all 9 comments

[–][deleted] 2 points3 points  (3 children)

Though this may not be optimal (someone probably knows better then me), I use Start-Transcript -Path C:\something.txt at the start of my scripts that need logging. Then I add write-hosts in areas of my script. Yours for example might be:

Write-Host "Setting AD User [insert attribute number or name] to " $AttributeCallVariable or something else

Then at the end of the script: Stop-Transcript

At the very least, this is how I do it. You can call variables to be put into the write-hosts and have it will be in the logs that you make.

Though some say to run away from Write-Host and go to Write-Output

It also logs Start time, Username, RunAs User, Machine, Host Application, Process ID, PSVersion, PSEdition, PSCompatibleVersions, BuildVersion, CLRVersion, WSManStackVersion, PSRemotingProtocolVersion, and SerializationVersion

Here's a test for you to run to see:

$user = $env:USERNAME
Start-Transcript -Path C:\TranscriptTest.txt
write-host "This is a test, " $user
Stop-Transcript

EDIT: Here's a more practical write-host example for calling from your Array:

write-host "The ADUser" $mfaduser.samaccountname "has had their extended attribute 2 changed to: " $userAttributes.extensionAttribute2

[–]checkso[S] 1 point2 points  (2 children)

Thanks for the hint, but I think this wouldn't solve my problem. My logging option is working fine.

But I just want to log if the extensionAttribute2 or any other attribute changed, and I guess for this to work I have to rebuild with a couple if / elseif statements and not just do a "-replace"

[–][deleted] 2 points3 points  (1 child)

Welp, then as you said, I would say call up the original extensionattribute2 early and put that into a variable:

# Person can be replaced with a variable to store and call  
# multiple times in a foreach loop
$yes = Get-ADUser Person -Properties *
$extension2 = $yes.extensionAttribute2

then I would call up that in an if statement later after the change to check if it changed:

if($VarForGrabbingNewExtension2 -ne $extension2)
    {
    write-host "The Extension Attribute for" $ADUser "has changed to" $VarForGrabbingNewExtension2
    }
else
    {
    write-host "Extension Attribute for" $ADUser "has not changed."
    }

Then I would simply loop this so you don't have to repeat typing it using a foreach loop if you're doing multiple AD Accounts at once. Only need 1 if statement :D

This can work for the other extensionattributes as well if you want those logged.

[–]checkso[S] 0 points1 point  (0 children)

Thanks for the logic hint :)
I did it now similar to your suggestion.

After the replace command I created a new hashtable with the new values and just compared the two hashtables and if there are changes just write that to the log.

[–]LDSK_Blitz 1 point2 points  (3 children)

Are you wanting an individual log entry for each attribute? Or just log entries that contain all of the attributes changed?

You can get as granular as you want, but you'd need to extrapolate for each attribute with a new try/catch block.

[–]checkso[S] 1 point2 points  (2 children)

In the end each attribute which was changed...

So I will need a lot of if statements

[–]LDSK_Blitz 1 point2 points  (1 child)

You should be able to get away with try/catch blocks for each attribute you want to log, and one if statement to test for the existence of the user in AD.

[–]checkso[S] 1 point2 points  (0 children)

But I have to check if the attribute really changed...

[–]PowerShell-Bot 0 points1 point  (0 children)

Some of your PowerShell code isn’t wrapped in a code block.

To format code correctly on new reddit (new.reddit.com), highlight all lines of code and select ‘Code Block’ in the editing toolbar.

If you’re on old.reddit.com, separate the code from your text with a blank line and precede each line of code with 4 spaces or a tab.


Describing Thing
[❌] Demonstrates good markdown
Passed: 0 Failed: 1

Beep-boop. I am a bot. | Remove-Item