Extract USers BAsed on SamAccountname (Secondary Accounts)

PowerShell Help
1

hello everyone,

i’m new to this forums, i discovred it few days ago, so much helpful people arround here :slight_smile:

i’m new to powershell and wanted a guidance from the professionals,

we have in our little production environment all users with unique codes, and separate account for Admins sharing the same Code with a “_admin” added, so for example :

-Normal user account : USER1 , respective Admin Account : USER1_admin

 

i wan to extract and export all users’s SamAccountNames with their respective admin SAN accounts, and i’m kind of lost. can anyone illuminate me about a way to achieve this ?

 

thanking you all in advance !

2 
Get-ADuser | sort samAccountName
3

sfirita, welcome to Powershell.org. Please take a moment and read the very first post on top of the list of this forum: Read Me Before Posting! You’ll be Glad You Did!.

This forum is for scripting questions rather than script requests. We do not write customized and ready to use scripts or solutions on request.

What exactly is it what you don’t understand? Please show your code - even if it does not work as you expect it or does not work at all.

4

[quote quote=222189]sfirita, welcome to Powershell.org. Please take a moment and read the very first post on top of the list of this forum: Read Me Before Posting! You’ll be Glad You Did!.

This forum is for scripting questions rather than script requests. We do not write customized and ready to use scripts or solutions on request.

… and i’m kind of lost.
What exactly is it what you don’t understand? Please show your code – even if it does not work as you expect it or does not work at all.[/quote]

hello again,

thank you for your answer, yeah i know i didnt ask for a complete script :slight_smile:

just wanted a way out that i can follow, i want to learn , and to do that i have to fail and retry :slight_smile:

so this is my script, which is working fine to extract usersnwith selected attributes :

get-aduser -Server $Server -Filter * -SearchBase "OU=GROUPADMIN,OU=COUNTRY,OU=User-Accounts,DC=EM,DC=cab" -Properties Enabled, SamAccountName, createTimeStamp, Lastlogon, AccountExpires, DisplayName, LockedOut, Description, sn ,
givenName , CanonicalName, mail, Department, physicalDeliveryOfficeName, telephoneNumber, city, memberof |

select enabled, SamAccountName, createtimestamp, @{Name=”LastLogon”;Expression={[DateTime]::FromFileTime($_.lastlogon)}}, @{Name=”accountexpires”;Expression={[DateTime]::FromFileTime($_.accountexpires)}},
DisplayName, LockedOut, Description, sn , givenName , CanonicalName, mail, Department, physicalDeliveryOfficeName, telephoneNumber, city, @{Label="DA";Expression={If($_.MemberOf -join "" -match "CN=Domain Admins,"){"Yes"}Else{"No"}}} | Out-GridView -OutputMode Single

what i want is a way to add another column, where based on the samaccountname i can have the sameaccountnames with a “_a” tag in the end, cause as i explained, we have different admin accounts for the same SAN , differentiated with the “_a” . i hope i explained well my problem, english is not my native language.

5 
# Let's not do ugly please :)
$ParameterList = @{
    Server     = $Server 
    Filter     = '*' 
    SearchBase = 'OU=GROUPADMIN,OU=COUNTRY,OU=User-Accounts,DC=EM,DC=cab'
    Properties = @('Enabled','SamAccountName','createTimeStamp','Lastlogon','AccountExpires',
        'DisplayName','LockedOut','Description','sn ','givenName','CanonicalName','mail',
        'Department','physicalDeliveryOfficeName','telephoneNumber','city','memberof')
}

$PropertyList = @('enabled','SamAccountName','createtimestamp',
    @{Name='LastLogon';Expression={[DateTime]::FromFileTime($_.lastlogon)}},
    @{Name='accountexpires';Expression={[DateTime]::FromFileTime($_.accountexpires)}},
    'DisplayName','LockedOut','Description','sn','givenName','CanonicalName','mail','Department',
    'physicalDeliveryOfficeName','telephoneNumber','city',
    @{Label='DA';Expression={If($_.MemberOf -join '' -match 'CN=Domain Admins,'){'Yes'}Else{'No'}}}
)

$UserList = Get-ADUser @ParameterList | select $PropertyList 
# $UserList | Out-GridView -OutputMode Single

$AdminList = $UserList | where SamAccountName -Match '_admin'
$NotAdminList = $UserList | where SamAccountName -NotMatch '_admin'
$NotAdminList | Add-Member -MemberType NoteProperty -Name 'AdminSamAccountName' -Value '' -EA 0 
$NotAdminList | foreach {
    $_.AdminSamAccountName = ($AdminList | where where SamAccountName -Match $_.SamAccountName).SamAccountName
}
$NotAdminList | Out-GridView -OutputMode Single
6

Another approach if you don’t need tons of properties from the admin account:

$users = Get-ADUser -Filter * |
         Select Name,
                SamAccountName,
                @{Name='Admin';Expression={Get-ADUser -Filter "SamAccountName -eq 'admin-$_.SamAccountName'"}}

Not tested, but something like this should be possible.

7

thanks everyone for your help, i’ve got some ideas, i’ll try this out, and will let you know :slight_smile: thans a lot again !