I've created a script that lists all users in a OU that are NOT a member of a certain group. This saves the results into a text file. I thought this was working fine until I took a username from the text file and searched it in Active Directory. Turned out the user was a member of the group I was trying to filter out. Here is the code -
Get-ADUser -SearchBase "OU=Users 2004,OU=Cyngor,DC=gwynedd,DC=rhwydwaith" -Filter {( memberof -ne "CN=CTX AppSense,OU=Rheoli,OU=Grwpiau,OU=TC Enviroment,DC=gwynedd,DC=rhwydwaith")} -Properties Name | select Name | Export-CSV "C:\Users.txt"
I can't figure out why this isn't working correctly. Any suggestions out there?
Thanks.
memberOf is a multi-valued attribute, i.e. a list of distinguished names. Use the -notcontains operator to check if does not contain a particular distinguished name:
$ou = 'OU=Users 2004,OU=Cyngor,DC=gwynedd,DC=rhwydwaith'
$dn = 'CN=CTX AppSense,OU=Rheoli,OU=Grwpiau,OU=TC Enviroment,DC=gwynedd,DC=rhwydwaith'
Get-ADUser -Filter * -SearchBase $ou -Properties Name, MemberOf |
? { $_.MemberOf -notcontains $dn } |
select Name |
Export-Csv 'C:\Users.txt' -NoType
Note that a user's primary group is not listed in the memberOf attribute. If the code should also handle primary groups you need to add a check for that:
$ou = 'OU=Users 2004,OU=Cyngor,DC=gwynedd,DC=rhwydwaith'
$dn = 'CN=CTX AppSense,OU=Rheoli,OU=Grwpiau,OU=TC Enviroment,DC=gwynedd,DC=rhwydwaith'
Get-ADUser -Filter * -SearchBase $ou -Properties Name, MemberOf |
? { $_.MemberOf -notcontains $dn -and $_.PrimaryGroup -ne $dn } |
select Name |
Export-Csv 'C:\Users.txt' -NoType
Related
I am fairly new to Powershell and have run into a bit of a pickle.
I am trying to scrape a SQL script in txt file format. My goal is to check if every created (volatile) table is also dropped in the same file. And if not, output the name of the table which is not dropped in the SQL script.
On top of that I would like check if the "drop" of the table is AFTER "create volatile table" and not BEFORE, because that would be wrong syntax. Do you think it's somehow possible?
I tried to do it by extracting lines of codes where is the create table string, then using regex to get name(string) of the table and saving it to variable. I did the same with the "drop table...". Now I am trying to compared those two (string) variables by converting them to list, object or whatever. I feel like I am in dead end.
$vtMatch = Get-ChildItem "$packagepath\Scripts\" -Recurse | Select-String -Pattern "create multiset volatile table VT_","create multiset volatile table vt_"
$vtMatch = $vtMatch.line
$vt = $vtMatch | Select-String 'vt_(.*?)(?=,)' -AllMatches | Select-Object -Expand matches | ForEach-Object {$_.value}
$dropMatch = Get-ChildItem "$packagepath\Scripts\" -Recurse | Select-String -Pattern "drop table VT_","drop table vt_"
$dropMatch = $dropMatch.line
$drop = $dropMatch | Select-String 'vt_(.*?)(?=;)' -AllMatches | Select-Object -Expand matches | ForEach-Object {$_.value}
$missing = Compare-Object -ReferenceObject $vt -DifferenceObject $drop -Property item
$missing
The variable $vt contains these strings:
vt_R_transaction_Dm
vt_h_bank_account
vt_DD_Agreement_Detail_1
vt_DD_Agreement_Detail_2
vt_DM_Agreement_Detail_Prebase
vt_DM_Agreement_Detail_RWA
vt_DM_Agreement_Detail_1
vt_posted_transaction
vt_DM_Corp_Objective_Specific_MAT
vt_DM_Party_Detail
And variable $drop contains these strings:
vt_DD_Agreement_Detail_1
vt_DD_Agreement_Detail_2
vt_DM_Agreement_Detail_Prebase
vt_DM_Agreement_Detail_RWA
vt_DM_Agreement_Detail_1
vt_DM_Corp_Objective_Specific_MAT
vt_posted_transaction
vt_DM_Party_Detail
Is there any way to combine these two scripts and output them in one csv file?
$Users = Get-ADUser -filter * -Properties Manager
$Users | Select Name,#{label="Manager";expression={(Get-ADUser $_.Manager -Properties DisplayName).DisplayName}}
Get-ADUser -Filter * -Properties * | Select-Object GivenName, Surname, mail, Description, co, City, Department, Company |export-csv -path c:\userexport.csv
In the latter script I wanted to add "Manager" as Select-Object but it returns with fulle ldap name, which I cant use later on to import on another system. I need to get manager displayname instead
In azure pipeline I have to give $env = prd in small letters as its being used by many othe tasks. But actual resoucrce group names look like rg-e2-PRD-703. SO I have given below commands but its not giving me output
## $env =prd is given in pipeline
$environment = "$(env)".ToUpper()
write-host $environment ## its printing PRD as expected
$getNIClist = Get-AzNetworkInterface | Where-Object {$_.ResourceGroupName -clike 'rg-*-$environment-*' | Select-Object
You can use the command as below:
$aa = 'rg-*-' + $environment + '-*'
$getNIClist = Get-AzNetworkInterface | Where-Object {$_.ResourceGroupName -clike $aa} | Select-Object
or you can also change the ' to ":
$getNIClist = Get-AzNetworkInterface | Where-Object {$_.ResourceGroupName -clike "rg-*-$environment-*"} | Select-Object
because escape will not be done in single quotes
Hope it helps~
There are about 20 OU in AD. 6 of the OU has space in it. for example, "Department Heads", "Operation Managers". The following works all 15 OU where there are no space but doesn't work when there is a space in the OU description.
Any idea. I tried putting the string into "" but nothing helps.
$LdapServer = "FLEX01AD.COLGATE.FILA"
$SearchBase = "OU=Department Heads,DC=COLGATE,DC=FILA"
$LDAPResult = Get-ADUser -SearchBase $searchbase -SearchScope 'subtree' -Server $ldapserver -filter "employeeID="U99YBTTXR" -Properties * | Select -Property userAccountControl, whenChanged
Actually, spaces in the OU is not the issue. I found the solution here
https://community.spiceworks.com/topic/2054880-powershell-count-unique-users-in-group-and-nested-group
this code worked for me
$LDAPResultCount = ($LDAPResult.userAccountControl | select -Unique).count
I was trying to filter the dataset that i got from SQL server database. Here is the scenario...
I'm getting servername,dbname columns from one of the database servers and returning the result set as return ,$dataSet.Tables[0]. I'm getting the results correctly in a table format.
But now i got all the server names to a variable from this dataset as below,
$servers=$dataSet_1.servername | select -unique
Now, i'm trying to loop through each server and get the database list associated to each server as follows, but looks like this is not a right approach as it is getting me all the severs and their database names is every iteration
foreach($server IN $servers)
{
write-host $server
$dataSet_1 | Where-Object {$dataSet_1.servername -eq $server} | select $_.dbname
}
Could someone help me the right approach are a way to do this.
Sample output: (Basically it should iterate each server and display its databasename)
ServerA
dbname
database1
database2
database3
....
ServerB
dbname
database1
database8
database10
....
ServerC
...
Thanks,
"$dataSet_1 | where {$_.servername -eq $server} " is still returning the System.Data.DataTable type.
Does this return the desired output?
$dataSet_1 | where {$_.servername -eq $server} | %{$_.dbname}
Maybe this:
$servers=$dataSet_1.servername | Select-Object -Unique
$filteredSet = $dataSet_1 | Where-Object { $servers -contains $_.servername }
$filteredSet