by rambog at 2012-10-02 11:59:26
I am scanning the tree looking for script paths to be changed. If an incorrect name is found (i.e., vbsNTLogonCombined.bat), it needs to be replaced with another script name (MHSNR-vbsNTLogonCombined.bat). The problem I run into is that methods of Put(), SetInfo(), or CommitChanges() don’t seem to work on the object type I am attempting to work on. How do I effect the change I need to occur within AD (if there is a way without having to invoke Quest tools, I would prefer).by Helmto108 at 2012-10-02 17:15:41
$LogonScriptReportFile = New-Item -type file -force "C:\Lab\UserReports\Logon_Script.csv"
$ObjFilter = "(objectClass=User)"
$objSearch = New-Object System.DirectoryServices.DirectorySearcher
$objSearch.PageSize = 20000
$objSearch.Filter = $ObjFilter
$objSearch.SearchRoot = "LDAP://OU=Lab1,DC=labdomain,DC=lab,DC=org"
$AllObj = $objSearch.FindAll()
foreach ($Obj in $AllObj) {
$objItemT = $Obj.Properties
$UserID = $objItemT.name
$Profile=$objItemT.scriptpath
Write-Host "$UserID has the batch file $Profile"
if ($Profile -eq ‘vbsNTLogonCombined.bat’)
{
Write-Host "$UserID needs to be modified"
$objItemT.scriptpath="Lab-vbsNTLogonCombined.bat"
#$ObjItemT.scriptpath.CommitChanges()
$Obj.Put("scriptpath","MHSNR-vbsNTLogonCombined.bat")
$Obj.setinfo()
"$UserID profile was modified to $Profile"|Out-File $LogonScriptReportFile -encoding ASCII -append
}
}
Hi, do you have access to the AD Module for PowerShell? This might work out for you.by Steve at 2012-10-02 17:25:43
[code2=powershell]$report = @()
$users = Get-ADuser -filter * -searchbase "OU=Lab1,DC=labdomain,DC=lab,DC=org" -Property scriptpath
ForEach ($user in $users) {
If ($User.scriptpath -eq 'vbsNTLogonCombined.bat') {
$temp = $null
$temp = New-Object PSObject
write-host "$($User.name) needs to be modified"
$User.scriptpath = "MHSNR-vbsNTLogonCombined.bat"
$temp | Add-Member -Type NoteProperty -name Name -Value "$($User.Name) was modified to MHSRN-vbsNTLogonCombined.bat"
$report += $temp
Set-ADUser -instance $user
}
}
If ($report -ne @()) {
$report | Export-CSV LogonChangeResults.CSV}[/code2]
That’s actually how I got hooked on Powershell was using it to change out logon scripts.by rambog at 2012-10-04 18:14:26
Using Quest’s AD tool module:
get-qaduser -logonscript BadOldScript.bat | set-qaduser -logonscript NiceNewScript.bat
Using MS’s AD module:
get-aduser -filter {scriptpath -eq "BadOldScript.bat"} | set-aduser -scriptpath "NiceNewScript.bat"
Thank you. I was wondering if there were ways other than the Quest tools or having Windows Server 2008 Domain Controller (which should have installed). It seems that without these toolsets, it is difficult to writing to AD.by RichardSiddaway at 2012-10-06 01:56:35
That’s not correct. The [ADSI] and {ADSISEARCHER] type accelerators expose a scripting interface that is just as powerful as the cmdlets. I haven’t found anything the cmdlets do that you can’t this way. There is also the AD provider which is a lot more capable than I originally thought. See the series of posts I did at http://msmvps.com/blogs/richardsiddaway/default.aspx for a comparison of various ways of using scripts, provider, MS and AD cmdlets