Category Archives: Powershell Quest cmdlets

Add all members from one Security Group to another (and count them)

First you’d maybe like to count members;
(Get-QADGroupMember "Group").count

And then you can add them to another group:
Get-QADGroupMember "Group to copy from" | Add-QADGroupMember "Group to copy to"

Export a list over all disabled user accounts in Active Directory to CSV

Leave a reply

This will export data in the following order (with scandinavian letters)
Givenname, Surname, SamAccountname, PrimarySMTPAddress

Get-QADUser -sizelimit 0 | where {$_.accountisdisabled -eq $true} | select givenname,sn,SamAccountName,PrimarySMTPAddress | Export-Csv -Encoding utf8 c:tempdisabled_users.csv

Import a list of users and export a list with more fields

Leave a reply

# Make utf8 to include special characters
cat .list.csv > .list2.csv

# Import the file and process export as utf8
Import-Csv .list2.csv | foreach {
Get-QADUser -lastname $_.lastname -firstname $_.firstname | select firstname,lastname,mobile,primarysmtpaddress,logonname
} | Export-Csv .list3.csv -Encoding “UTF8”

Add “+47” to mobile field on all users missing it in AD

1 Reply

# Add +47 in “mobile”
$Users = Get-QADUser -SearchRoot “domain/A1/users” -sizelimit 0 | where { $_.mobile.length -eq 8 }

foreach ($user in $users) {
Set-QADUser -id $user -mobile ($user.mobile.insert(0,’+47′))
}

Count users with 8 characters mobile field in AD

Leave a reply

# Number of users with 8 characters mobile
(Get-QADUser -sizelimit 0 | where { $_.mobile.length -eq 8 }).count

Remove whitespaces in mobile field in AD

Leave a reply

# Remove whitespaces in mobile
$Users = Get-QADUser -SearchRoot “domain/A1/users” -sizelimit 0 | where {$_.mobile -match “s”}

foreach ($user in $users) {
Set-QADUser -id $user -mobile ($user.mobile -replace “s”)
}

Count all users with whitespaces in mobile field in AD

Leave a reply

# Count users with whitespace in mobile
(Get-QADUser -sizelimit 0 | where {$_.mobile -match “s”}).count

Clean up user accounts in one OU after linked-mailbox migration to new domain

Leave a reply

This script uses the Quest AD Cmdlets that can be downloaded free from Quest.

# Add the Quest commandlets if not added 
if(!(Get-PSSnapin | 
    Where-Object {$_.name -eq "quest.activeroles.admanagement"})) {
      ADD-PSSnapin Quest.Activeroles.ADManagement
    }

# Add Exchange 2010 commandlets (if not added)
if(!(Get-PSSnapin | 
    Where-Object {$_.name -eq "Microsoft.Exchange.Management.PowerShell.E2010"})) {
      ADD-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
    }

################## SETTINGS
# Home directory for users
$homedir = "\contoso.comusers"

# Domain
$domain = "contoso.com"

# Email address to keep
$keepmail = "@contoso.com"

# The OU we are working on
$OU = "contoso.com/Users/migrated_users"
##################

# Run on all users in the defined OU
Get-QADUser -SearchRoot $OU | 
foreach {
    echo "-------------------------------------------------"    
    echo "Working on $($_.displayname)"
    echo "-------------------------------------------------"

    # Generate username after the 3+3 rule
    $userprincipalname = ($_.firstname.substring(0,3) + $_.lastname.substring(0,3)).tolower()
    $userprincipalname = $userprincipalname.replace("ø","o")
    $userprincipalname = $userprincipalname.replace("å","a")
    $userprincipalname = $userprincipalname.replace("æ","e")
 
    # Make the changes on the user account
    Set-QADUser -Identity $_ -UserPrincipalName $($userprincipalname + "@" + $domain) -SamAccountName "$($userprincipalname)" -HomeDirectory $($homedir + $userprincipalname) -HomeDrive "H:"  #-whatif

    # Check to see if the users homedirectory exists
    if ( !(Test-Path -Path "$homedir$userprincipalname" -PathType Container) ) {

         # Doesn't exist so create it.
         Write-Host "home directory doesn't exist. Creating home directory."

         # Create the directory
         New-Item -path $homedir -Name $userprincipalname -ItemType Directory
         $userDir = "$homedir$userprincipalname"

         # Modify  Permissions on homedir
         $Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl
         $Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
         $Propogation=[System.Security.AccessControl.PropagationFlags]::None
         $Access=[System.Security.AccessControl.AccessControlType]::Allow
         $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule("$userprincipalname",$Rights,$Inherit,$Propogation,$Access)
         $ACL = Get-Acl $userDir
         $ACL.AddAccessRule($AccessRule)
         $Account = new-object system.security.principal.ntaccount($userprincipalname)
         $ACL.setowner($Account)
         $ACL.SetAccessRule($AccessRule)
         Set-Acl $userDir $ACL
    }

    # We need some sleep...
    start-sleep -sec 20

    # Now we need to clean up the users Exchange account
    Get-Mailbox -Identity $userprincipalname |
    
    # Loop through all the emailaddresses
    foreach { 
       $a = $_.emailaddresses
       $b = $_.emailaddresses
     
     # Remove all but $keepmail
       foreach($e in $a) 
           { 
           if ($e.tostring() -notmatch $keepmail ) 
               { $b -= $e; } 
           $_ | Set-mailbox -EmailAddressPolicyEnabled $false -emailaddresses $b -alias $userprincipalname
           }
    }
    
    # We had to remove the emailaddresspolicy to make changes. Let's reactivate it
    Set-mailbox -Identity $userprincipalname -EmailAddressPolicyEnabled $true
}

Connect to different domain controller

Leave a reply

Connect-QADService -service ‘server.company.com’

This requires the Quest commandlets.

Adding snapins/modules to PowerShell

Leave a reply

# Import the ActiveDirectory cmdlets
Import-Module ActiveDirectory

# List available snapins on your system:
Get-PSSnapin

# List registered snapins
Get-PSSnapin -Registered

# Alias:
gsnp

# Add Snapin:
Add-PSSnapin

# Examples:
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin # Exchange 2007
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 # Exchange 2010
Add-PSSnapin Microsoft.SystemCenter.VirtualMachineManager # WMM (Hyper-V)
Add-PSSnapin Quest.Activeroles.ADManagement # Quest commandlets

(You can download the Quest Commandlets from <a href="# Install from http://www.quest.com/powershell/activeroles-server.aspx” title=”# Install from http://www.quest.com/powershell/activeroles-server.aspx“>here.)

You will get an error if you try to add a snapin that is already added. Your script will continue to run but you’ll have a bunch of nasty red letters in your shell. Not too sexy, eh? The way to avoid this is to first check if the snapin is loaded and then only load if it is not.
Do it like this:

# Add Exchange 2007 commandlets (if not added)
if(!(Get-PSSnapin | 
    Where-Object {$_.name -eq "Microsoft.Exchange.Management.PowerShell.Admin"})) {
      ADD-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin
    }

# Add Exchange 2010 commandlets (if not added)
if(!(Get-PSSnapin | 
    Where-Object {$_.name -eq "Microsoft.Exchange.Management.PowerShell.E2010"})) {
      ADD-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
    }

# Add Virtual Machine Manager (Hyper-V) commandlets (if not added)
if(!(Get-PSSnapin | 
    Where-Object {$_.name -eq "Microsoft.SystemCenter.VirtualMachineManager"})) {
      ADD-PSSnapin Microsoft.SystemCenter.VirtualMachineManager
    }

# Add Quest commandlets (if not added)
if(!(Get-PSSnapin | 
    Where-Object {$_.name -eq "Quest.Activeroles.ADManagement"})) {
      ADD-PSSnapin Quest.Activeroles.ADManagement
    }

Head on over to http://blogs.technet.com/b/heyscriptingguy/archive/2010/10/16/learn-how-to-load-and-use-powershell-snap-ins.aspx to learn more about snapins.