by Peeps3240 at 2012-09-11 05:07:35
as an add on to my password project i have this script running at 8am every morning through taskmanager. is there a way i can alter the script to only generate those that fall under the cn=user. there are some admin accounts in there that while this wont generally affect the process i would just like to trim out the fat so to speakby poshoholic at 2012-09-11 05:35:36
my script looks like this
[script=powershell]C:\scripts\password.ps1 | Format-Table -Property * -Autosize | Out-String -Width 4096 | Out-File C]
Yes, that should be easy to do. You can use Where-Object either in your password.ps1 file directly to filter out the entries you don’t want, or you can use Where-Object in the pipeline between the invocation of password.ps1 and the Format-Table cmdlet. I forget what properties you are working with, but let’s assume that your script returns objects that have a property called container that contains a DN of the container you want. In that case it might look something like this:by Peeps3240 at 2012-09-11 06:42:00C:\scripts\password.ps1 | Where-Object {$.Container -like 'cn=user,*'} | Format-Table -Property * -Autosize | Out-String -Width 4096 | Out-File C]
If you don’t have the container in a separate property, but you do have DN in a property, then it might look like this instead:C:\scripts\password.ps1 | Where-Object {$
.DN -like ',cn=user,'} | Format-Table -Property * -Autosize | Out-String -Width 4096 | Out-File C]
If there are a lot of these, you may also want to consider server-side filtering, which can often be done using the cmdlets used to retrieve the objects you are reporting on via a Filter parameter or some other parameter to indicate exactly what objects you want to return. In this case though it sounds like you don’t have many objects you want to filter out, in which case client-side filtering is probably just fine.
ok, i think i see what i need to do, instead of userby poshoholic at 2012-09-11 06:55:19
is there a way to only bring back the information if there is a email address associated?
Yes, you can do that. I just reviewed your original script again. You want something like this:by Peeps3240 at 2012-09-11 07:19:58if ($mail = $.properties.item("mail")) {
$info = 1 | Select-Object Name, Email, Age, LastSet
$info.Name = $account.SamAccountName[0]
$info.Email = $mail
$info.Age = $age
$info.LastSet = $pwdset
$info
}
That will only create and return the into object if the mail variable is not null or empty.
by coderaven at 2012-09-11 07:32:17$filter = ‘(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountControl:1.2.840.113556.1.4.803:=2))’
$root = New-Object System.DirectoryServices.DirectoryEntry("LDAP://DC=Ardex;DC=COM")
$searcher = New-Object System.DirectoryServices.DirectorySearcher $filter
$SearchRoot = $root.defaultNamingContext
$searcher.SearchRoot = "LDAP://CN=Users,$SearchRoot"
$searcher.SearchScope = ‘SubTree’
$searcher.SizeLimit = 0
$searcher.PageSize = 1000
$searcher.FindAll() | Foreach-Object {
$account = $.GetDirectoryEntry()
$pwdset = [datetime]::fromfiletime($.properties.item("pwdLastSet")[0])
$age = (New-TimeSpan $pwdset).Days
if ($mail = $.properties.item("mail")) {
$info = 1 | Select-Object Name, Email, Age, LastSet
$info.Name = $account.SamAccountName[0]
$info.Email = $mail
$info.Age = $age
$info.LastSet = $pwdset
$info
}
}
this still brings back accounts with blank email addresses. i have played around with it a bit but im sure i am just overlooking something simple.
on a related note, i do have a dummies book coming in so i can learn what i need to do. so far i get some of the commands (i am mostly helpdesk) so it is starting to make sense to me a little at a time. i do appreciate your patience with me and my questions
The easiest approach I can think of is to not get users without an email in your filterby Peeps3240 at 2012-09-11 07:43:36
[quote="Peeps3240"]$filter = '(&(objectCategory=person)(objectClass=user)(!userAccountControl]
$filter = ‘(&(objectCategory=person)(objectClass=user)(!userAccountControl](mail=*)[/b])’
Now you don’t have to worry about trying to filter it out in your loop.
many many thanks.
that worked