Monday, January 22, 2018

Microsoft.ActiveDirectory.Management.ADPropertyValueCollection | multivalued attributes


:|

$why=get-aduser * -prop servicePrincipalName

$why| where servicePrincipalName|select name,servicePrincipalName |ConvertTo-Csv

gives you
"myadmin","Microsoft.ActiveDirectory.Management.ADPropertyValueCollection"

 $why| where servicePrincipalName|select name, @{L='servicePrincipalName'; E={$_.servicePrincipalName}} |ConvertTo-Csv

Thursday, September 28, 2017

Regex and CN to extract name and first OU



need to extract parts of a CN using regex, had to do a quick output, but not happy with the hard coding like "CN="

CN:
CN=LAW\\, JUDE,OU=VIDEO,OU=External,OU=Security - Administrator Accounts,DC=cool,DC=kats

REGEX:
CN=(?<lastname>\w+)\\\\, (?<firstname>\w+),OU=(?<ou>\w+)

RESULT:

Full match1-24`CN=LAW\\, JUDE,OU=VIDEO`
Group `lastname`4-7`LAW`
Group `firstname`11-15`JUDE`
Group `ou`19-24`VIDEO`

Monday, August 7, 2017

Extract Primary SMTP from Extract proxyAddresses


we have a situation where mail, primary SMTP (proxyAddresses) & sip address might be different.

$user=$get-aduser -filter * -properties mail,proxyAddresses,msRTCSIP-PrimaryUserAddress

$userlist|select name,SamAccountName,UserPrincipalName,DistinguishedName,Enabled,mail,msRTCSIP-PrimaryUserAddress,@{N='PrimarySMTP'; E={(($_.proxyAddresses |  where {$_ -cmatch "SMTP"}) -split(':'))[1]}}

Monday, July 3, 2017

Powershell Calculated Values - RecipientTypeDetails | msExchRecipientTypeDetails

Hi,

sorry will pretty this up when I get a change. :)

want to replace the exchange email value for msExchRecipientTypeDetails with readable text for an Active Directory Users Report


$userlist=Get-adUser -filter * -Properties name,SamAccountName,Enabled,mail,extensionAttribute5,msExchRecipientTypeDetails,extensionAttribute6,company,Department,Manager,office,title,description,CanonicalName,lastlogondate,proxyAddresses,passwordneverexpires,passwordlastset,otherpager,PasswordExpired,whenCreated,AccountExpirationDate,telephoneNumber,otherTelephone,mobile,msRTCSIP-PrimaryUserAddress

$atext=@'
RecipientTypeDetails,ObjectType
1,User Mailbox
2,Linked Mailbox
4,Shared Mailbox
8,Legacy Mailbox
16,Room Mailbox
32,Equipment Mailbox
64,Mail Contact
128,Mail-enabled User
256,Mail-enabled Universal Distribution Group
512,Mail-enabled non-Universal Distribution Group
1024,Mail-enabled Universal Security Group
2048,Dynamic Distribution Group
4096,Mail-enabled Public Folder
8192,System Attendant Mailbox
16384,Mailbox Database Mailbox
32768,Across-Forest Mail Contact
65536,User
131072,Contact
262144,Universal Distribution Group
524288,Universal Security Group
1048576,Non-Universal Group
2097152,Disabled User
4194304,Microsoft Exchange
2147483648,Remote User Mailbox
8589934592,Remote Room Mailbox
17173869184,Remote Equipment Mailbox
34359738368,Remote Shared Mailbox
'@

$RTD=ConvertFrom-Csv $atext

$userlist|select name,SamAccountName,UserPrincipalName,Enabled,mail,msRTCSIP-PrimaryUserAddress,@{N='msExchRecipientTypeDetails'; E={ $user=$_ ;($rtd | where {$_.RecipientTypeDetails -eq $user.msExchRecipientTypeDetails}| select "ObjectType").ObjectType} },extensionAttribute5,extensionAttribute6,company,Department,Manager,office,title,description,CanonicalName,lastlogondate,passwordneverexpires,passwordlastset,otherpager,PasswordExpired,AccountExpirationDate,whenCreated,proxyAddresses|Convert-ADValues  | Export-Csv E:\inetpub\reports\activedirectory\UsersList.csv -NoTypeInformation

Tuesday, November 22, 2016

Splunk | Never Expire | Table Filter

Splunk search

"'Don't Expire Password' - Enabled"  | eval Administrator=mvindex(Account_Name, 0), User=mvindex(Account_Name, -1) | table _time,Administrator,User

indexes the Account Name field then maps out for easy viewing.

<search here>  | eval Administrator=mvindex(Account_Name, 0), User=mvindex(Account_Name, -1) | table _time,Administrator,User

Wednesday, October 19, 2016

GPO Registry Values with recursive array

Sorry using a global array, in function, just needed to get it done. no time today.
Read a GPO, locate the keys need then
Then clone the settings to another GPO

http://pastebin.com/ipDjYMds

Friday, October 14, 2016

Powershell | GPO Link report

[array]$Report = @()

$GPOs = Get-GPO -all | Sort-Object Displayname

foreach ($GPO in $GPOs) {


    Write-Host "Processing GPO $($GPO.DisplayName)"
    $XMLReport = Get-GPOReport -GUID $($GPO.id) -ReportType xml
    $XML = [xml]$XMLReport

    foreach ($gpolink in $xml.GPO.LinksTo.SomPath) {
        $Report += New-Object PSObject -Property @{
       'GPOName' = $xml.gpo.name
            'gpoLink' = $gpolink }
       }

    if ($xml.GPO.LinksTo.SomPath -eq $null) {
       $Report += New-Object PSObject -Property @{
       'GPOName' = $xml.gpo.name
            'gpoLink' = "Nolink" }
            }
       
}

$Report | Export-CSv C:\reporting\GPOLinks.csv