduser -filter * -properties samaccountname | select samaccountname,mail | Export-Csv "C:\Users_add_proxy_addresses.csv"

2. Edit the CSV with the proxy email addresses you want. The format you need is the accountname (samaccountname), and proxyaddresses (SMTP:proxyemail@email.com). Like so below:

samaccountname	proxyaddresses
rick.sanchez	SMTP:rick.sanchez@newproxyaddress.com
rick.richardson	SMTP:rick.richardson@newproxyaddress.com
Codie.Youthead	SMTP:Codie.Youthead@newproxyaddress.com

You NEED that “SMTP:” portion in front, otherwise it won’t take.

3. Import the .CSV file with some code:

Import-module ActiveDirectory

$Imported_csv = Import-Csv -Path "C:\Users_add_proxy_addresses.csv"
foreach ($user in $Imported_csv)
{
    $User.samaccountname
    $User.proxyaddresses
    Set-ADUser -Identity $User.samaccountname -Add @{proxyAddresses= $User.proxyaddresses}
}
$total = ($Imported_csv).count
$total
write-host "AD accounts added with proxy addresses..."

Or , if you want to add a certain SMTP extension use this code from a SAMaccountname CSV file for all users:

$Imported_csv = Import-Csv -Path "C:\Users_add_proxy_addresses.csv"
foreach ($user in $Imported_csv)
{
    $User.samaccountname
    Set-ADUser -Identity $User.samaccountname -Add @{proxyAddresses= "SMTP:" + $User.samaccountname + "@newproxyaddress.com"}
}
$total = ($Imported_csv).count
$total
write-host "AD accounts added with proxy addresses..."

Make sure to check your work:
Get-ADUser -Filter * -Properties SamAccountname, proxyAddresses | where proxyAddresses -ne $null | select-object samaccountname,proxyaddresses | out-gridview

The above only shows ONE proxy address at a time. Since the attribute proxy-address can actually store more than one value, it’s an array.

Showing the results

The Get-ADUser cmdlet does the job nicely. Although, it’s not quite as neat as I would like:

get-aduser -filter * -properties samaccountname, proxyaddresses | Select-object samAccountName, proxyaddresses | Out-GridView

A sample output below shows the results of the proxyaddress attributes. Notice how all the different proxies are put together in the same column.

This is OK, and does require some finer tweaking with a CSV editor. However, there’s got to be a way to display each proxy address independently in their own column.

I did a little searching and I found this from the devblogs microsoft guys:

Get-ADUser -Filter * -Properties proxyaddresses | select samaccountname, @{L='ProxyAddress_1'; E={$_.proxyaddresses[0]}}, @{L=’ProxyAddress_2';E={$_.ProxyAddresses[1]}} | out-gridview

This lists out the proxy addresses by column with some help from the select statement above.

└ Tags: Active Directory, CSV, Get-ADUser, how-to, Microsoft, PowerShell, Proxy Address

1 Comment

PowerShell – Changing Departments for Multiple AD Users

by Dexter on September 25, 2020 at 16:18

Posted In: IT Blog

Hostile takeover? All employees of a department being reassigned? We won’t go into ‘how to disable way lots of employees because your upper management said ‘because we told you”. So, we’ll go into changing departments for the entire company.

There’s a few different ways to do this:

Exporting to CSV, making absolutely sure who’s in the list.
Or just changing everyone in one department, and replacing it with an entirely different department name.

Typically, you want option 1. This is fact checking, validation, all that stuff.

In that scenario you follow the same sort of methodolgy:

-Export all users that meet the criteria (in this case, everyone of a certain department) into a CSV file

-Take CSV file, inject into powershell and set new value

There is also a ‘once and done’ approach. Where you can simply replace the values in one string. I don’t suggest this for production environments, namely because there’s always a margin for error.

The ‘typical’ option

Export all users that fit a filter into a CSV file. In this example, I’m looking for all AD users with Department ‘Support’. Exporting to a CSV file. Export something unique, like the samAccountName.

Get-ADUser -Filter 'Department -like "Support"' -Properties * | select samaccountname | Export-CSV "C:\Path_to_csv\department_users.csv"

With this exported file “department_users.csv”, we use another piece of code to pick up the CSV file, run a for-loop to go through each user in that CSV file and update their department.

Import-Module Active Directory

$Set_Department = Import-Csv "C:\Path_to_csv\department_users.csv"  #Store CSV file into $Set_Department variable
$Department = "Operations Support" #New Department

foreach ($User in $Set_Department) {
    #For each name or account in the CSV file $Resetpassword, reset the password with the Set-ADAccountPassword string below
   $User.sAMAccountName

        Set-ADUser -Identity $User.sAMAccountName -Department $Department
        write-output $User
}
 Write-Host " Departments changed "
 $total = ($Set_Department).count
 $total
 Write-Host "AD User Departments have been updated..."

Just make sure your end CSV file has a format of only the SamAccountname (like below).

sAMAccountName

Zuzana.Burris

Zandra.Caig

The ‘Once-and-Done’ Option

Again, I don’t suggest this unless you feel absolutely comfortable with the results. If, however you’re in a hurry and need to change all attributes to the new updated attribute, this is the line of code for you.

Get-ADUser -Filter 'Department -like "Old Department Name"' | Set-ADUser -replace @{department="New Department Name"}

As always, you can retrofit this code to suit your needs.

You could also change other AD attributes with this sort of syntax as well, just be sure to change your code, and TEST first.

Showing the Results

Let’s see which AD Accounts by SamAccountName, Department and Title have a specific title. We’ll say anything with a title of “Support”.

Get-ADUser -Filter 'Department -like "*Support*"' -Properties * | select samaccountname, department, title | out-gridview

Or you could search for all users that do NOT have a department specified

Get-ADUser -Filter * -Properties * | select samaccountname, Department,title | where department -eq $Null

└ Tags: Active Directory, CSV, Get-ADUser, how-to, Microsoft, PowerShell

Comment

PowerShell – Change passwords on multiple AD accounts

by Dexter on September 25, 2020 at 10:59

Posted In: IT Blog

If you’re like me, you built a new AD for testing. And if you’re also like me, you imported a whole bunch of users into your AD. Some of those users likely had passwords that didn’t quite meet the domain criteria. If that happened, that means those users are disabled.

In past posts, I wrote about moving users into a different OU. Now, we’re going to change passwords for these users so we can enable them later.

For this, you’ll need a CSV in this format below. I took some liberties and retrieved a large amount of random passwords from manytools.org. There are many websites that can do this, I just like the format that manytools provided. I just pasted the passwords into the second column, the first column being the sAMAccountname of the user.

sAMAccountName	Password
Zuzana.Burris	gz9DndwkBh8s
Zandra.Caig	9eC3bcJ2SzA5

PowerShell code:

Import-Module Active Directory
$Resetpassword = Import-Csv "C:\path_to_username_password_file.csv"
 #Store CSV file into $Resetpassword variable

foreach ($User in $Resetpassword) {
    #For each name or account in the CSV file $Resetpassword, reset the password with the Set-ADAccountPassword string below
    $User.sAMAccountName
    $User.Password
        Set-ADAccountPassword -Identity $User.sAMAccountName -Reset -NewPassword (ConvertTo-SecureString $User.Password -AsPlainText -force)
}
 Write-Host " Passwords changed "
 $total = ($Resetpassword).count
 $total
 Write-Host "Accounts passwords have been reset..."

Showing the Results

Once we’ve set the passwords, we need a way of knowing when or if the passwords were last set for a user. Referring back to the Get-ADuser cmdlet, we can look at the -passwordlastset property.

Get-ADUser -filter * -properties passwordlastset | sort-object samaccountname | select-object samaccountname, passwordlastset, passwordneverexpires | Out-GridView

└ Tags: Active Directory, CSV, Get-ADUser, how-to, Microsoft, PowerShell, Scripting

Comment

PowerShell – Move AD users via CSV file

by Dexter on September 25, 2020 at 10:26

Posted In: IT Blog

This is part of my ‘Finding all Disabled users in AD’ from an earlier post. The backstory is, I used some powershell to import about 1100 dummy users into a newly created AD.

Out of 1100 users, 300+ became disabled due to non-compliant passwords (too short, didn’t meet requirements). My end goal was to have all disabled users re-enabled, which meant I had to give them all proper passwords. In the meantime, I decided to create this script to move all disabled users into a separate OU.

The steps for this script are pretty simple:

1. Create a list of all the disabled users (done in last post)
2. Export list of disabled users, taking all the unique values (samAccountName) into .CSV Format (done in last post)
3. Retrieving the list with powershell, and moving all the users in the CSV list into another AD OU container

This does of course require a list of users in CSV format, just SamAccountName since each user has as unique value.

like so:

SamAccountName

“Codie.Youthead”

“Bellina.Kobierski”

“Melitta.Marcum”

“Marietta.Caverhill”

Sample CSV file contents

Now the code:

import-module ActiveDirectory
#Store CSV into $Movelist variable
$MoveList = Import-Csv -Path "C:\Path_AD_users_to_move.csv"

#Specify target OU to move users in that CSV file
$TargetOU = "OU=Disabled-Users,OU=contoso,DC=contonso,DC=org"

#Import the data from CSV file and assign it to variable 
$Imported_csv = Import-Csv -Path "C:\C:\Path_AD_users_to_move.csv"

$Imported_csv | ForEach-Object {
     # Retrieve Distinguised Name of Users
     $UserDN  = (Get-ADUser -Identity $_.SamAccountName).distinguishedName
     Write-Host " Moving Accounts ..... "
     # Move user to target OU.
     Move-ADObject  -Identity $UserDN -TargetPath $TargetOU #-Whatif
     
 }
 Write-Host " Completed move " 
 $total = ($MoveList).count
 $total
 Write-Host "Accounts have been moved successfully..."

Showing the Results

Typically, Get-ADUser relies on the -DistinguishedName Property. Which really is quite long, and not entirely human readable. Sample code which works, but not in a very pretty manner:


Get-ADUser -Filter * -Properties * | select samaccountname,DistinguishedName|sort-object -descending DistinguishedName

Not really the best use of screen real estate

The distinguishename property by itself is a string, separated by a comma “,”. Which means, we can actually split the contents by still using one line of code within powershell. Like so:


Get-ADUser -filter * -Properties samaccountname,distinguishedname | select samaccountname, @{l='OU';e={$_.DistinguishedName.split(',')[1].split('=')[1]}}

Results show like so:

I can’t seem to get the sort-object code to sort by distinguishedname. If someone out there knows how, I’d be happy to include it in here.

Comment

PowerShell – Finding all Disabled users in AD

by Dexter on September 24, 2020 at 22:53

Posted In: IT Blog

Need to find all the disabled users in your AD? it’s odd that the built in AD Tools do not have this option. PowerShell to the rescue!

All these commands are documented in the Microsoft Get-ADUser cmdlet. I’ve added some additional types of output with out-gridview and CSV.

Finds all the disabled users in AD.

Get-ADUser -Filter {Enabled -eq $false}

Finds all and outputs to a gridview for editing (but you need excel)

Get-ADUser -Filter {Enabled -eq $false} | Out-GridView

Finds all disabled users and outputs to a CSV file. This exports ALL the readily available attributes.

Get-ADUser -Filter {Enabled -eq $false} | export-csv "C:\users\Administrator\Desktop\disabled_ADusers.csv"

Finds all the disabled users by specific property and selects the objects and outputs them

Get-ADUser -Filter {Enabled -eq $false} -properties SamAccountName,mail | Select-Object SamAccountName,mail | Out-GridView

Finds all the disabled users, looks a properties that aren’t readily available like email, export to a CSV file

For some reason, you can’t search by mail address outright or have it display, you have to select it, then show it with that select-object command

Get-ADUser -Filter {Enabled -eq $False} -Properties SamAccountName,mail | Select-object SamAccountName,mail| export-csv "C:\Path_to_CSV.csv"

Or you can use variables to clean up the code:

$SamAcc = "SamAccountName"
$Desc = "Description"
$mail = "mail"
$title = "title"
$CSVpath = "C:\Path_to_CSV.csv"

Get-ADUser -Filter {Enabled -eq $False} -Properties $SamAcc,$mail | Select-object $SamAcc,$mail| export-csv $CSVpath

└ Tags: Active Directory, CSV, Get-ADUser, how-to, Microsoft, PowerShell, Scripting

Comment

Page 2 of 20
«
1
2
3
4
5
»
Last »