hi all,
I am trying to build a powershell script that searches AD, and returns all userobjects that have the logonto property enabled.
(largish AD) (so I can update them all at once…)
I found a sample code in TechNet/msdn what I have is:
this is the search code… it returns “0” if you switch Samaccount to Name it returns all the names…
rem $strFilter = "(&(objectCategory=User)(Department=Finance))"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"
$colProplist = "sAMAccountName"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{$objItem = $objResult.Properties; $objItem.sAMAccountName}
I have the code for the logonto also:
rem Import-CSV C:\scripts\logonto-QRY\input.csv | % {
rem $UserN = $_.UserName
$UserN = $objitem.name
$ComputerN = $_.ComputerName
$ObjFilter = "(&(objectCategory=person)(objectCategory=User)(samaccountname=$UserN))"
$objSearch = New-Object System.DirectoryServices.DirectorySearcher
$objSearch.PageSize = 15000
$objSearch.Filter = $ObjFilter
$objSearch.SearchRoot = "LDAP://....DN here......"
$AllObj = $objSearch.findOne()
$user = [ADSI] $AllObj.path
$ErrorActionPreference = "silentlycontinue"
If (($user.get("userWorkstations")) -ne $null)
{$ComputerN = $user.get("userWorkstations") + $ComputerN}
write-host $userN","$ComputerN
rem Write-host -NoNewLine "Updating $UserN Properties ..."
rem $user.psbase.invokeSet("userWorkstations",$ComputerN)
Write-host "Done!"
$user.setinfo()
}
}
Thoughts?
-Nex6