?
Solved

Help With a Powershell Command

Posted on 2011-09-02
9
Medium Priority
?
1,742 Views
Last Modified: 2012-06-27
I have a PowerShell command to find all users that do not have the fields "Enable Federation", and " Enable Enhanced Presence" checked for Office communicator.

The command that works is;
Get-QADUser –Sizelimit 0 -IncludedProperties msRTCSIP-FederationEnabled,msRTCSIP-UserEnabled | Where {$_.'msRTCSIP-UserEnabled' -eq $true } | WHERE {$_.'msRTCSIP-FederationEnabled' -ne $true } |select name, msRTCSIP-FederationEnabled |

What I'm having trouble with is using this command to set the followiong value to true.
msRTCSIP-FederationEnabled

Any help would be appreciated.
0
Comment
Question by:LindyS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
9 Comments
 
LVL 16

Expert Comment

by:Dale Harris
ID: 36474143
I would step it out to see if it's a null value, true/false, or empty string.

$User = Get-QADUser "TestUser" -includedproperties msRTCSIP-FederationEnabled

$User.msRTCSIP-FederationEnabled

$User.msRTCSIP-FederationEnabled = $True

Does that work?

If so, try this:
Get-QADUser –Sizelimit 0 -IncludedProperties msRTCSIP-FederationEnabled,msRTCSIP-UserEnabled | Where {$_.'msRTCSIP-UserEnabled' -eq $true } | WHERE {$_.'msRTCSIP-FederationEnabled' -ne $true } | %{$_.msRTCSIP-FederationEnabled = $True}

You can also make it a tiny bit easier for you to understand if you take away the last part in a pipeline and use an actual Foreach command like this:

$Users = Get-QADUser –Sizelimit 0 -IncludedProperties msRTCSIP-FederationEnabled,msRTCSIP-UserEnabled | ? {($_.'msRTCSIP-UserEnabled' -eq $true) -and ($_.'msRTCSIP-FederationEnabled' -ne $true) }

Foreach ($User in $Users){
Write-Host "Setting $($User.samaccountname) to Federation Enabled = True"
$User.msRTCSIP-FederationEnabled = $True
}


Haven't tested this code, just shooting from the hip, but I think that should get you where you need to be.  Please don't just copy and paste it and say "It doesn't work" without trying to see where the error might be (could be a typo).  I've never worked with Officer Communicator but have worked with AD for a long time.

HTH,

Dale Harris
0
 
LVL 16

Expert Comment

by:Dale Harris
ID: 36474155
And does it matter if every single user is supposed to take this command, you could just set all users to enabled/true.

Would that work better?  Or do you need to avoid people that don't have UserEnabled = True?

Just a thought.

Dale
0
 
LVL 3

Author Comment

by:LindyS
ID: 36474446
No I can't set all accounts, it has to be just the ones that are msRTCSIP-UserEnabled.

Thanks for the suggestion, but I am not at work so I can't test the solution.
I will try when I get back in the morning.

I'll play with it a little more then.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 16

Expert Comment

by:Dale Harris
ID: 36474495
Okay, then the other solution provided should work for you.  Looking forward to a response.

DH
0
 
LVL 27

Accepted Solution

by:
KenMcF earned 2000 total points
ID: 36476698
You will need to use the set-qaduser cmdlet for this. Take the code that Dale has posted but just change this

Foreach ($User in $Users){
Write-Host "Setting $($User.samaccountname) to Federation Enabled = True"
Set-qaduser $user -objectattributes @{msRTCSIP-FederationEnabled=$True}
}


or from your original post you can add this

Get-QADUser –Sizelimit 0 -IncludedProperties msRTCSIP-FederationEnabled,msRTCSIP-UserEnabled | Where {$_.'msRTCSIP-UserEnabled' -eq $true} | Where {$_.'msRTCSIP-FederationEnabled' -ne $true } | Set-qaduser -ObjectAttributes @{msRTCSIP-FederationEnabled = $True}

Another option would be to use a LDAP filter.

get-qaduser -LDAPFILTER "(&(msRTCSIP-FederationEnabled=True)(msRTCSIP-UserEnabled=True))" | Set-qaduser -ObjectAttributes @{msRTCSIP-FederationEnabled=$True}



Like Dale I am unable to test these since I do not have Office communicator.
0
 
LVL 16

Expert Comment

by:Dale Harris
ID: 36476797
Ahh it's not a native property of AD, so it makes sense it would have to be changed through objectattributes.

Good catch, Ken.
0
 
LVL 3

Author Closing Comment

by:LindyS
ID: 36476838
This solution works as needed.
I only had to make one minor change and enclose the field in quotes.

 @{'msRTCSIP-FederationEnabled' = $True}

Thanks for the help!
0
 
LVL 16

Expert Comment

by:Dale Harris
ID: 36476884
Would it be too much to ask for a point split between myself and Ken?  I think Ken would agree.
0
 
LVL 16

Expert Comment

by:Dale Harris
ID: 36476889
At second glance, I see that you really only needed that one bit of code that Ken provided since you had everything else.  Disregard the last comment I made.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question