Set a single attribute

This topic contains 0 replies, has 1 voice, and was last updated by Profile photo of Forums Archives Forums Archives 5 years, 5 months ago.

  • Author
    Posts
  • #6185

    by rambog at 2012-10-02 11:59:26

    I am scanning the tree looking for script paths to be changed. If an incorrect name is found (i.e., vbsNTLogonCombined.bat), it needs to be replaced with another script name (MHSNR-vbsNTLogonCombined.bat). The problem I run into is that methods of Put(), SetInfo(), or CommitChanges() don't seem to work on the object type I am attempting to work on. How do I effect the change I need to occur within AD (if there is a way without having to invoke Quest tools, I would prefer).

    $LogonScriptReportFile = New-Item -type file -force "C:\Lab\UserReports\Logon_Script.csv"
    $ObjFilter = "(objectClass=User)"
    $objSearch = New-Object System.DirectoryServices.DirectorySearcher
    $objSearch.PageSize = 20000
    $objSearch.Filter = $ObjFilter
    $objSearch.SearchRoot = "LDAP://OU=Lab1,DC=labdomain,DC=lab,DC=org"
    $AllObj = $objSearch.FindAll()
    foreach ($Obj in $AllObj) {
    $objItemT = $Obj.Properties
    $UserID = $objItemT.name
    $Profile=$objItemT.scriptpath
    Write-Host "$UserID has the batch file $Profile"
    if ($Profile -eq 'vbsNTLogonCombined.bat')
    {
    Write-Host "$UserID needs to be modified"
    $objItemT.scriptpath="Lab-vbsNTLogonCombined.bat"
    #$ObjItemT.scriptpath.CommitChanges()
    $Obj.Put("scriptpath","MHSNR-vbsNTLogonCombined.bat")
    $Obj.setinfo()
    "$UserID profile was modified to $Profile"|Out-File $LogonScriptReportFile -encoding ASCII -append
    }
    }

    by Helmto108 at 2012-10-02 17:15:41

    Hi, do you have access to the AD Module for PowerShell? This might work out for you.

    [code2=powershell]$report = @()
    $users = Get-ADuser -filter * -searchbase "OU=Lab1,DC=labdomain,DC=lab,DC=org" -Property scriptpath

    ForEach ($user in $users) {
    If ($User.scriptpath -eq 'vbsNTLogonCombined.bat') {

    $temp = $null
    $temp = New-Object PSObject
    write-host "$($User.name) needs to be modified"
    $User.scriptpath = "MHSNR-vbsNTLogonCombined.bat"
    $temp | Add-Member -Type NoteProperty -name Name -Value "$($User.Name) was modified to MHSRN-vbsNTLogonCombined.bat"
    $report += $temp
    Set-ADUser -instance $user
    }
    }
    If ($report -ne @()) {
    $report | Export-CSV LogonChangeResults.CSV}[/code2]

    by Steve at 2012-10-02 17:25:43

    That's actually how I got hooked on Powershell was using it to change out logon scripts.

    Using Quest's AD tool module:
    get-qaduser -logonscript BadOldScript.bat | set-qaduser -logonscript NiceNewScript.bat

    Using MS's AD module:
    get-aduser -filter {scriptpath -eq "BadOldScript.bat"} | set-aduser -scriptpath "NiceNewScript.bat"

    by rambog at 2012-10-04 18:14:26

    Thank you. I was wondering if there were ways other than the Quest tools or having Windows Server 2008 Domain Controller (which should have installed). It seems that without these toolsets, it is difficult to writing to AD.

    by RichardSiddaway at 2012-10-06 01:56:35

    That's not correct. The [ADSI] and {ADSISEARCHER] type accelerators expose a scripting interface that is just as powerful as the cmdlets. I haven't found anything the cmdlets do that you can't this way. There is also the AD provider which is a lot more capable than I originally thought. See the series of posts I did at http://msmvps.com/blogs/richardsiddaway/default.aspx for a comparison of various ways of using scripts, provider, MS and AD cmdlets

You must be logged in to reply to this topic.