I could manage to retrieve user accounts from DC with their time related parameters like lastlogon, whencreated etc and I could manage to change lastLogon parameter to my prefer (dd.MM.yyyy). But I couldn't make the same conversion to "whenCreated" and "PasswordLastSet" dates.
Get-Aduser -Filter * -Properties *|Select name,SamAccountName,PasswordExpired,description,whenCreated,PasswordLastSet,Enabled,DistinguishedName,DisplayName,GivenName,SurName, #{N='LastLogon'; E={[DateTime]::FromFileTime($_.LastLogon).ToString('dd.MM.yyyy')}} |export-csv C:\result.csv
I need your help on this issue. How can I modify the 3 dates format into my preferrings at the same time.
Thanks..
#{N='whenCreated'; E={$_.whenCreated.ToString('dd.MM.yyyy')}}, #{N='PasswordLastSet'; E={$_.PasswordLastSet.ToString('dd.MM.yyyy')}}
Without 'FromFileTime'.
Related
What is in powershell the difference between Add-ADGroupMember and Add-ADPrincipalGroupMembership?
According to this Website:
You can only pass group objects to this cmdlet (Add-ADGroupMember) through the pipeline. To pass user objects through the pipeline, use Add-ADPrincipalGroupMembership
Is there more to think of?
Thanks to #Olaf, here is the answer:
Add-ADGroupMember
you can add one or more members to one group
Add-ADPrincipalGroupMembership
you can add one member to one or more groups
If anyone is looking for a command to copy a security groups member of properties instead of members themselves then here is the command:
Get-ADGroup -Identity "Old Group memberships to Clone" -Properties memberof -Verbose | select-object -Expandproperty memberof -Verbose | Add-ADGroupMember -Member "New Group that needs Old Group properties"
In this case we have nested groups for a file server based on specific access to folders for users in certain groups based on their occupation.
So if a certain security group is part of multiple other groups and needs to be cloned/copied then this command comes handy.
Didn't find any specifics for what I was looking for so this is the method I came up with.
I am trying to create a module for our support team which will contain some tools we use on daily basis but we used CMD until now.
One of the commands we use is net user $username /domain in order to check if the user's password has expired and all the other useful details the command output.
I tried to put that command in a function like this:
function Get-UserDetails {
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[string]$UserName
)
net user $UserName /domain
}
The function works fine but I want to filter the output for a few details only.
The problem is that net user is not a PowerShell cmdlet and it has no properties so I cant select any of it.
So my questions is:
Do you know a better way to get all that data in one command? because the Get-ADUser outputs less data then net user.
You can use Get-ADUser and pick the msDS-UserPasswordExpiryTimeComputed property from it. Problem is - this property may not enumerate even when using -Properties *, so it might not be apparent when trying to inspect the returned object. To make matters even better, the timestamp is not in a human-readable format.
Nonetheless, you can get the password expiration date fromthe AD cmdlets and also make it human-readable as follows:
# Get ADUser
$user = Get-ADUser username -Properties msDS-UserPasswordExpiryTimeComputed
# Get expiry timestamp and convert it from file time format
$userCredExpiryDate = [DateTime]::FromFileTime( $user.'msDS-UserPasswordExpiryTimeComputed' )
Here is the MSDN documentation for that AD DS attribute.
For other field values that show up in net user /domain but not in Get-ADUser - there should be other AD DS attributes you can search on if they don't show up with -Properties *. For these you will need to look for the appropriate property in the AD DS documentation.
UPDATE: Someone linked me to this page on another question (related to this behavior) and this seems to list additional properties that are available for processing, but are not returned when trying to look at "all" AD DS properties on an object. I don't know how complete this list is but it is a good starting point for understanding what additional AD attributes you have to work with.
Is there a way to change the Created By field on a work item in TFS? Maybe by altering the database?
I want to be able to create a bug/feature/PBI, then change it to be created by the member of staff who reported it to me.
This way, I can track who is submitted change requests, and they would also then receive bug update notifications.
You can only overwrite the CreatedBy field when create the workitem via API with bypass rule enabled. Refer to this link for details: Make an update bypassing rules.
A quick solution for this would be create a powershell script to create the workitem via Rest API. Sample for your reference:
#Input basic information
$collectionuri = "http://tfsserver:8080/tfs/DefaultCollection/"
$project = "ProjectName"
$workitemtype = 'Task'
$createdby = 'Display Name'
$title = 'Title'
#Create the workitem
$workitem = #(#{op="add";path="/fields/System.Title";value=$title},#{op="add";path="/fields/System.CreatedBy";value=$createdby})
$json = $workitem | ConvertTo-Json -Depth 100
$headers= #{"Content-Type"="application/json-patch+json"}
$url= $collectionuri + $project + '/_apis/wit/workitems/$' + $workitemtype +'?bypassRules=true&api-version=1.0'
$mycredentials = Get-Credential
$wi = Invoke-RestMethod -Uri $url -Method Patch -Credential $mycredentials -Body $json -ContentType 'application/json-patch+json'
Write-Host $wi
Seems you want to set a faker creator for a work item.
Created By
The name of the team member who created the work item.
Reference name=Microsoft.VSTS.Common.CreatedBy
There is no build-in way to change this filed. Take a look at this:
IsEditable
No
Indicates if users can modify this field (True) or not (False).
Examples of non-editable fields are ones that are set by the system, such as the ID, Revision, Created By, and Changed By
fields.
More details please refer Work Item Field Attributes – What You Can and Can’t Change
Change the value directly in the Database may do the trick, but it's not a recommend way. It's also go against the concept of source control.
If you just want to notify others when work item update. As a workaround, suggest you use the follow function in work item.
When you want to track the progress of a single work item, click the Follow icon icon. This signals the system to notify you when changes are made to the work item.
Note: This feature is available from TFS 2017 and above.
Why do you want to update the system field? You may add a new field "Initiator"(Add or modify a field to track work). Set value from Created By on creation. Then update it when you want.
How can I extract the user name in my active directory when I only have the computer name.
Obviously, no relation whats or ever between the computer name and the user name in terms of naming.
ArcSet's answer is great (it's what I'd do) but for basic PowerShellers, I'd have pushed them towards the AD-cmdlets like (Mitchell did):
Get-ADUser -Property samaccountname
or even:
Get-ADObject -ldapfilter '(objectcategory=user)' -Property samaccountname
This will get you all users from the domain the current computer is joined to:
(([adsisearcher]“objectcategory=user”).FindAll()).Properties.samaccountname
I recommend utilizing this cmdlet: Get-ADComputer. After getting the AD information associated with this you can pipe the data out and utilize filters to get the information you require. The filter code is also specified within the documentation.
Documentation can be found here: https://technet.microsoft.com/en-us/library/ee617192.aspx
Hope this helps (I'm not 100% sure if this is what you are looking for... The more details in your question the better)!
I'm trying to get a method to find the name of an OU dynamically.
The problem is, that the company-name-OU is always there, but the contents can change.
For example:
In this case, the company name I have to retrieve (in my script) is 'Microsoft'.
I however haven't found a method that can do this dynamically.
Since the subOU's may vary (per client, not all clients have the same OU's) it's kind of difficult to find a good method to retrieve the company-name.
I have thought about retrieve the OU that is made by an Admin and has more than 10 objects but the Get-ADOrganizationalUnitcmdlet doesn't have a parameter that sounds like created by:
Do I need to give up or is there some sort of way?
EDIT
I have tried for a workaround 'algorithmicish' kind of thing:
Since the OU will most probably contain users, I check the distinguished names of all the users which will reply
Get-ADUser -Filter {Description -like "Member"} | Select DistinguishedName
CN=User1,OU=User,OU=Microsoft,DC=domain,DC=local
how could I start doing calculations (counts) of each of the OU's?
If you created all your OUs, then you would get domain admins. When I run
Get-ADOrganizationalUnit -Filter * -Properties * | Select #{N="Owner";E={$_.nTSecurityDescriptor}}
I get the attached picture (truncated)
If you can determine if the OU was created after all the default OUs, you could filter on WhenCreated with a Where statement, like this:
$DefaultOUCreationDate = Get-ADOrganizationUnit CN=Users,DC=domain,DC=local -Properties * | Select -ExpandProperty WhenCreated
Get-ADOrganizationalUnit -Filter * -Properties * | Where { $_.WhenCreated -ge $DefaultOUCreationDate }