So much to remember
BrainDump from my daily life in Information Technology
Monday, January 22, 2018
Microsoft.ActiveDirectory.Management.ADPropertyValueCollection | multivalued attributes
:|
$why=get-aduser * -prop servicePrincipalName
$why| where servicePrincipalName|select name,servicePrincipalName |ConvertTo-Csv
gives you
"myadmin","Microsoft.ActiveDirectory.Management.ADPropertyValueCollection"
$why| where servicePrincipalName|select name, @{L='servicePrincipalName'; E={$_.servicePrincipalName}} |ConvertTo-Csv
Thursday, September 28, 2017
Regex and CN to extract name and first OU
need to extract parts of a CN using regex, had to do a quick output, but not happy with the hard coding like "CN="
CN:
CN=LAW\\, JUDE,OU=VIDEO,OU=External,OU=Security - Administrator Accounts,DC=cool,DC=kats
REGEX:
CN=(?<lastname>\w+)\\\\, (?<firstname>\w+),OU=(?<ou>\w+)
RESULT:
Full match | 1-24 | `CN=LAW\\, JUDE,OU=VIDEO` |
Group `lastname` | 4-7 | `LAW` |
Group `firstname` | 11-15 | `JUDE` |
Group `ou` | 19-24 | `VIDEO` |
Monday, August 7, 2017
Extract Primary SMTP from Extract proxyAddresses
we have a situation where mail, primary SMTP (proxyAddresses) & sip address might be different.
$user=$get-aduser -filter * -properties mail,proxyAddresses,msRTCSIP-PrimaryUserAddress
$userlist|select name,SamAccountName,UserPrincipalName,DistinguishedName,Enabled,mail,msRTCSIP-PrimaryUserAddress,@{N='PrimarySMTP'; E={(($_.proxyAddresses | where {$_ -cmatch "SMTP"}) -split(':'))[1]}}
Monday, July 3, 2017
Powershell Calculated Values - RecipientTypeDetails | msExchRecipientTypeDetails
Hi,
sorry will pretty this up when I get a change. :)
want to replace the exchange email value for msExchRecipientTypeDetails with readable text for an Active Directory Users Report
$userlist=Get-adUser -filter * -Properties name,SamAccountName,Enabled,mail,extensionAttribute5,msExchRecipientTypeDetails,extensionAttribute6,company,Department,Manager,office,title,description,CanonicalName,lastlogondate,proxyAddresses,passwordneverexpires,passwordlastset,otherpager,PasswordExpired,whenCreated,AccountExpirationDate,telephoneNumber,otherTelephone,mobile,msRTCSIP-PrimaryUserAddress
$atext=@'
RecipientTypeDetails,ObjectType
1,User Mailbox
2,Linked Mailbox
4,Shared Mailbox
8,Legacy Mailbox
16,Room Mailbox
32,Equipment Mailbox
64,Mail Contact
128,Mail-enabled User
256,Mail-enabled Universal Distribution Group
512,Mail-enabled non-Universal Distribution Group
1024,Mail-enabled Universal Security Group
2048,Dynamic Distribution Group
4096,Mail-enabled Public Folder
8192,System Attendant Mailbox
16384,Mailbox Database Mailbox
32768,Across-Forest Mail Contact
65536,User
131072,Contact
262144,Universal Distribution Group
524288,Universal Security Group
1048576,Non-Universal Group
2097152,Disabled User
4194304,Microsoft Exchange
2147483648,Remote User Mailbox
8589934592,Remote Room Mailbox
17173869184,Remote Equipment Mailbox
34359738368,Remote Shared Mailbox
'@
$RTD=ConvertFrom-Csv $atext
$userlist|select name,SamAccountName,UserPrincipalName,Enabled,mail,msRTCSIP-PrimaryUserAddress,@{N='msExchRecipientTypeDetails'; E={ $user=$_ ;($rtd | where {$_.RecipientTypeDetails -eq $user.msExchRecipientTypeDetails}| select "ObjectType").ObjectType} },extensionAttribute5,extensionAttribute6,company,Department,Manager,office,title,description,CanonicalName,lastlogondate,passwordneverexpires,passwordlastset,otherpager,PasswordExpired,AccountExpirationDate,whenCreated,proxyAddresses|Convert-ADValues | Export-Csv E:\inetpub\reports\activedirectory\UsersList.csv -NoTypeInformation
sorry will pretty this up when I get a change. :)
want to replace the exchange email value for msExchRecipientTypeDetails with readable text for an Active Directory Users Report
$userlist=Get-adUser -filter * -Properties name,SamAccountName,Enabled,mail,extensionAttribute5,msExchRecipientTypeDetails,extensionAttribute6,company,Department,Manager,office,title,description,CanonicalName,lastlogondate,proxyAddresses,passwordneverexpires,passwordlastset,otherpager,PasswordExpired,whenCreated,AccountExpirationDate,telephoneNumber,otherTelephone,mobile,msRTCSIP-PrimaryUserAddress
$atext=@'
RecipientTypeDetails,ObjectType
1,User Mailbox
2,Linked Mailbox
4,Shared Mailbox
8,Legacy Mailbox
16,Room Mailbox
32,Equipment Mailbox
64,Mail Contact
128,Mail-enabled User
256,Mail-enabled Universal Distribution Group
512,Mail-enabled non-Universal Distribution Group
1024,Mail-enabled Universal Security Group
2048,Dynamic Distribution Group
4096,Mail-enabled Public Folder
8192,System Attendant Mailbox
16384,Mailbox Database Mailbox
32768,Across-Forest Mail Contact
65536,User
131072,Contact
262144,Universal Distribution Group
524288,Universal Security Group
1048576,Non-Universal Group
2097152,Disabled User
4194304,Microsoft Exchange
2147483648,Remote User Mailbox
8589934592,Remote Room Mailbox
17173869184,Remote Equipment Mailbox
34359738368,Remote Shared Mailbox
'@
$RTD=ConvertFrom-Csv $atext
$userlist|select name,SamAccountName,UserPrincipalName,Enabled,mail,msRTCSIP-PrimaryUserAddress,@{N='msExchRecipientTypeDetails'; E={ $user=$_ ;($rtd | where {$_.RecipientTypeDetails -eq $user.msExchRecipientTypeDetails}| select "ObjectType").ObjectType} },extensionAttribute5,extensionAttribute6,company,Department,Manager,office,title,description,CanonicalName,lastlogondate,passwordneverexpires,passwordlastset,otherpager,PasswordExpired,AccountExpirationDate,whenCreated,proxyAddresses|Convert-ADValues | Export-Csv E:\inetpub\reports\activedirectory\UsersList.csv -NoTypeInformation
Tuesday, November 22, 2016
Splunk | Never Expire | Table Filter
Splunk search
"'Don't Expire Password' - Enabled" | eval Administrator=mvindex(Account_Name, 0), User=mvindex(Account_Name, -1) | table _time,Administrator,User
indexes the Account Name field then maps out for easy viewing.
<search here> | eval Administrator=mvindex(Account_Name, 0), User=mvindex(Account_Name, -1) | table _time,Administrator,User
"'Don't Expire Password' - Enabled" | eval Administrator=mvindex(Account_Name, 0), User=mvindex(Account_Name, -1) | table _time,Administrator,User
indexes the Account Name field then maps out for easy viewing.
<search here> | eval Administrator=mvindex(Account_Name, 0), User=mvindex(Account_Name, -1) | table _time,Administrator,User
Wednesday, October 19, 2016
GPO Registry Values with recursive array
Sorry using a global array, in function, just needed to get it done. no time today.
Read a GPO, locate the keys need then
Then clone the settings to another GPO
http://pastebin.com/ipDjYMds
Read a GPO, locate the keys need then
Then clone the settings to another GPO
http://pastebin.com/ipDjYMds
Friday, October 14, 2016
Powershell | GPO Link report
[array]$Report = @()
$GPOs = Get-GPO -all | Sort-Object Displayname
foreach ($GPO in $GPOs) {
Write-Host "Processing GPO $($GPO.DisplayName)"
$XMLReport = Get-GPOReport -GUID $($GPO.id) -ReportType xml
$XML = [xml]$XMLReport
foreach ($gpolink in $xml.GPO.LinksTo.SomPath) {
$Report += New-Object PSObject -Property @{
'GPOName' = $xml.gpo.name
'gpoLink' = $gpolink }
}
if ($xml.GPO.LinksTo.SomPath -eq $null) {
$Report += New-Object PSObject -Property @{
'GPOName' = $xml.gpo.name
'gpoLink' = "Nolink" }
}
}
$Report | Export-CSv C:\reporting\GPOLinks.csv
$GPOs = Get-GPO -all | Sort-Object Displayname
foreach ($GPO in $GPOs) {
Write-Host "Processing GPO $($GPO.DisplayName)"
$XMLReport = Get-GPOReport -GUID $($GPO.id) -ReportType xml
$XML = [xml]$XMLReport
foreach ($gpolink in $xml.GPO.LinksTo.SomPath) {
$Report += New-Object PSObject -Property @{
'GPOName' = $xml.gpo.name
'gpoLink' = $gpolink }
}
if ($xml.GPO.LinksTo.SomPath -eq $null) {
$Report += New-Object PSObject -Property @{
'GPOName' = $xml.gpo.name
'gpoLink' = "Nolink" }
}
}
$Report | Export-CSv C:\reporting\GPOLinks.csv
Subscribe to:
Posts (Atom)