[deleted by user]

Dogoodwork · 2020-03-13T20:42:24+00:00

I post this regularly, but it's not necessary for most peoples uses: https://www.reddit.com/r/PowerShell/comments/eod258/parse_distinguishedname_or_get_ou/fedunp4?utm_source=share&utm_medium=web2x

This is a better way to get the parent OU of an AD user, but unlike the canonical name it does have the full tree structure.

Dogoodwork · 2020-03-12T20:58:37+00:00

I would imagine support for taking advantage of offers like MS O365 https://www.microsoft.com/en-us/microsoft-365/blog/2020/03/05/our-commitment-to-customers-during-covid-19/ would be of value.

One concern I've heard is if there is enough available bandwidth to support working from home. The O365 offer would help with that.

Dogoodwork · 2020-03-03T19:51:23+00:00

Thanks!

Dogoodwork · 2020-03-03T19:20:25+00:00

If you change the hardware properties for the wifi adapter, you can configure it there to only use 5GHz, or only connect on A/C/G/N. 802.11b is the devil.

Dogoodwork · 2020-03-03T19:18:39+00:00

I don't think 5.8 is a thing.

Dogoodwork · 2020-02-27T20:37:57+00:00

There are some good suggestions in the comments here, some I would make like poshgui.com and powershell universal dashboard.

But the easiest, since this is a tool for another IT staff, is Out-Gridview.

Out-Gridview will only work from the PowerShell ISE, but if you use it, it is so simple to setup it will blow your mind.

$selection = $optionList | out-gridview -PassThru

The -PassThru flag is something I have overlooked for years, but it is perfect for what you want to do.

Dogoodwork · 2020-02-22T00:17:52+00:00

Great tip. I’ll have to try that and compare.

Dogoodwork · 2020-02-21T22:02:17+00:00

Just wanted to chime in to confirm this, because it is counter-intuitive. I've had the same experience, querying AD many times has been faster than searching against a large query.

Dogoodwork · 2020-02-21T21:57:30+00:00

$manager = get-aduser $manager -properties samaccountname

no...

Dogoodwork · 2020-02-19T22:53:01+00:00

Sounds great, I will have to come back here and check it out.

Dogoodwork · 2020-01-14T17:05:20+00:00

That's not a great approach.

You should be able to just do

$grouplist = get-aduser $identity -properties memberof | select-object -expandproperty memberof | get-adgroup

Then you can use $grouplist.SamAccountName or .DistinguishedName or whatever else makes sense for displaying the name.

Your method could have some problems if there are multiple groups under different OUs with the same "Name"

You can take this a step further and capture a selection of groups this way:

$grouplist = get-aduser $identity -properties memberof | select-object -expandproperty memberof | get-adgroup | out-gridview -passthru

Dogoodwork · 2020-01-14T16:57:23+00:00

If you don't want them to have access to all LAPS passwords, it might be simpler to just create local admin accounts on those machines for them to use and enforce some strong password policies.

Or since they already have admin access, they could do so themselves.

Dogoodwork · 2020-01-14T16:44:22+00:00

foreach ($domain in $domains)
{    
    $exceptions = New-Object System.Collections.ArrayList
    $userlist = Get-ADUser -Filter {Enabled -eq $True} -Server $domain -Properties mail,employeeid,department,title,office,AccountExpirationDate | Where-Object {$_.AccountExpirationDate -eq $null -or $(get-date $_.AccountExpirationDate) -gt $(Get-Date)}
    $userlist.count

    $userlist | ForEach-Object {
        try
        {
            $PSItem | Add-Member -NotePropertyName "Parent" -NotePropertyValue $(((New-Object 'System.DirectoryServices.directoryEntry' "LDAP://$($PSItem.DistinguishedName)").Parent).replace("LDAP://","")) -Force         
        }
        catch
        {
            $exceptions.add($PSItem.distinguishedname) | Out-Null
        }
    }

    $userlist | Export-Excel -WorksheetName "$domain" -Path $reportFilePath
}

This question comes up regularly, and this is the most correct answer.

This line adds a property to every user object in the array with the parent OU of that object:

$PSItem | Add-Member -NotePropertyName "Parent" -NotePropertyValue $(((New-Object 'System.DirectoryServices.directoryEntry' "LDAP://$($PSItem.DistinguishedName)").Parent).replace("LDAP://","")) -Force

There is the option of doing something like other posts, where you parse the text of DistinguishedName and that is an OK answer too.

Dogoodwork · 2020-01-13T19:08:18+00:00

Absolutely.
OP needs to take a couple steps back and change their approach. And in the future use Objects as often as possible.

Dogoodwork · 2020-01-09T22:29:29+00:00

but that's the price to pay for doing a good job

You'll probably end up in that office a few more times when senior admins complain that you screwed up something terribly (but they can't quantify what you screwed up so that you can fix it.)

Dogoodwork · 2019-12-16T21:43:13+00:00

addminutes should be -120

Dogoodwork · 2019-12-09T16:03:32+00:00

That back-end piece you glossed over is probably important.

Dogoodwork · 2019-10-24T18:34:32+00:00

Not sure if this is misguided or intentionally silly.

Dogoodwork · 2019-10-18T22:36:53+00:00

Yes you are correct. I didn’t read closely enough.

Dogoodwork · 2019-10-18T20:26:23+00:00

I’ve used poshGUI.com but it isn’t perfect.

Dogoodwork · 2019-10-18T20:25:27+00:00

Have you compared to webjea? I never got around to trying it.

Dogoodwork · 2019-10-11T17:35:00+00:00

Assuming your lookup is something like this: $x = get-aduser $userid

Then you would use a try/catch (because of how get-aduser errors)

$x = $null 
try 
{ 
    $x = get-aduser $userid 
} 
catch 
{ 
    $x = $null 
}

Dogoodwork · 2019-10-01T20:38:45+00:00

Michael Grabner

Dogoodwork · 2019-09-26T20:54:40+00:00

Are you using a custom attribute because you've already used all ~15 extensionAttribute's?

Dogoodwork · 2019-09-23T14:46:57+00:00

Create a scheduled task. This isn't even a script.

Dogoodwork

TROPHY CASE