Jerry Seinfield
asked on
help to modify an script and change to powershell
Hello Experts,
I need your help you to convert an script that was written using AD quest shell commands to a power shell script.
This script was written a while back and the intent is to dynamic update the a distribution list name “Self-Service” with users in xxx domain that have extensionAttribute1 set to “Employee” or “Contractor”
Basically before running the script, I verified that John Doe account is not a member of the Self-Service DL. When script is ran and completed, John Doe account is still not added to the DL Self-Service.
Self-service is a universal security group that exist in my domain
Any ideas?
I need your help you to convert an script that was written using AD quest shell commands to a power shell script.
This script was written a while back and the intent is to dynamic update the a distribution list name “Self-Service” with users in xxx domain that have extensionAttribute1 set to “Employee” or “Contractor”
Basically before running the script, I verified that John Doe account is not a member of the Self-Service DL. When script is ran and completed, John Doe account is still not added to the DL Self-Service.
Self-service is a universal security group that exist in my domain
Any ideas?
ASKER
Can we assume the ActiveDirectory PS module is available (that is, we are on W2008R2+ domain)?
@febenitezc, The script which you posted is a PowerShell script and it uses Quest Active directory cmdlets.. I don't see any issue with script.. Are you getting any error while running the script? Did you check John Doe account and see if the extensionAttribute1 is set to Contractor or Employee?
ASKER
Hi Subsun,
yes, the account has the extensionattribute1 set to Employee.
I ran the script from Windows powershell and got the error below. The script runs fine from Active Role Management Shell, no errors, however the user is not added to the DL
Please see the 2 attached files
Is there a chance that you can write the script in power shell?
Can you please also add a comment that indicates the account was successfully added to the group?
Can you please export the results to a log file on c drive or any path?
ErrorRanFromPowerShellConsole.jpg
ResultsFromActiveRolesManagement.jpg
yes, the account has the extensionattribute1 set to Employee.
I ran the script from Windows powershell and got the error below. The script runs fine from Active Role Management Shell, no errors, however the user is not added to the DL
Please see the 2 attached files
Is there a chance that you can write the script in power shell?
Can you please also add a comment that indicates the account was successfully added to the group?
Can you please export the results to a log file on c drive or any path?
ErrorRanFromPowerShellConsole.jpg
ResultsFromActiveRolesManagement.jpg
ASKER
Guys,
we have another script that runs on another server but basically is a copy of first script, and runs OK.
Please see last attached script, the first script has a little difference in the lines below
$userArray = Get-QADUser -DontUseDefaultIncludedPro perties -LDAPFilter "(&(objectCategory=person) (objectCla ss=user)(! userAccoun tControl:1 .2.840.113 556.1.4.80 3:=2)(|(ex tensionAtt ribute1=Co ntractor)( extensionA ttribute1= Employee)) )" -IncludedProperties name,dn,extensionAttribute 1
$userArray = Get-QADUser -DontUseDefaultIncludedPro perties -LDAPFilter "(&(objectCategory=person) (objectCla ss=user)(! userAccoun tControl:1 .2.840.113 556.1.4.80 3:=2)((ext ensionAttr ibute1=Emp loyee)))" -IncludedProperties name,dn,extensionAttribute 1
As you can see, the first script is calling both contractor and employee attributes, the second one only consider employee. but my issue is with the first script that is supposed to add the user to the DL and from active roles management server roles is not displaying any errors and is supposed to be OK
test.txt
we have another script that runs on another server but basically is a copy of first script, and runs OK.
Please see last attached script, the first script has a little difference in the lines below
$userArray = Get-QADUser -DontUseDefaultIncludedPro
$userArray = Get-QADUser -DontUseDefaultIncludedPro
As you can see, the first script is calling both contractor and employee attributes, the second one only consider employee. but my issue is with the first script that is supposed to add the user to the DL and from active roles management server roles is not displaying any errors and is supposed to be OK
test.txt
The existing script will work. You just need to add -resultsize 0 Parameter to Get-Qadser in your code. currently The command process only 1000 result. that's the reason for this issue.
ASKER
can you please paste the code with the updates?
ASKER
with your recommendation, the account will be add to the DL?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Subsun, you rock
did you want to attach/post the script? The script is missing.
Thanks.
Rainer