p42p0wd3r

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 20 total)
  • Author
    Posts
  • Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    It works for me 🙂

    That is good!  The last directory I tried it on was at a 2012 function level.  Could that be the difference?

    Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    And technically, this will set their home directory (but this does not work)

    <textarea class=”ace_text-input” style=”opacity: 0; height: 18px; width: 6.59781px; left: 44px; top: 0px;” spellcheck=”false” wrap=”off”></textarea>

    1
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    It might work if you specify the -Identity, and %username% means nothing to PowerShell
    Set-ADUser -Identity $UserName -HomeDirectory "\\Path\To\Home\$UserName" -HomeDrive 'H'

    I’ve also tried that before with the same result.  Whatever the ADU&C tool does when you click Apply/OK after setting those properties is not being done when powershell sets those values.

    Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    I tested on my Exchange 2016 and 2019 installs, worked just fine.  It gave me a warning “WARNING: Please update UseDatabaseQuotaDefaults to false in order for mailbox quotas to apply.”, which I added as “-UseDatabaseQuotaDefaults $false” and that warning went away.  The quota warning level was changed either way, but would be reset if it was using the default quotas, as the warning suggests.

    I also tested with a hybrid Exchange Online, Office 365, and I was NOT able to change the warning quota for those accounts via powershell.  The script doesn’t seem to do anything at all.  🙁  Even when I went after a single account, the quota was not adjusted.

    Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    Home directory things don’t work very well when setting them with powershell.  What you have created for the dynamic “how old is this account” thing is fine.  You don’t need the “| Out-GridView -Passthru” piece, that will just make you a window that you can filter and observe.

    This will show you all of the users with home directories…

    get-aduser -filter * -Properties homeDirectory,homeDrive | where {$_.HomeDirectory -ne $null} | select name,homeDirectory,homeDrive | sort name

    And technically, this will set their home directory (but this does not work)

    set-aduser -homeDirectory "\\Path\To\Home\%username%" -HomeDrive H;

    Now, the problem is that when you open the user properties in the AD Users and Computers tool and select the profile tab, if you bullet “connect”, then pick the drive letter and paste in the value “\\Path\To\Home\%username%”, and click “Apply”.  This will check the path and update the username to the actual SamAccountName, and it will create an empty folder at the path.  Next user login, the user will have a drive mapped that is empty and only they have permission to it (if you’ve set it all up correctly).  The process of resolving the username and creating the folder on the home share does not happen if you set this value through powershell.

    Since you will need to do this manually anyway (unless someone else can suggest a way that actually works), you should only want to filter the results to show you which accounts DON’T have the home drive, that were created within the days you’re checking for.  Change your Where-Object to look like this…

    | where {($_.whenCreated -ge $month) -and ($_.HomeDirectory -eq $null)}

     

    Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    Try…

    (Import-Csv C:\temp\userlisttest.csv).Identity | %{Set-mailbox -Identity $_ -IssueWarningQuota 46gb}

    My CSV is formatted like…

    Identity
    mbidentity01
    mbidentity02
    etc...
    
    

     

    in reply to: Windows Prompt Box #204996
    Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    Out of curiosity, why is your sign in domain so long?  Can you add a UPN and assign the admin accounts to it?

    Get-AdForest | Set-ADForest -UPNSuffixes @{Add="short.upn"}
    Set-ADUser -UserPrincipalName [email protected] -Identity adminaccount

    I, personally, like things simple, if special things need to be done to accommodate something arbitrary, like the number of keys that need to be pressed in order to log in, I like to try to reduce the monotony enforced on the users of the systems, and a UPN suffix is an easy fix for a long logon domain.

    in reply to: How to get-adcomputer #204969
    Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    With so many, batching it up is probably a good approach.  This might help you figure out a good filter, this is getting the info you want starting at a specific organizational unit.  From here, you could run it against each of larger containers individually, automate it, or whatever your intent is.

    $Things = "Name","OperatingSystem","PasswordLastSet","Enabled","DistinguishedName"
    (Get-ADOrganizationalUnit -Filter "DistinguishedName -like '*DC=contoso,DC=com'").DistinguishedName | % {Get-ADComputer -F * -Properties $Things | select $Things | Export-Csv C:\Temp\Stuff.csv -Append -NoClobber}

    For my test directory, about 2k objects were returned in a 256k CSV file in less than 2 seconds.  I also set the filters to include the operating system.  If you wanted to only look for a specific OS, you could do that with something like this before the select-object bits…

    | where-object {$_.OperatingSystem -like "Windows Server 2019*"}

     

    • This reply was modified 5 months, 2 weeks ago by p42p0wd3r.
    Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    change your json to force UTF-8 encoding, or try to run it through a validator (i.e. https://jsonlint.com, google “json validator” if links here are forbidden).

    It looks like whatever if using the json file is translating the special characters (specifically the – in this case) to arbitrary trash.  Without the code that is being annoying, it is hard to determine what exactly is getting trans-coded improperly.

    EDIT:
    Also, you may not need the ‘ at all, that trash translation can also be coming from the ‘ or “, Some markdown sites use “ and ”, which is probably also getting translated incorrectly.

    • This reply was modified 5 months, 2 weeks ago by p42p0wd3r.
    in reply to: outputs not working as expected #204324
    Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    Maybe PSDrive could work?  You’ll have to do some translations for the CSV output though, I think..

    $list = get-content C:\temp\ewan\computers.txt
    $space = %{Invoke-Command -ComputerName $list {Get-PSDrive C}}
    $space

     

    in reply to: Remove local AD user #189862
    Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    Remove-LocalGroupMember -Group “Administrators” -Member “Admin02”, “MicrosoftAccount\[email protected], “AzureAD\[email protected], “CONTOSO\Domain Admins”

    I’ve had success with the above when using WinRM and using invoke on the local machine after entering each session.

    https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/remove-localgroupmember?view=powershell-5.1

    Also, you may be trying to much things…

    $userName = Read-host -Prompt "Enter the user name whose profile you want to delete"
    $userSID = (Get-WmiObject -Class Win32_useraccount -Filter "Name = '$userName'").SID
    Write-Host $userSID
    $user = Get-WMIObject -Class Win32_UserProfile -Filter "SID = '$userSID'" | Remove-WmiObject -WhatIf

    The output with the -WhatIf option…

    PS C:\> $userName = Read-host -Prompt "Enter the user name whose profile you want to delete"
    $userSID = (Get-WmiObject -Class Win32_useraccount -Filter "Name = '$userName'").SID
    Write-Host $userSID
    $user = Get-WMIObject -Class Win32_UserProfile -Filter "SID = '$userSID'" | Remove-WmiObject -WhatIf
    
    Enter the user name whose profile you want to delete: administrator
    S-1-5-21-2573404762-1233068552-0000101010-1001
    What if: Performing the operation "Remove-WmiObject" on target "\\GenericMachine\root\cimv2:Win32_UserProfile.SID="S-1-5-21-2573404762-1233068552-0000101010-1001"".
    
    PS C:\>
    in reply to: Odd date behavior with Get-ADUser #189769
    Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    Search-ADAccount -AccountExpiring | select name,AccountExpirationDate

    Use that instead.  I had to adapt a lot of scripts after some PS update, I think it came out when Server 2012R2 did, but I forget the exact time.

    in reply to: Configure Outlook using Powershell #189763
    Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    Check out the info from this post…

    https://superuser.com/questions/1141519/configuring-outlook-with-powershell

    It might just be better to set one up with that prf file (using setup.exe /admin) and make a script that imports that prf file on the other systems you want to configure outlook on.  I think it’d be better than splashing around in the registry.

    Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    This is what I use to search my GPOs.  It is simple, and you can search for any string of characters, so if you have an idea of what the GPO you’re looking for has configured, this will show you all GPOs with that bit of text.  I didn’t create it myself, but I did simplify it and add some colors to the output the make it even easier.

    <#
    Search all the GPO objects for a bit of text from a configured option
    #>
    # Ask for something to query
    $string = Read-Host -Prompt "What are you looking for?"
    
    # The business bits...
    $DomainName = $env:USERDNSDOMAIN 
    write-host "Finding all the GPOs in $DomainName"  -foregroundcolor Magenta
    Import-Module grouppolicy 
    $allGposInDomain = Get-GPO -All -Domain $DomainName 
    Write-Host "Starting search...." -foregroundcolor Cyan
    foreach ($gpo in $allGposInDomain) { 
        $report = Get-GPOReport -Guid $gpo.Id -ReportType Xml 
        if ($report -match $string) { 
            write-host "Match found in: $($gpo.DisplayName)" -foregroundcolor darkblue -backgroundcolor white
        }
        else { 
            Write-Host "No match in: $($gpo.DisplayName)" 
        }
    }
    in reply to: Exchange SMTP Address Search #189757
    Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    Walking through each section of your command, the “| where {$_.smtpAddress -match "SMTPAddress"}” part didn’t work, so I changed it to make sure that field wasn’t empty, so it changed it to “| ? {$_.SmtpAddress -ne $null}“, see below.

     

    get-recipient -resultsize unlimited | select name -expand emailaddresses | ? {$_.SmtpAddress -ne $null} | ft Name,SMTPAddress -auto

    in reply to: Problem with remote session using Azure AD credentials #187945
    Participant
    Topics: 1
    Replies: 20
    Points: 109
    Helping Hand
    Rank: Participant

    Do you have the modules installed?  AzureAD requires commands from the MSOnline module and the AzureAD module.  If you run…

    gcm "*msol*"

    and

    gcm "*AzureAD*"

    And you don’t see a lot of commands returning, you need to install the modules.

    install-module msonline

    and

    install-module azuread

    After that, you need to use…

    connect-msonline

    and

    connect-azuread

    to connect into your instances.  If your machine is a member, it will prompt you for creds if your logged in creds aren’t elevated.

Viewing 15 posts - 1 through 15 (of 20 total)