Powershell function for gathering users in groups
A friend of mine asked me a couple of days ago if I knew a way to gather users who are members of given groups. I thought to myself “Hmm, challenge accepted!” and started writing a small powershell script. After he confirmed that the script worked as planned I decided to make a function of it (Yes, I know it has been a lot of them on this blog lately). The function accepts two parameters: GroupNames and Filelocation. In addition there is an optional switch called KeepCSV. Rest of the function isn’t that interesting, if you want to use it you can always consult the help (get-help get-membersinadgroups) that I actually have created 🙂 Heres the code: function Get-MembersInADGroups { Param ( [parameter(Mandatory=$True)][string[]]$GroupNames, [parameter(Mandatory=$True)][string[]]$Filelocation, [switch]$KeepCSV ) Get-ADGroup -LDAPFilter “(name=$GroupNames)” | export-csv $FileLocationtemp.csv -NoTypeInformation $groups = Import-Csv $FileLocationtemp.csv $groups | ForEach-Object { $groupname = $_.SamAccountname Get-ADGroupMember -Identity $_.SamAccountName | select-object name,samaccountname…
"The given Key was not present in the dictionary" error when running Group Policy Modeling
I ran into a rather strange error today when trying to run Group Policy Modeling on a user. Instead of showing me Summary and Settings I received an error stating that The given Key was not present in the dictionary. At first I thought that maybe we had used some Norwegian characters somewhere in a policy, but after some googling it turns out that this is caused by ticking the parent registry container when using the Registry Wizard to create a gpo registry preference. Microsoft has published a kb article about it here: http://support.microsoft.com/kb/2692409 However the resolution they are presenting is useless for most organizations I think. Recreating all registry collections is not an option, at least it wasn’t for us. So here’s how to do it in a less time consuming manor (but it may still take some time): Edit any gpo you have used to set registry settings, navigate…
Function for adding photo in Active Directory
I have always been careful to avoid the really advanced and cool stuff in Powershell, like functions, arrays and such. But as I created the last script it hit me that it would be really cool to have it in a command, like set-adphoto. After some googling I found that funtions aren’t hard at all! Basically all I really had to do with the ad photo import script was to add “function Set-ADPhoto { ” in front of the script and end it with a } But since I already was at it I decided to to a little more, I added some argument handling and a little help file. Here is the result: function Set-ADPhoto ($user,$photopath) { Import-Module active* $error = “The file is bigger than 12KB. Shrink it or choose another file” $file = Get-Item “$photopath” $filesize = $file.length/1KB if ($filesize -gt 12) { Write-Host $error } else {…
Simple script for adding user photo in Active Directory
It’s been a while since I posted here so I thought it might be time to add some content. This script is a simple script that adds a photo to a user’s active directory user object. It also checks the filesize to prevent users adding large photos (you can of course change this limit). The requirements for this script is the Active Directory module and permission to edit a user object in Active Directory The script: #Imports the Active Directory module Import-Module active* #Asks the user for a filename $photopath = Read-Host “Please input filepath and filename” #Converts the users input to an object $file = Get-Item “$photopath” #Calculates the filesize $filesize = $file.length/1KB #If the file is largers than 12KB you get a message stating that the file is too large #If the file is smaller than 12KB it asks for a username and imports the file to Active…
Mass import of users in Active Directory v2 – Powershell time
Earlier I posted a script that created users and homefolders and added the users to specified groups. It also set ntfs permissions on the homefolders. That script used primarily old fashioned stuff, so I sat down and started looking for a neat way to do the same in powershell. The powershell script I came up does a lot more than the last one. Here a little list: Creates OUs Creates users Creates security groups Creates distribution groups Creates mailboxes for all users Add specified users to the correct security and distribution groups Creates a homefolder root folder and shares it Creates a homefolder for each user and sets ntfs permissions Set storage limit on the exchange mailbox database As you can see, it does quite a lot. I could incorporate more in this script, for example sharepoint and lync config, but I figured the script is long enough. If you…
Mass import of users in Active Directory
Tried sleeping……That obviously didn’t work out, so here’s a guide on how to import a number of users in Active Directory and then creating and sharing out their home folder. Note: This guide uses dsadd for creating users and cacls for setting ntfs permissions. Thats kind of old fashioned, I will try to write a new guide using powershell later on. In the scenario I have created this script for we have a domain controller who happens to also be the file server, file01. The domain is called test.local and have 5 OUs in addition to the default ones, those are: Sales Management HR IT groups Files are stored on a drive called e: under a folder named users. Each homefolder is shared with a trailing $. In the OU called groups, there are a few groups with identical names to the rest of our OUs. Now that we have…
ALTools from Microsoft, awesome!
Stumbled upon a tool from Microsoft called ALTools that I thought were absolutely awesome. It’s over 7 years old so I wonder why I haven’t seen it before Nevertheless it’s as cool now as it was when it was released. ALTools consists of several tools, but the coolest of them are: aloinfo – Displays all user account names and the age of their passwords eventcombMT – Gathers specific events from event logs of several different machines and saves them in a text file LockoutStatus – Shows a list of all domain controllers in a given domain and the lockoutstatus of a given user on those I have used eventcomb a couple of times as it has some predefined searches, for example Account Lockouts. That particular search is quit helpful if you have a user that frequently gets locked out. Just choose the predfined search, input username and hit search. A…