Wednesday, August 28, 2013

Powershell Add Users CSV to AD Group

Hi,

Need import a list of users into a group.
Add-groupmember normally has a break down if the user already exists.
so added some checks and balances before adding them.
user account that are written to screen dont exist in AD

#Grab the Users
$lolz = Import-Csv .\users0813.csv
#locate the Group
$group = get-adgroup remoteaccess
#get existing members
$groupmembers = Get-ADGroupMember $group

#go Silent so that can peform the get-aduser without erros
$ErrorActionPreference="SilentlyContinue"
foreach ($user in $lolz) {

#check if user exist in AD
$target=get-aduser $user.'default login'
if (!$target){
# display missing ppls
  Write-Host $user.'default login'
  } Else {
    # check if already a member of the group
    If(!($groupmembers.samaccountname -contains $user.'default login')){
    #add to group
    Add-ADGroupMember $group -Members $user.'default login'
    }
  }
  #set back to null for next persome
  $target=$null
}
$ErrorActionPreference="Continue"
Posted by at No comments:
Labels: ,

Thursday, June 27, 2013

windows eventlogs filtering

using eventlog forwarding\subscriptions to pass event to central monitoring server
which then is indexed by splunk.
(this saves having to put out universal forwarders or other things on our Domain Controllers)

so AD is tracking changes with eventlogs 5136
it also tracks changes like dnsnode updates etc.
as we only want the user object changes (at the moment)
and exclude certain eventdata

Using a custom view to pull the 5136 events from remove domain controllers

 <querylist>
 <query Id="0" Path="Security">
   <select Path="Security">
          *[System[(EventID=5136)]] and *[EventData[Data[@Name='ObjectClass'] and (Data='user')]]
     </Select>
      <suppress Path="Security">
       *[EventData[Data[@Name='AttributeLDAPDisplayName'] and (Data='userCertificate')]]
     </Suppress>
  </Query>
</QueryList>

was getting locale errors with eventlogs so had to set system language to english(united states)


good link for info about Auditing AD:
http://blogs.technet.com/b/askpfeplat/archive/2012/04/22/who-moved-the-ad-cheese.aspx
Posted by at No comments:
Labels: , , , ,

Monday, June 17, 2013

Added prettyify to my blog


Using the code from here https://code.google.com/p/google-code-prettify/
Followed the guide http://www.simplebloggertutorials.com/2013/03/add-syntax-highlighter-blogger.html

:)
Posted by at No comments:

Add\Import multiple CSV to excel 




# Now get a list of all csv files in current directory :)
$targetcsv=dir *.csv

#Create a new Excel object and add a new workbook. 
$Excel = New-Object -ComObject excel.application 
$Excel.visible = $true
$workbooks = $excel.Workbooks.Add()
$worksheets = $workbooks.worksheets
#Delete the extra worksheets and rename the first worksheet.
$worksheets.Item(3).delete()
$worksheets.Item(2).delete()
#Add worksheets based on the count of files
$count=1

foreach ( $CSVFile in $targetcsv ){
        IF ($count -ne 1){ $worksheets.Add()}
        #Write-Host $CSVFile.BaseName
        #Select worksheet 
        $worksheet = $worksheets.Item(1)
        #Give it a updated name
        $worksheet.Name = $CSVFile.BaseName
 
        #Grab the CSV
        $TxtConnector = ("TEXT;" + $CSVfile.fullname)
        $CellRef = $worksheet.Range("A1")
 
        #Import the text file
        $Connector = $worksheet.QueryTables.add($TxtConnector,$CellRef)
        $worksheet.QueryTables.item($Connector.name).TextFileCommaDelimiter = $True
        $worksheet.QueryTables.item($Connector.name).TextFileParseType  = 1
        $worksheet.QueryTables.item($Connector.name).Refresh()
        $worksheet.QueryTables.item($Connector.name).delete()
        
        #make pretty
        $worksheet.UsedRange.EntireColumn.AutoFit()
        #loop for fun!
        $count=$count+1        
        write-host $count

        }
Posted by at No comments:

Wednesday, May 22, 2013

Windows 2012 data dedupe antivirus exclusions

Since I couldn't find any on the interwebs, some monitoring lead to.

Process - fsdmhost.exe
Folder - <drive>\System Volume Information\Dedup\*

/NM
Posted by at No comments:
Labels: , ,

Tuesday, May 21, 2013

Backup Folder Security to CSV with Powershell


thanks to whoever I stole the rescurse depth limit from :)

# Get the folder security and save it to csv
# -------------------------
$Date= get-date -Format yyyyMMdd
#Group path already includes two '\' so add 2 to folder level required
$Depth=3
# Obtain the files
$Rfolders=Get-ChildItem E:\group -recurse -Attributes Directory | % {$_.FullName.ToString()} | foreach {$var=$_;$count=(0..($_.length - 1) | where {$var[$_] -eq "\"}).count;if($count -le $Depth) {$_}}
# Obtain the folder security information and log to file
$LogFile = 'E:\group\GroupSecurityBackup_'+$date+ '.log'
$Rfolders | Get-Acl | Export-Csv $LogFile -Force

# Restoring individual folder
#--------------------------
# 1st- Import Acl back
 $ResFolder = import-csv E:\group\GroupSecurityBackup_<date>.log
#
# 2nd- Check acl for a specific folder
$Resfolder |Get-Acl | where {$_.path -like "*E:\group\test1\test2"}
#
# 3rd- To restore acl for a specific folder (this example we are exporting to another folder)
$acl = get-acl E:\group\testme
$acl.SetSecurityDescriptorSddlForm(($Resfolder |Get-Acl | where {$_.path -like "*E:\group\test1\test2"}).sddl)
set-acl E:\group\testme $acl

# Restoring Complete Tree Rebuld and ReSecure
# ---------------------------
$ResFolder = import-csv E:\group\GroupSecurityBackup_<date>.log
 foreach ($folder in $ResFolder) {
   write-host $folder.Path
   mkdir $folder.Path
   $acl = get-acl $folder.Path
   $acl.SetSecurityDescriptorSddlForm($folder.Sddl)
   set-acl $folder.Path $acl
   } 
Posted by at No comments:
Labels: , , ,

Monday, May 6, 2013

powershell test file date time

$testfile="d:\temp\testflie_"+(Get-Date -Format yyyyMMdd-HHmm).ToString()+".log"

result
d:\temp\testflie_20130506-1735.log

Posted by at No comments:
Subscribe to: Posts (Atom)