Power shell | Extract user name out of computer name in Domain Controller - windows

How can I extract the user name in my active directory when I only have the computer name.
Obviously, no relation whats or ever between the computer name and the user name in terms of naming.

ArcSet's answer is great (it's what I'd do) but for basic PowerShellers, I'd have pushed them towards the AD-cmdlets like (Mitchell did):
Get-ADUser -Property samaccountname
or even:
Get-ADObject -ldapfilter '(objectcategory=user)' -Property samaccountname

This will get you all users from the domain the current computer is joined to:
(([adsisearcher]“objectcategory=user”).FindAll()).Properties.samaccountname

I recommend utilizing this cmdlet: Get-ADComputer. After getting the AD information associated with this you can pipe the data out and utilize filters to get the information you require. The filter code is also specified within the documentation.
Documentation can be found here: https://technet.microsoft.com/en-us/library/ee617192.aspx
Hope this helps (I'm not 100% sure if this is what you are looking for... The more details in your question the better)!

Related

Powershell difference Add-ADGroupMember and Add-ADPrincipalGroupMembership

What is in powershell the difference between Add-ADGroupMember and Add-ADPrincipalGroupMembership?
According to this Website:
You can only pass group objects to this cmdlet (Add-ADGroupMember) through the pipeline. To pass user objects through the pipeline, use Add-ADPrincipalGroupMembership
Is there more to think of?
Thanks to #Olaf, here is the answer:
Add-ADGroupMember
you can add one or more members to one group
Add-ADPrincipalGroupMembership
you can add one member to one or more groups
If anyone is looking for a command to copy a security groups member of properties instead of members themselves then here is the command:
Get-ADGroup -Identity "Old Group memberships to Clone" -Properties memberof -Verbose | select-object -Expandproperty memberof -Verbose | Add-ADGroupMember -Member "New Group that needs Old Group properties"
In this case we have nested groups for a file server based on specific access to folders for users in certain groups based on their occupation.
So if a certain security group is part of multiple other groups and needs to be cloned/copied then this command comes handy.
Didn't find any specifics for what I was looking for so this is the method I came up with.

Powershell - Couldn't add 2nd and 3rd date modify parameter

I could manage to retrieve user accounts from DC with their time related parameters like lastlogon, whencreated etc and I could manage to change lastLogon parameter to my prefer (dd.MM.yyyy). But I couldn't make the same conversion to "whenCreated" and "PasswordLastSet" dates.
Get-Aduser -Filter * -Properties *|Select name,SamAccountName,PasswordExpired,description,whenCreated,PasswordLastSet,Enabled,DistinguishedName,DisplayName,GivenName,SurName, #{N='LastLogon'; E={[DateTime]::FromFileTime($_.LastLogon).ToString('dd.MM.yyyy')}} |export-csv C:\result.csv
I need your help on this issue. How can I modify the 3 dates format into my preferrings at the same time.
Thanks..
#{N='whenCreated'; E={$_.whenCreated.ToString('dd.MM.yyyy')}}, #{N='PasswordLastSet'; E={$_.PasswordLastSet.ToString('dd.MM.yyyy')}}
Without 'FromFileTime'.

Net User $userName /domain

I am trying to create a module for our support team which will contain some tools we use on daily basis but we used CMD until now.
One of the commands we use is net user $username /domain in order to check if the user's password has expired and all the other useful details the command output.
I tried to put that command in a function like this:
function Get-UserDetails {
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[string]$UserName
)
net user $UserName /domain
}
The function works fine but I want to filter the output for a few details only.
The problem is that net user is not a PowerShell cmdlet and it has no properties so I cant select any of it.
So my questions is:
Do you know a better way to get all that data in one command? because the Get-ADUser outputs less data then net user.
You can use Get-ADUser and pick the msDS-UserPasswordExpiryTimeComputed property from it. Problem is - this property may not enumerate even when using -Properties *, so it might not be apparent when trying to inspect the returned object. To make matters even better, the timestamp is not in a human-readable format.
Nonetheless, you can get the password expiration date fromthe AD cmdlets and also make it human-readable as follows:
# Get ADUser
$user = Get-ADUser username -Properties msDS-UserPasswordExpiryTimeComputed
# Get expiry timestamp and convert it from file time format
$userCredExpiryDate = [DateTime]::FromFileTime( $user.'msDS-UserPasswordExpiryTimeComputed' )
Here is the MSDN documentation for that AD DS attribute.
For other field values that show up in net user /domain but not in Get-ADUser - there should be other AD DS attributes you can search on if they don't show up with -Properties *. For these you will need to look for the appropriate property in the AD DS documentation.
UPDATE: Someone linked me to this page on another question (related to this behavior) and this seems to list additional properties that are available for processing, but are not returned when trying to look at "all" AD DS properties on an object. I don't know how complete this list is but it is a good starting point for understanding what additional AD attributes you have to work with.

How to map HKEY_USERS subkeys and Windows usernames?

I thought the key names immediately below HKEY_USERS were supposed to be the usernames of whoever logged in at this machine at some time. But in my machine what appears is:
S-1-5-18
S-1-5-19
S-1-5-20
S-1-5-21-NNNNNNNNN-NNNNNNNNN-NNNNNNNNNN-NNNNN
S-1-5-21-NNNNNNNNN-NNNNNNNNN-NNNNNNNNNN-NNNNN_Classes
I'd like to be able to determine which subtree corresponds to which user. How can I do that?
Edit: WHat I need is to get the usernames from the SIDs. I want to inspect the configurations of each user that has ever logged on, and I need to know their names. For example, in the registry above, I need to be able to, based on the string "S-1-5-21-NNNNNNNNN-NNNNNNNNN-NNNNNNNNNN-NNNNN", find out that it correspond to DOMAIN\somebody, or LOCALMACHINENAME\somebodyelse.
It is possible to query this information from WMI. The following command will output a table with a row for every user along with the SID for each user.
wmic useraccount get name,sid
You can also export this information to CSV:
wmic useraccount get name,sid /format:csv > output.csv
I have used this on Vista and 7 (according to the comments it works on 2008 R2 as well). For more information see WMIC - Take Command-line Control over WMI.
For PowerShell this is quick:
gwmi win32_userprofile | ft localpath, sid
Ashley McGlone
Microsoft PFE
http://aka.ms/GoateePFE
I believe those numbers are the user's security ID (SID). You can use SysInternals to get the SIDs of users:
http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx
HKLM\System\CurrentControlSet\Control\hivelist will show you where the hives are mounted from. While not a direct mapping, usually the mount point has the user name in the path.
I'm sure there is a better answer than this though...
When doing it manually (without extra tools), the easiest way is to open permissions for that key. The only user who has full permissions is the owner of the key.
When from a program, you will need a way to convert SIDs to account names. In C# (or PowerShell), have a look at the SecurityIdentifier and NtAccount class for that.
in C# there is appears to be an answer to translating username to SID here http://community.bartdesmet.net/blogs/bart/archive/2006/09/08/4394.aspx but its only for local PCs.
For AD I converted it to:
using System;
using System.DirectoryServices;
using System.Security.Principal;
class Program {
static void Main(string[] args) {
string path = "LDAP://" + args[0];
DirectoryEntry root = new DirectoryEntry(path, args[1], null, AuthenticationTypes.Secure);
string sid = new SecurityIdentifier((byte[])root.Properties["objectSID"][0], 0).Value;
Console.WriteLine(sid);
}
}
The usage is : programname.exe DOMAIN username
e.g. programname.exe somecompany.com preet_sangha
Please use powershell:
$mydocuments = [Environment]::GetFolderPath("mydocuments")
gwmi win32_userprofile | ft localpath, sid, status -AutoSize | Out-File $mydocuments\userprofiles.txt

Get short user name from full name

Anyone know how to get a user's short user name, eg. "johnsmith", given their full name, eg. "John Smith"?
Note I'm interested in any user, not the current user, so functions like NSUserName are irrelevant.
Why? I am authenticating a username and password using Authorization Services. This allows people to enter either their short name or their full name, which is nice, but I then need to know who they've actually logged in as (ie. short user name and/or user id).
Nasty hacks like [NSHomeDirectoryForUser(username) lastPathComponent] don't work consistently.
You need to use the Collaboration Framework :).
Link this framework to your project, and then you just need to do the following:
CBIdentity* identity = [CBIdentity identityWithName:#"John Smith" authority:[CBIdentityAuthority localIdentityAuthority]];
NSLog(#"Posix name: %#", [identity posixName]);
And voilà!
EDIT: If you need to find only users that are bound on the network, you need to use +managedIdentityAuthority instead of +localIdentityAuthority.
And if you need to find both local users AND network users, use +defaultIdentityAuthority.

Resources