Solved

help to modify an script and change to powershell

Posted on 2013-11-07
11
354 Views
Last Modified: 2013-11-08
Hello Experts,

I need your help you to convert an script that was written using AD quest shell commands to a power shell script.

This script was written a while back and the intent is to dynamic update the a distribution list name “Self-Service” with users in xxx domain that have extensionAttribute1 set to “Employee” or “Contractor”

Basically before running the script, I verified that John Doe account is not a member of the Self-Service DL.  When script is ran and completed, John Doe account is still not added to the DL Self-Service.


Self-service is a universal security group that exist in my domain

Any ideas?
0
Comment
Question by:Jerry Seinfield
11 Comments
 
LVL 44

Expert Comment

by:Rainer Jeschor
ID: 39632050
Hi,
did you want to attach/post the script? The script is missing.
Thanks.
Rainer
0
 

Author Comment

by:Jerry Seinfield
ID: 39632302
My bad

Attached is the script
SubscribeUserstoDL.txt
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39632367
Can we assume the ActiveDirectory  PS module is available (that is, we are on W2008R2+ domain)?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39632628
@febenitezc,  The script  which you posted is a PowerShell script and it uses Quest Active directory cmdlets.. I don't see any issue with script.. Are you getting any error while running the script? Did you check John Doe account and see if the extensionAttribute1 is set to Contractor or Employee?
0
 

Author Comment

by:Jerry Seinfield
ID: 39633427
Hi Subsun,

yes, the account has the extensionattribute1 set to Employee.

I ran the script from Windows powershell and got  the error below. The script runs fine from Active Role Management Shell, no errors, however the user is not added to the DL

Please see the 2 attached files

Is there a chance that you can write the script in power shell?

Can you please also add a comment that indicates the account was successfully added to the group?

Can you please export the results to a log file on c drive or any path?
ErrorRanFromPowerShellConsole.jpg
ResultsFromActiveRolesManagement.jpg
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:Jerry Seinfield
ID: 39633470
Guys,

we have another script that runs on another server but basically is a copy of first script, and runs OK.

Please see last attached script, the first script has a little difference in the lines below

$userArray = Get-QADUser -DontUseDefaultIncludedProperties -LDAPFilter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(|(extensionAttribute1=Contractor)(extensionAttribute1=Employee)))" -IncludedProperties name,dn,extensionAttribute1


$userArray = Get-QADUser -DontUseDefaultIncludedProperties -LDAPFilter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)((extensionAttribute1=Employee)))" -IncludedProperties name,dn,extensionAttribute1


As you can see, the first script is calling both contractor and employee attributes, the second one only consider employee. but my issue is with the first script that is supposed to add the user to the DL and from active roles management server roles is not displaying any errors and is supposed to be OK
test.txt
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39633483
The existing script will work. You just need to add -resultsize 0 Parameter to Get-Qadser in your code. currently The command process only 1000 result. that's the reason for this issue.
0
 

Author Comment

by:Jerry Seinfield
ID: 39633514
can you please paste the code with the updates?
0
 

Author Comment

by:Jerry Seinfield
ID: 39633518
with your recommendation, the account will be add to the DL?
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39633611
Yes.. BTB parameter is sizelimit, resultsize is for microsoft commands
$userArray = Get-QADUser -sizelimit 0 -DontUseDefaultIncludedProperties -LDAPFilter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(|(extensionAttribute1=Contractor)(extensionAttribute1=Employee)))" -IncludedProperties name,dn,extensionAttribute1

Open in new window

0
 

Author Closing Comment

by:Jerry Seinfield
ID: 39633767
Thanks Subsun, you rock
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This article shows how a content item can be identified directly or through translation of a navigation type. It then shows how this information can be used to create a menu for further navigation.
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now