Solved

help to modify an script and change to powershell

Posted on 2013-11-07
11
355 Views
Last Modified: 2013-11-08
Hello Experts,

I need your help you to convert an script that was written using AD quest shell commands to a power shell script.

This script was written a while back and the intent is to dynamic update the a distribution list name “Self-Service” with users in xxx domain that have extensionAttribute1 set to “Employee” or “Contractor”

Basically before running the script, I verified that John Doe account is not a member of the Self-Service DL.  When script is ran and completed, John Doe account is still not added to the DL Self-Service.


Self-service is a universal security group that exist in my domain

Any ideas?
0
Comment
Question by:Jerry Seinfield
11 Comments
 
LVL 44

Expert Comment

by:Rainer Jeschor
ID: 39632050
Hi,
did you want to attach/post the script? The script is missing.
Thanks.
Rainer
0
 

Author Comment

by:Jerry Seinfield
ID: 39632302
My bad

Attached is the script
SubscribeUserstoDL.txt
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39632367
Can we assume the ActiveDirectory  PS module is available (that is, we are on W2008R2+ domain)?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39632628
@febenitezc,  The script  which you posted is a PowerShell script and it uses Quest Active directory cmdlets.. I don't see any issue with script.. Are you getting any error while running the script? Did you check John Doe account and see if the extensionAttribute1 is set to Contractor or Employee?
0
 

Author Comment

by:Jerry Seinfield
ID: 39633427
Hi Subsun,

yes, the account has the extensionattribute1 set to Employee.

I ran the script from Windows powershell and got  the error below. The script runs fine from Active Role Management Shell, no errors, however the user is not added to the DL

Please see the 2 attached files

Is there a chance that you can write the script in power shell?

Can you please also add a comment that indicates the account was successfully added to the group?

Can you please export the results to a log file on c drive or any path?
ErrorRanFromPowerShellConsole.jpg
ResultsFromActiveRolesManagement.jpg
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:Jerry Seinfield
ID: 39633470
Guys,

we have another script that runs on another server but basically is a copy of first script, and runs OK.

Please see last attached script, the first script has a little difference in the lines below

$userArray = Get-QADUser -DontUseDefaultIncludedProperties -LDAPFilter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(|(extensionAttribute1=Contractor)(extensionAttribute1=Employee)))" -IncludedProperties name,dn,extensionAttribute1


$userArray = Get-QADUser -DontUseDefaultIncludedProperties -LDAPFilter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)((extensionAttribute1=Employee)))" -IncludedProperties name,dn,extensionAttribute1


As you can see, the first script is calling both contractor and employee attributes, the second one only consider employee. but my issue is with the first script that is supposed to add the user to the DL and from active roles management server roles is not displaying any errors and is supposed to be OK
test.txt
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39633483
The existing script will work. You just need to add -resultsize 0 Parameter to Get-Qadser in your code. currently The command process only 1000 result. that's the reason for this issue.
0
 

Author Comment

by:Jerry Seinfield
ID: 39633514
can you please paste the code with the updates?
0
 

Author Comment

by:Jerry Seinfield
ID: 39633518
with your recommendation, the account will be add to the DL?
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39633611
Yes.. BTB parameter is sizelimit, resultsize is for microsoft commands
$userArray = Get-QADUser -sizelimit 0 -DontUseDefaultIncludedProperties -LDAPFilter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(|(extensionAttribute1=Contractor)(extensionAttribute1=Employee)))" -IncludedProperties name,dn,extensionAttribute1

Open in new window

0
 

Author Closing Comment

by:Jerry Seinfield
ID: 39633767
Thanks Subsun, you rock
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Windows Server Update Service (WSUS) is free for everyone, but it lacks of some desirable features like send an e-mail to the administrator with the status of all computers on the WSUS server. This article is based on my PowerShell script …
"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now