hi all,
I am trying to build a powershell script that searches AD, and returns all userobjects that have the logonto property enabled.
(largish AD) (so I can update them all at once…)
I found a sample code in TechNet/msdn what I have is:
this is the search code… it returns “0” if you switch Samaccount to Name it returns all the names…
rem $strFilter = "(&(objectCategory=User)(Department=Finance))" $objDomain = New-Object System.DirectoryServices.DirectoryEntry $objSearcher = New-Object System.DirectoryServices.DirectorySearcher $objSearcher.SearchRoot = $objDomain $objSearcher.PageSize = 1000 $objSearcher.Filter = $strFilter $objSearcher.SearchScope = "Subtree" $colProplist = "sAMAccountName" foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)} $colResults = $objSearcher.FindAll() foreach ($objResult in $colResults) {$objItem = $objResult.Properties; $objItem.sAMAccountName}
I have the code for the logonto also:
rem Import-CSV C:\scripts\logonto-QRY\input.csv | % { rem $UserN = $_.UserName $UserN = $objitem.name $ComputerN = $_.ComputerName $ObjFilter = "(&(objectCategory=person)(objectCategory=User)(samaccountname=$UserN))" $objSearch = New-Object System.DirectoryServices.DirectorySearcher $objSearch.PageSize = 15000 $objSearch.Filter = $ObjFilter $objSearch.SearchRoot = "LDAP://....DN here......" $AllObj = $objSearch.findOne() $user = [ADSI] $AllObj.path $ErrorActionPreference = "silentlycontinue" If (($user.get("userWorkstations")) -ne $null) {$ComputerN = $user.get("userWorkstations") + $ComputerN} write-host $userN","$ComputerN rem Write-host -NoNewLine "Updating $UserN Properties ..." rem $user.psbase.invokeSet("userWorkstations",$ComputerN) Write-host "Done!" $user.setinfo() } }
Thoughts?
-Nex6