Solved

Help With a Powershell Command

Posted on 2011-09-02
9
1,709 Views
Last Modified: 2012-06-27
I have a PowerShell command to find all users that do not have the fields "Enable Federation", and " Enable Enhanced Presence" checked for Office communicator.

The command that works is;
Get-QADUser –Sizelimit 0 -IncludedProperties msRTCSIP-FederationEnabled,msRTCSIP-UserEnabled | Where {$_.'msRTCSIP-UserEnabled' -eq $true } | WHERE {$_.'msRTCSIP-FederationEnabled' -ne $true } |select name, msRTCSIP-FederationEnabled |

What I'm having trouble with is using this command to set the followiong value to true.
msRTCSIP-FederationEnabled

Any help would be appreciated.
0
Comment
Question by:LindyS
  • 6
  • 2
9 Comments
 
LVL 16

Expert Comment

by:Dale Harris
ID: 36474143
I would step it out to see if it's a null value, true/false, or empty string.

$User = Get-QADUser "TestUser" -includedproperties msRTCSIP-FederationEnabled

$User.msRTCSIP-FederationEnabled

$User.msRTCSIP-FederationEnabled = $True

Does that work?

If so, try this:
Get-QADUser –Sizelimit 0 -IncludedProperties msRTCSIP-FederationEnabled,msRTCSIP-UserEnabled | Where {$_.'msRTCSIP-UserEnabled' -eq $true } | WHERE {$_.'msRTCSIP-FederationEnabled' -ne $true } | %{$_.msRTCSIP-FederationEnabled = $True}

You can also make it a tiny bit easier for you to understand if you take away the last part in a pipeline and use an actual Foreach command like this:

$Users = Get-QADUser –Sizelimit 0 -IncludedProperties msRTCSIP-FederationEnabled,msRTCSIP-UserEnabled | ? {($_.'msRTCSIP-UserEnabled' -eq $true) -and ($_.'msRTCSIP-FederationEnabled' -ne $true) }

Foreach ($User in $Users){
Write-Host "Setting $($User.samaccountname) to Federation Enabled = True"
$User.msRTCSIP-FederationEnabled = $True
}


Haven't tested this code, just shooting from the hip, but I think that should get you where you need to be.  Please don't just copy and paste it and say "It doesn't work" without trying to see where the error might be (could be a typo).  I've never worked with Officer Communicator but have worked with AD for a long time.

HTH,

Dale Harris
0
 
LVL 16

Expert Comment

by:Dale Harris
ID: 36474155
And does it matter if every single user is supposed to take this command, you could just set all users to enabled/true.

Would that work better?  Or do you need to avoid people that don't have UserEnabled = True?

Just a thought.

Dale
0
 
LVL 3

Author Comment

by:LindyS
ID: 36474446
No I can't set all accounts, it has to be just the ones that are msRTCSIP-UserEnabled.

Thanks for the suggestion, but I am not at work so I can't test the solution.
I will try when I get back in the morning.

I'll play with it a little more then.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 16

Expert Comment

by:Dale Harris
ID: 36474495
Okay, then the other solution provided should work for you.  Looking forward to a response.

DH
0
 
LVL 27

Accepted Solution

by:
KenMcF earned 500 total points
ID: 36476698
You will need to use the set-qaduser cmdlet for this. Take the code that Dale has posted but just change this

Foreach ($User in $Users){
Write-Host "Setting $($User.samaccountname) to Federation Enabled = True"
Set-qaduser $user -objectattributes @{msRTCSIP-FederationEnabled=$True}
}


or from your original post you can add this

Get-QADUser –Sizelimit 0 -IncludedProperties msRTCSIP-FederationEnabled,msRTCSIP-UserEnabled | Where {$_.'msRTCSIP-UserEnabled' -eq $true} | Where {$_.'msRTCSIP-FederationEnabled' -ne $true } | Set-qaduser -ObjectAttributes @{msRTCSIP-FederationEnabled = $True}

Another option would be to use a LDAP filter.

get-qaduser -LDAPFILTER "(&(msRTCSIP-FederationEnabled=True)(msRTCSIP-UserEnabled=True))" | Set-qaduser -ObjectAttributes @{msRTCSIP-FederationEnabled=$True}



Like Dale I am unable to test these since I do not have Office communicator.
0
 
LVL 16

Expert Comment

by:Dale Harris
ID: 36476797
Ahh it's not a native property of AD, so it makes sense it would have to be changed through objectattributes.

Good catch, Ken.
0
 
LVL 3

Author Closing Comment

by:LindyS
ID: 36476838
This solution works as needed.
I only had to make one minor change and enclose the field in quotes.

 @{'msRTCSIP-FederationEnabled' = $True}

Thanks for the help!
0
 
LVL 16

Expert Comment

by:Dale Harris
ID: 36476884
Would it be too much to ask for a point split between myself and Ken?  I think Ken would agree.
0
 
LVL 16

Expert Comment

by:Dale Harris
ID: 36476889
At second glance, I see that you really only needed that one bit of code that Ken provided since you had everything else.  Disregard the last comment I made.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question