Author Posts

January 22, 2015 at 7:59 am

I have the following script and all is working (thanks to advice from this site and Dave Wyatt). I am now attempting to add a final piece that emails the results. The issue I am having is that I can't get the format of the email body correct.

I have tried out-string and format-table with no luck.

The goal is to write to the body of the email the list of users ($user.name) and the the machines ($comp) that were added to the user's LogonRestrictions attribute. In a nice readable table / format.

Any ideas????

####### Begin Script #########

Write-Host "Please select input file"
$initialDir = "\\NP1SECR016v\SECRpt\LogonRestrictionConfig"
Get-FileName $initialDir

# Import the input file.
$items = Import-Csv $gfn_file

$ReportList = @()

$users = $items | Group-Object -Property UserID
$TotalUsers = $users.count
Write-Host $users.count " users to process:"`n`n
ForEach($user in $users)
{
Write-Host `n`n"Processing " $user.Name
$userIDSam = $user.name
$LR = ($user.Group | Select-Object -ExpandProperty LogonRestrictions) -join "," # LR = LogonRestrctions computer list

$LR_report = $LR -split ","

Set-ADUser -Identity $user.Name -LogonWorkstations $LR

$groupArray = $user.Group | Select-Object -ExpandProperty GroupName -Unique
#Add-ADPrincipalGroupMembership -Identity $userGroup.Name -MemberOf $groupArray
Write-host "User added to $groupArray"

foreach ($comp in $LR_report)
{
Write-Host `t$comp
$ExportList = New-Object -TypeName PSObject
Add-Member -InputObject $ExportList -MemberType NoteProperty -Name UserID -Value $userIDSam
Add-Member -InputObject $ExportList -MemberType NOteProperty -Name LR -Value $comp
$ReportList += $ExportList
}
}

write-host `n`n$TotalUsers " users processed"

#$MyData = $ReportList | Group-Object -Property UserID
#$Mydata1 = $ReportList | Format-Table 'Logon Restrictions' -GroupBy UserID
#
#$MyData
#$Mydata = $ReportList | Out-String
#
#
#

write-host "ReportList:"
$ReportList

$mydata = $reportlist | Out-String

#=================CreateEmail
$header = @"

Table {border-width: 1px;border-style: solid; border-color: black;boder-collapse: collapse;}
th {border-width: 1px;padding: 3px;border-style: solid; border-color: black; background-color: #6495ed;}
TD {border-width: 1px;padding: 3px;border-style: solid;border-color: black;}

"@

# Format the email body
$EmailBody += ""
$EmailBody += ""
$EmailBody += "IT Security Operations"
$EmailBody += ""
$EmailBody += ""
$EmailBody += ""
$EmailBody += ""
$EmailBody += ""
$EmailBody += "The following logon restrictions have been set."
$EmailBody += ""
$EmailBody += ""
$EmailBody += "$LR_Report "
$EmailBody += ""
$EmailBody += ""
$EmailBody += "$ReportList "
$EmailBody += ""
$EmailBody += ""

$EmailBody += ""
$EmailBody += " "
$EmailBody += " Users processed"
$EmailBody += " $TotalUsers"
$EmailBody += " "
$EmailBody += " "
$EmailBody += " $MyData"
$EmailBody += " "
$EmailBody += ""
$EmailBody += ""
$EmailBody += ""
$EmailBody += ""
$EmailBody += "Log: $LogPath"
$EmailBody += ""
$EmailBody += ""
$EmailBody += ""
$EmailBody += ""
$EmailBody += ""
$EmailBody += "Script run time: $timeSpan"
#=================End CreateEmail

Send-MailMessage -BodyAsHtml -To "user@companyA.com" -Subject "Logon Restrictions" -SmtpServer xxx.companyA.com -From "support@companyA.com" -Body $Emailbody

####### End Script #########

January 22, 2015 at 11:56 am

Can you provide a fabricated example of what's contained in the $gfn_file CSV? What does the Get-FileName command do?

January 22, 2015 at 12:57 pm

get-filename is a custom function that launches a file browser so the user has a gui to select the input file.

stores the path of the input file into gfn_file.

i am writing this for a support team so then need the ability to browse to input file.

January 22, 2015 at 1:01 pm

I'd suggest maybe using one of the online HTML generators for the HTML stuff. All you need to do is paste in your text as you want, format it, and then select a button and it will show you the HTML code. There's an open source one at [url]http://www.html.am[/url]

Also, long sections of text occupying multiple lines look a bit nicer and are easier to manage if you use a text block.

 $Emailbody = @"
Hello World,

Hope you"re having fun on Mars and
the weathers better than here in
Scotland.
cheers,
Tim
"@


Send-MailMessage -BodyAsHtml -To "user@companyA.com" -Subject "Logon Restrictions" -SmtpServer xxx.companyA.com -From "support@companyA.com" -Body $Emailbody

You can also put variables in there using the normal format, and it will be expanded automatically (providing the variable is set BEFORE the textblock is defined)

January 23, 2015 at 9:34 am

Ahhhhh OK thanks Tim. Your post helped. I see now. I had to embed the HTML code into my array. I got to work. Full script is posted below. notice the $ReportList array.

Thanks again for the help 🙂

Now I need to clean it up a little as the script below will overwrite current values, if they exist, in LogonRestrictions. I need to modify so that it appends the LogonRestrictons.

======== script begin ===============
Write-Host "Please select input file"
$initialDir = "\\NP1SECR016v\SECRpt\LogonRestrictionConfig"
Get-FileName $initialDir

#Get Current User info
$dom = $env:userdomain
$usr = $env:username
$CurrentUserName = ([adsi]"WinNT://$dom/$usr,user").fullname
$CurrentUserID = ([adsi]"WinNT://$dom/$usr,user").samaccountname

$CurrentUserName
$usr

# Import the input file.
$items = Import-Csv $gfn_file

$ReportList = @()
$i = 0

$users = $items | Group-Object -Property UserID
$TotalUsers = $users.count
Write-Host $users.count " users to process:"`n`n

ForEach($user in $users)
{
Write-Host `n`n"Processing " $user.Name
$j++
$userIDSam = $user.name
$displayName = $user.group | Select-Object Name
Write-Host "displayName: $displayName"

$LR = ($user.Group | Select-Object -ExpandProperty LogonRestrictions) -join "," # LR = LogonRestrctions computer list

$LR_report = $LR -split ","

Set-ADUser -Identity $user.Name -LogonWorkstations $LR

$groupArray = $user.Group | Select-Object -ExpandProperty GroupName -Unique
Add-ADPrincipalGroupMembership -Identity $user.Name -MemberOf $groupArray
Write-host "User added to $groupArray"
foreach ($groupItem in $groupArray)
{
$groupList += "$groupItem "
}

foreach ($comp in $LR_report)
{
Write-Host `t$comp
$CompList += "$comp"
$i++
#$ExportList = New-Object -TypeName PSObject
# Add-Member -InputObject $ExportList -MemberType NoteProperty -Name UserID -Value $userIDSam
# Add-Member -InputObject $ExportList -MemberType NOteProperty -Name LR -Value $comp

# $ExportCompList += $CompList
# Write-Host "compList: $compList"
}
$ReportList0 = "UserID:$userIDSam "
$ReportList0 += "Added to AD Group(s):$groupList "
$ReportList0 += "Systems ($i)$compList"
$ReportList0 += ""
$ReportList += $ReportList0
$CompList = @()
$groupList = @()
$i = 0

}

write-host `n`n$TotalUsers " users processed"

$mydata = $reportlist | Out-String

#=================CreateEmail
$header = @"

Table {border-width: 1px;border-style: solid; border-color: black;boder-collapse: collapse;}
th {border-width: 1px;padding: 3px;border-style: solid; border-color: black; background-color: #6495ed;}
TD {border-width: 1px;padding: 3px;border-style: solid;border-color: black;}

"@

# Format the email body
$EmailBody += ""
$EmailBody += ""
$EmailBody += "IT Security Operations"
$EmailBody += ""
$EmailBody += ""
$EmailBody += ""
$EmailBody += ""
$EmailBody += ""
$EmailBody += "The following users' ($TotalUsers) logon restrictions have been set."
$EmailBody += ""
$EmailBody += ""
$EmailBody += ""
$EmailBody += "$ReportList"
$EmailBody += ""
$EmailBody += ""
$EmailBody += "Input File: $gfn_file."
$EmailBody += "Processed by: $CurrentUserName ($usr)"
$EmailBody += "$TotalUsers users processed"

#=================End CreateEmail

Send-MailMessage -BodyAsHtml -To "user@companyA.com" -Subject "Logon Restrictions" -SmtpServer xxx.companyA.com -From "support@companyA.com" -Body $Emailbody

============ End Script ===================

January 24, 2015 at 10:29 pm

Probably the easiest way to do this would be to read in the current value of LogonRestrictions and append to the list, then filter out duplicates. Don't have access to the AD PS cmdlets at the moment on my laptop, but here's something along the lines of what I think you could do :

$LR = ($user.Group | Select-Object -ExpandProperty LogonRestrictions) -join "," # LR = LogonRestrctions computer list
$currentLogonRestrictions = Get-ADUser -Identity $user.Name -Properties LogonWorkstations | Select-Object -ExpandProperty LogonWorkstations
$LR += $currentLogonRestrictions

#Ensure there are no duplicates
$LR = $LR | Select-Object -Unique
Set-ADUser -Identity $user.Name -LogonWorkstations $LR