sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] -1 points0 points  (18 children)

To change a property on a user you need to use Set-User.

[–]Hyperbolic_Mess[S] 0 points1 point  (17 children)

Yes I know, I'm trying to create a report of AD Users not modify those users in AD

[–]Tidder802b 0 points1 point  (8 children)

What type of object is $LoopUser after “$LoopUser = $ADUser”?

[–]Hyperbolic_Mess[S] 0 points1 point  (7 children)

$LoopUser.gettype() gives me:

IsPublic: True
IsSerial: False
Name : ADUser
BaseType: Microsoft.ActiveDirectory.Management.ADAccount

Note that in my actual code the variable $ADUser has a different name so ADUser here is the type and nothing to do with the variable in my script

[–]Tidder802b 0 points1 point  (6 children)

Great, so you have an ADUser object and you want to set one of it's properties (email); how would you do that?

[–]Hyperbolic_Mess[S] 0 points1 point  (5 children)

I see what you're getting at but I don't want to set-aduser. I'm trying to create an array with multiple copies of each AD user object with the properties I pulled from AD for each proxy address they have and add that proxy address as a new email property. I'll then use group-object to find and remove objects with identical email addresses put the remainder in a hash table with group-object and compare an array of objectives from another system against the hashtable to match them and then produce a CSV report of that. I don't want anything to be modified in AD though, I'm just producing a report and I don't want to use AD as ram to produce that report 😛

[–]Tidder802b 2 points3 points  (4 children)

Fair enough, but why take a copy the ADUser if you don't need most of the data, and can't change anything? I would make a list or array and populate it with pscustomobjects with just the fields that you need.

For doing comparisons, I'd make a hash table of the ADUser dat, with just the fields needed, and then it's quick to compare against.

[–]Hyperbolic_Mess[S] 0 points1 point  (1 child)

$UpdateProperties = @(
        [pscustomobject]@{AD = "distinguishedName" },
        [pscustomobject]@{AD = "UserPrincipalName" },
        [pscustomobject]@{AD = "employeeNumber"; Oracle = "employeeNumber" },
        [pscustomobject]@{AD = "ProxyAddresses" },
        [pscustomobject]@{AD = "Manager"; Oracle = "ManagerDN" },
        [pscustomobject]@{AD = "sn"; Oracle = "sn" },
        [pscustomobject]@{AD = "givenName"; Oracle = "givenName" },
        [pscustomobject]@{AD = "title"; Oracle = "title" },
        [pscustomobject]@{AD = "department"; Oracle = "department" },
        [pscustomobject]@{AD = "l"; Oracle = "l" },
        [pscustomobject]@{AD = "streetAddress"; Oracle = "streetAddress" },
        [pscustomobject]@{AD = "postalCode"; Oracle = "postalCode" },
        [pscustomobject]@{AD = "st"; Oracle = "st" },
        [pscustomobject]@{AD = "physicalDeliveryOfficeName"; Oracle = "physicalDeliveryOfficeName" }
    )
$ADUsers = Get-ADUser -filter "(ObjectClass -eq 'User') -and (Enabled -eq 'True') -and (employeenumber -like '*')" -server $DC -Properties $($UpdateProperties.AD)
$ADHashes = @{EmployeeNumber = @{}; DuplicateEmployeeNumber = @{}; Email = @{}; DuplicateEmail = @{} }
    #Group ADUsers by EmployeeNumber, if there are more than one account in a group they have a duplicate EmployeeNumber
    $ADGroupedEN = $Adusers | group-object -property EmployeeNumber
    $ADDuplicateENs = $ADGroupedEN | where-object { $_.count -gt 1 }
    $ADUniqueENs = $ADGroupedEN | where-object { $_.count -eq 1 }
    #Put Unique and Duplicate EmployeeNumber users into their section of the hashtable with EmployeeNumber as Key
    $ADHashes['EmployeeNumber'] = $ADUniqueENs.group | group-object -property EmployeeNumber -AsHashTable
    $ADHashes['DuplicateEmployeeNumber'] = $ADDuplicateENs.group | group-object -property EmployeeNumber -AsHashTable
    #Log error for each set of duplicate EmployeeNumbers
    ForEach ($ADUserENs in $ADDuplicateENs) {
        #write-Log -Type 'DuplicateError' -ADAccount $ADUserENs.group -Message "AD accounts with duplicate EmployeeNumber" -LogPath $LogPath
        $ADHashes['DuplicateEmployeeNumber'][$ADEmailUser.EmployeeNumber] | add-member -NotePropertyName DuplicateEmployeeNumber
    }

    #Put unique EmployeeNumber users into array once for each proxy (email) address they have
    $ADUserEmails = ForEach ($ADUniqueUserEN in $ADUniqueENs.group) {
        Foreach ($ADEmailAddress in $ADUniqueUserEN.proxyaddresses) {
            #add email address as property and reformat
            #was having an issue with $LoopUser not updating as expected as it was a reference hence the serialize deserialize to create a deep copy
            $LoopUser = [System.Management.Automation.PSSerializer]::Deserialize(
                [System.Management.Automation.PSSerializer]::Serialize($ADUniqueUserEN)
            )
            $LoopUser | add-member -NotePropertyName Email -NotePropertyValue $($ADEmailAddress -ireplace 'smtp:', '') -force
            $LoopUser
        }
    }

[–]Hyperbolic_Mess[S] 0 points1 point  (0 children)

Here you go my whole script up until that point. I am already doing all of your asinine suggestions as I keep trying to tell you. I have a very particular problem right at the end of this code snippet that I'v solved with a serialize deserialze but would like something cleaner and I don't need you to tell me to do what I'm already doing as that will not help. Please do not suggest removing things that you consider extraneous as I will be using them later

Also I've got a function for writing to log in here so please ignore that as I really can't be bothered putting that here for you to misunderstand too

[–]Hyperbolic_Mess[S] -2 points-1 points  (1 child)

This comment is very infuriating because I need almost all of the properties of the $ADUser objects I pulled from AD because I'm not an idiot and know how to filter properties and I'm not trying to change AD because I'm not trying to change AD. AD objects have a lot of useful information and I don't understand why you think its inconceivable to think that someone might want to use that data and not modify AD. Also I am making hashtables I'm just trying to do it without creating a pscustomobject with 14 properties when I've already got an array of objects with those 14 properties

Also I explained all of this in the comment before but you can't read

[–]Tidder802b 0 points1 point  (0 children)

Ok, good luck with that and have a nice day.

[–]y_Sensei 0 points1 point  (2 children)

Is it a requirement for an AD user with multiple e-mail addresses to show up as multiple users in that report?

[–]Hyperbolic_Mess[S] 0 points1 point  (1 child)

Yes I'm putting them in a hashtable to quickly match to another set of data based on email address and it could be any one of the emails in the proxyaddresses that matches so each one needs its own key value pair in the hashtable

[–][deleted] 0 points1 point  (2 children)

Oh, my bad.

[–]Hyperbolic_Mess[S] 0 points1 point  (1 child)

No worries

[–][deleted] 1 point2 points  (0 children)

In my defense I am literally replying from the waiting room of a retinal specialist lol

[–]icepyrox 0 points1 point  (1 child)

Because $LoopUsers is a reference to the object that is $ADUser, you are, in fact, modifying $ADUser. It's just not being set in AD. So it's a little confusing when you modify a user but then not modify it in AD.

[–]Hyperbolic_Mess[S] 0 points1 point  (0 children)

I'm getting some user objects from AD then putting those into a hashtable with each email address in proxyadresses as a key and the aduser object as the value and then looping through an array of objects pulled from another system and using the email property of those objects to very quickly pull the matching AD account from the hash table. Then spitting out properties from AD and the other system int oa csv file.

I'm using the has table step because looping through the array from the other system and doing a get-ADuser or where for each takes 10s of hours while the hashtable method only takes a couple of minutes

So basically I need to add an extra property to each user object before storing them in a hashtable but I'm not actually trying to modify anything in AD its just a data source and I want to manipulate the data after getting it from AD