Wednesday, September 28, 2011

Powershell OU Management

I like this post hence pasting it as is from the site
http://dmitrysotnikov.wordpress.com/2007/05/04/ou-management-with-powershell/

Get the list of OUs:
PS C:> Get-QADObject -Type OrganizationalUnit  

Name               Type               DN
----               ----               --
Domain Controllers organizationalUnit OU=Domain Controllers,DC=ps64,DC=local
Microsoft Excha... organizationalUnit OU=Microsoft Exchange Security Groups,DC=ps64,DC=local

Create New OU in domain root:
PS C:\> New-QADObject -Type organizationalUnit -Name TestOU -ParentContainer ps64.local/
Name               Type               DN
----               ----               --
TestOU             organizationalUnit OU=TestOU,DC=ps64,DC=local

Create 5 test users in the new OU:
PS C:> 1..5 | ForEach { New-QADUser -ParentContainer ps64.local/TestOU -Name ("TestUser" + $_)}
Name               Type               DN
----               ----               --
TestUser1          user               CN=TestUser1,OU=TestOU,DC=ps64,DC=local
TestUser2          user               CN=TestUser2,OU=TestOU,DC=ps64,DC=local
TestUser3          user               CN=TestUser3,OU=TestOU,DC=ps64,DC=local
TestUser4          user               CN=TestUser4,OU=TestOU,DC=ps64,DC=local
TestUser5          user               CN=TestUser5,OU=TestOU,DC=ps64,DC=local

Get a list of users in an OU (and all nested OUs):
PS C:\> Get-QADUser -SearchRoot ps64.local/TestOU
Name               Type               DN
----               ----               --
TestUser1          user               CN=TestUser1,OU=TestOU,DC=ps64,DC=local
TestUser2          user               CN=TestUser2,OU=TestOU,DC=ps64,DC=local
TestUser3          user               CN=TestUser3,OU=TestOU,DC=ps64,DC=local
TestUser4          user               CN=TestUser4,OU=TestOU,DC=ps64,DC=local
TestUser5          user               CN=TestUser5,OU=TestOU,DC=ps64,DC=local

Get only users placed directly in the OU (and not in sub-OUs):
PS C:\> Get-QADUser -SearchRoot ps64.local/TestOU -SearchScope OneLevel
Name               Type               DN
----               ----               --
TestUser1          user               CN=TestUser1,OU=TestOU,DC=ps64,DC=local
TestUser2          user               CN=TestUser2,OU=TestOU,DC=ps64,DC=local
TestUser3          user               CN=TestUser3,OU=TestOU,DC=ps64,DC=local
TestUser4          user               CN=TestUser4,OU=TestOU,DC=ps64,DC=local
TestUser5          user               CN=TestUser5,OU=TestOU,DC=ps64,DC=local

Modify all users from an OU:
PS C:\> Get-QADUser -SearchRoot ps64.local/TestOU | Set-QADUser -City TestCity
PS C:> Get-QADUser -SearchRoot ps64.local/TestOU | Format-Table Name, City
Name                                                City
----                                                ----
TestUser1                                           TestCity
TestUser2                                           TestCity
TestUser3                                           TestCity
TestUser4                                           TestCity
TestUser5                                           TestCity

Get statistics on the number of objects in each OU:
PS C:\> Get-QADObject -Type organizationalUnit | foreach { Write-Host $_.Name: (Get-QADObject -SearchRoot $_.DN).Count}
Domain Controllers : 5
Microsoft Exchange Security Groups : 6
TestOU : 6


Get the list of AD objects by OU:
PS C:\> Get-QADObject -Type organizationalUnit | foreach { Write-Host ([char]10) $_.Name ([char]10); Get-QADObject -SearchRoot $_.DN }
Domain Controllers  

Name               Type               DN
----               ----               --
Domain Controllers organizationalUnit OU=Domain Controllers,DC=ps64,DC=local
SPB9880            computer           CN=SPB9880,OU=Domain Controllers,DC=ps64,DC=local
RID Set            rIDSet             CN=RID Set,CN=SPB9880,OU=Domain Controllers,DC=ps64,DC=local
NTFRS Subscript... nTFRSSubscriptions CN=NTFRS Subscriptions,CN=SPB9880,OU=Domain Controllers,DC=ps64,DC=local
Domain System V... nTFRSSubscriber    CN=Domain System Volume (SYSVOL share),CN=NTFRS Subscriptions,CN=SPB9880,OU=Do...  

Microsoft Exchange Security Groups  

Microsoft Excha... organizationalUnit OU=Microsoft Exchange Security Groups,DC=ps64,DC=local
Exchange Servers   group              CN=Exchange Servers,OU=Microsoft Exchange Security Groups,DC=ps64,DC=local
Exchange Organi... group              CN=Exchange Organization Administrators,OU=Microsoft Exchange Security Groups,...
Exchange Recipi... group              CN=Exchange Recipient Administrators,OU=Microsoft Exchange Security Groups,DC=...
Exchange View-O... group              CN=Exchange View-Only Administrators,OU=Microsoft Exchange Security Groups,DC=...
ExchangeLegacyI... group              CN=ExchangeLegacyInterop,OU=Microsoft Exchange Security Groups,DC=ps64,DC=local  

TestOU  

TestOU             organizationalUnit OU=TestOU,DC=ps64,DC=local
TestUser1          user               CN=TestUser1,OU=TestOU,DC=ps64,DC=local
TestUser2          user               CN=TestUser2,OU=TestOU,DC=ps64,DC=local
TestUser3          user               CN=TestUser3,OU=TestOU,DC=ps64,DC=local
TestUser4          user               CN=TestUser4,OU=TestOU,DC=ps64,DC=local
TestUser5          user               CN=TestUser5,OU=TestOU,DC

Friday, July 8, 2011

Powershell - List All Folders and Subfolders

dir -recurse | Where-Object { $_.PSIsContainer } | ForEach-Object { $_.FullName }
First, you list everything from your current location. To filter out only folders, we then filter for PSIsContainer, a property that is always true for folders. Finally, we output each folders' full path.

From: http://powershell.com/cs/blogs/tips/archive/2009/07/22/list-all-folders-and-subfolders.aspx

Thursday, July 7, 2011

Powershell to get ACLs for folders and subfolders

I have been searching this for long time. Now i have found out

 dir -recurse | Where-Object { $_.PSIsContainer } | Get-Acl

dir -recurse - Is to get all folders and subfolders
$_.PSIsContainer  - Is to check whether the object is a directory or a file
Get-ACL - to get ACLs for folders

Tuesday, June 14, 2011

Dsquery to find a email address in AD

dsquery * domainroot -filter "((proxyaddresses=*domain.com))" -scope subtree -attr displayname

* - to Find any object class user,group etc
domainroot - Where to search 
-filter - What to search
-scope - At what level base or subtree it has to search
-attr - what attributes needs to be displayed with the filtered results


Monday, June 13, 2011

Enumerate members of a group directly from Active directory custom search

This command will be useful particulerly if you are migrating large number of users to an other exchange server. Add all the members to migrate to this group and enumerate using the below command from dsa.msc, add Homemdb members column. There are other ways (Scripting, powershell etc) but i find this easier.


(ObjectClass=User)(
ObjectCategory=Person)(memberOf=CN=TestGroup,OU=Test-Service Acct,dc=,dc=,dc=com)

Dont forget to fill in the DC names :)