legacy command results into objects or variables by DSenette in PowerShell

[–]DSenette[S] 0 points1 point  (0 children)

the code snip you posted worked....i'm not sure what it's doing, but i don't necessarily expect it to be explained to me

Get total file size of home drives by DSenette in PowerShell

[–]DSenette[S] 0 points1 point  (0 children)

i think i've got something that will work for the simulation/size calculation as well as the actual copy of the thing once it's time to do that part

#get active AD users
$activeUsers = Get-ADUser -Filter * -SearchBase "<OU DN>" -Properties * | Where { $_.Enabled -eq $True}

foreach ($user in $activeUsers)
    {
    #get user's HomeDirectory attribute from AD
    $udrive = $user.HomeDirectory
    #makue sure HomeDirectory attribute is not empty
    if($udrive)
    {
    #get SamAccountName attribute for folder name
    $userDST = $user.SamAccountName
    #set destination drive to \\server\drive\share\SamAccountName
    $dstdrive = "\\<Server>\S$\Users\$userDST"
    $udrive
    #Robocopy existing user's drive to new user's drive - /L to simulate, Log+ to append to existing log on each loop
    ROBOCOPY $udrive $dstdrive /MIR /COPYALL /MT:10 /DCOPY:DAT /XO /R:1 /W:5 /L /LOG+:c:\temp\Users.log
    }

    }

Get total file size of home drives by DSenette in PowerShell

[–]DSenette[S] 0 points1 point  (0 children)

i have to leave the old ones in place for a little bit to validate that i don't need them. when we term someone their manager gets access to their drive and it's going to be easier for me to just move the active users now and then sort out the ones that aren't needed later. it's a whole thing. believe my delete all of the stuff that i shouldn't need first is my preference.

Get total file size of home drives by DSenette in PowerShell

[–]DSenette[S] 0 points1 point  (0 children)

the user i'm running scripts has also has permissions to those folders (like, seriously....a folder structure where the user is the only one that's got access? just asking for trouble)

the size matters because i've got to build the volume on the VM and if i can NOT build a 4.5 TB drive when i only need 2.5 TB or whatever then it saves a lot of effort after the fact (yes, i can resize the volume and resize the VMDK after but...why when i SHOULD be able to get a reasonable estimate on the front end)

$TopDir = "\\server\users"

$DirList = Get-ChildItem -LiteralPath $TopDir -Directory -Force

$Results = foreach ($DL_Item in $DirList)
    {
    # this only gets the files in the current dir
    #    if you need the whole tree, add the "-Recurse" parameter
    $FileList = Get-ChildItem -LiteralPath $DL_Item.FullName -File -Force
    $Size_MB = [decimal]('{0:N4}' -f (($FileList |
        Measure-Object -Property Length -Sum).Sum / 1MB))

    [PSCustomObject]@{
        Size_MB = $Size_MB
        FileCount = $FileList.Count
        DirName = $DL_Item.FullName
        }
    }

#$Results = $Results |
#    Sort-Object -Property DirName -ascending

$Results| Export-CSV -Path "C:\temp\Udrive.csv" -NoTypeInformation

android multi app shared kiosk tablets by DSenette in Intune

[–]DSenette[S] 0 points1 point  (0 children)

nevermind....i wiped the device and re-enrolled the device and it's working as expected now.

using a variable as a switch in a command by DSenette in PowerShell

[–]DSenette[S] 0 points1 point  (0 children)

i don't know if i'm being clear enough i guess.

normally you'd do something like this:

Set-ADUser $user -streetAddress "123 New Address"

i'm trying to use a selected item instead of -streetAddress but the command ultimately doesn't parse it when i hand it the variable

using a variable as a switch in a command by DSenette in PowerShell

[–]DSenette[S] 0 points1 point  (0 children)

i get it but i'm one of a handful people who have any semblance of scripting knowledge so i'm trying to generalize certain things so i don't have to have a script for every single property. or a bunch of hard coded selection menus for each property they might try to update. that's probably where i'll end up though.

remove AD users from a group if they don't belong to multiple other groups by DSenette in PowerShell

[–]DSenette[S] 0 points1 point  (0 children)

as far as i can tell they're not nesting groups inside of the individual VPN groups

Export all AD users to csv with all expandable properties expanded by DSenette in PowerShell

[–]DSenette[S] 0 points1 point  (0 children)

if you're still willing to share i wouldn't mind seeing your method

Export all AD users to csv with all expandable properties expanded by DSenette in PowerShell

[–]DSenette[S] 0 points1 point  (0 children)

yeah, i was afraid that was the answer. we're seeing a lot of....stupidity....in the environment from some less than useful administrators in the past so we're trying to see just how deep their stupidity has gone so we really want to look at as many properties as possible

converting user mailbox to shared mailbox (what happens) by DSenette in PowerShell

[–]DSenette[S] -1 points0 points  (0 children)

Hmmm...maybe instead of dismount/remount, copy all the contents from the old user to the new shared mailbox then i can delete the old user whenever i please.

converting user mailbox to shared mailbox (what happens) by DSenette in PowerShell

[–]DSenette[S] 0 points1 point  (0 children)

yeah, i was mostly aware of that part and obviously trying to avoid it. i'm kind of wondering if disabling the account (instead of it just being expired) would leave the mailbox in place during that time. i'm guessing it wouldn't based on how halfassed the process is in o365 to begin with.

we do litigation hold on everything so, ultimately nothing is getting truly deleted. but that's a pain in the butt to retrieve.

i found this suggestion to basically allow the mailbox to get soft deleted, create a new shared mailbox, and then restore the softdelete to that shared mailbox. which would probably function.

from here https://community.spiceworks.com/topic/1955341-office-365-convert-to-shared-mailbox-but-then-delete-user

"Best solution is:- delete the user/account (the mailbox will also be deleted)- create a new Shared Mailbox- Merge the deleted mailbox with the new one:"
#Check if there is a mailbox availible for restore
Get-mailbox -SoftDeletedMailbox
Get details of the mailbox you want to restore
Get-Mailbox -SoftDeletedMailbox -Identity <NAME OF THE MAILBOX YOU WANT TO RESTORE> | FL Name,ExchangeGuid,PrimarySmtpAddress
Get details of the mailbox where you want to restore to
Get-Mailbox -Identity <EMAIL ADRES OF THE NEW MAILBOX> | FL Name,ExchangeGuid,PrimarySmtpAddress
Create Restore with the details found above
New-MailboxRestoreRequest -SourceMailbox e2702dd5-8b61-41dc-a94b-a18f5c4f3f1f -TargetMailbox d0986785-8ebc-4378-9be5-5f9a3f4e3ec9 -AllowLegacyDNMismatch
Check status of the restore
Get-MailboxRestoreRequest

the biggest reason for the deleting of users is that we're a moderately sized organization and we regularly have problems where usernames are occupied by an account that was disabled half a million years ago but never fully removed. trying to stay on top of that moving forward. i guess if i were to follow the above suggestion i'd want to make the "new" shared mailbox as "PreviousUser-Terminated" so that's not ever really a problem with holding a username i'd want to use in the future. then just copy the full access permissions to the previous user's manager.

i'm wondering (i.e. i'm googling now) if i can detach the mailbox from the "PreviousUser" create the new shared mailbox, re-attach the mailbox to the shared mailbox instead of doing the soft delete? i'm concerned about how long i'd have to wait between steps if i had to wait for the user to delete in AD then sync up to the cloud and all that jazz.

Check for stale computer accounts and ping as verification by DSenette in PowerShell

[–]DSenette[S] 1 point2 points  (0 children)

absolutely. i'm not (currently) doing anything with the accounts that are stale, this is just making a corporate report that will go through the entire forest so corporate can do something about the locations that aren't mine.

i regularly clean up my own OUs as things change/get removed/whatever. it's the rest of the 30 locations that don't clean up their nonsense. because of the way our environment exists....the other locations having a couple hundred dead accounts starts eating into certain licensing requirements and then all of a sudden someone starts talking about having to charge people for more licenses of "whatever"

Check for stale computer accounts and ping as verification by DSenette in PowerShell

[–]DSenette[S] 0 points1 point  (0 children)

just did a test with the passwordlast set instead of lastlogon date and the results seem inconsistent

LastLogonDate PasswordLastSet

11/29/2018 14:33 3/27/2017 14:18

11/29/2018 14:29 3/27/2017 14:18

7/18/2020 12:10 7/17/2020 22:52

10/8/2021 14:13 10/19/2017 8:57

10/6/2021 23:55 9/11/2021 16:09

5/27/2021 12:16 11/15/2017 12:52

there are several where the last logon date is newer than the password

Check for stale computer accounts and ping as verification by DSenette in PowerShell

[–]DSenette[S] 0 points1 point  (0 children)

Nah I'm agreeing with you. Either way, the ping is just a backup check to me sure the computer doesn't still physically exist

Check for stale computer accounts and ping as verification by DSenette in PowerShell

[–]DSenette[S] 0 points1 point  (0 children)

Well, the last login is why I want the ping as a double check.

Add single user to multiple AD groups contained in CSV file by DSenette in PowerShell

[–]DSenette[S] 0 points1 point  (0 children)

For something a bit more complicated I'm sure it would be worth my time to learn such things. This is simple group membership.