Solved

need from your expertise to build a powershell script

Posted on 2014-02-25
13
328 Views
Last Modified: 2014-03-13
Hello Experts


I have been given a task from the finance department to help them to chargeback for SASAPP users and write a PowerShell script to automate and alleviate the need for someone to do manual reporting each month.  

So here’s the challenge:

Write a PowerShell script that will produce a csv file that contains unique SASAPP Users, the columns in the csv should be username, firstname, lastname, departmentnumber.

The csv should be timestamped somehow with when it was created so that Finance can do an audit at a later date.

People are granted access to SASAPP using two Security Groups, RDS_SAS and RDS_SAS2 so if they are in one of those Security Groups, Finance will charge them.

The departmentNumber AD User attribute actually contains a cost centre code that Finance will use for the chargeback.

Can someone help me to write this powershell script and test?

Your feedback is really appreciated
0
Comment
Question by:Jerry Seinfield
  • 8
  • 4
13 Comments
 
LVL 19

Expert Comment

by:Melih SARICA
ID: 39888533
as i understand u need a script to list users in a AD security-group with desired fields..

Is that true?
0
 

Author Comment

by:Jerry Seinfield
ID: 39888728
The script is supposed to produce a csv file with only users from a specific application. FYI SASAPP is a third party application that we used for telephony and chargeback based on some criteria. The SASAPP users are contained on the two distribution groups below explained

Please see details below

Write a PowerShell script that will produce a csv file that contains unique SASAPP Users, the columns in the csv should be username, firstname, lastname, departmentnumber.

The csv should be timestamped somehow with when it was created so that Finance can do an audit at a later date.

People are granted access to SASAPP using two Security Groups, RDS_SAS and RDS_SAS2 so if they are in one of those Security Groups, Finance will charge them.

The departmentNumber AD User attribute actually contains a cost centre code that Finance will use for the chargeback.
0
 

Author Comment

by:Jerry Seinfield
ID: 39890004
Any updates?

Subsun, can you please provide your input here?
0
 

Author Comment

by:Jerry Seinfield
ID: 39890697
Can I please get an update?
0
 

Author Comment

by:Jerry Seinfield
ID: 39892509
Good Afternoon all PowerShell Experts and Team,

Can anyone please pick up this case and provide some sort of support here?

Your feedback is really appreciated

Looking forward hearing from you
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39896657
would you please be a little more clear about what you need?

you mentioned about a timestamp csv file but what timestamp do you need?

the user access the application? or the user logon to their computer?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:Jerry Seinfield
ID: 39896685
Hi Justin,

There is a third party application called SAS that is integrated with AD.  People are granted access to this application using two Security Groups, RDS_SAS and RDS_SAS2 so if they are in one of those Security Groups in AD, they will access the app.

Each user connect to their computer using a domain account and access the application via web. The only users that have access to this application are the ones who are member of the security groups explained above

Every month the finance department has to create a manual report  with some parameters such as username, firstname, lastname, departmentnumber information that is pulled out from AD. Each domain user in our AD has an attribute called The departmentNumber  which actually contains a cost centre and this code cost centre will used by finance to chargeback users.

Request

The challenge is  to write a PowerShell script that will produce a csv file with only users from the application[users members of the 2 security groups above]

The columns in the csv should be username, firstname, lastname, departmentnumber

The csv should be timestamped somehow with when it was created so that Finance can do an audit at a later date. Perhaps or correct me if i wrong create the file name  with the actual format datetime when it was created, for example SASReport2282014 and include a column inside the csv file with the time it was created, or maybe something else

Please see the notes below

People are granted access to SAS using two Security Groups, RDS_SAS and RDS_SAS2 so if they are in one of those Security Groups, Finance will charge them.

The departmentNumber AD User attribute actually contains a cost centre code that Finance will use for the chargeback

I hope you have a better understanding of the request

SO, basically we need a script to list users in a AD security-groups with desired fields, create a csv based on that information, and validate the csv is timestamped somehow and export the information on this csv with those fields
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39896712
import-module activedirectory
$groups = get-adgroup | ? {$_.Name -eq "RDS_SAS" -or $_.name "RDS_SAS2"}
foreach {$group in $groups}
{
$date = (get-date).tostring("MMddyyyy")
$path = "\\path\path\SASReport" + $date + ".txt"
get-adgroupmember $group.name -properties * | ft Name,Givename,Surname, departmentnumber | out-file $path -append
}


this should work for what you need.
0
 

Author Comment

by:Jerry Seinfield
ID: 39897213
Thanks Justin,

what line of your code creates the csv based on that information?

Where the csv file is timestamped and the information on the csv is exported to a file?
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39900504
$path = "\\path\path\SASReport" + $date + ".txt"


it is a txt file since it needs to be appended.

on $date = (get-date).tostring("MMddyyyy"), which means $date = MMddyyyy

$path will equal "\\path\path\SASReportMMddyyyy.txt"
0
 

Author Comment

by:Jerry Seinfield
ID: 39900680
should i replace path\path with a network location so should I leave it as this?
0
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 500 total points
ID: 39900872
I made a bit changes that makes the out come better and tested it....

import-module activedirectory
$groups = get-adgroup -filter * | ?  {$_.Name -eq "RDS_SAS" -or $_.name "RDS_SAS2"}
foreach ($group in $groups)
{
$Users = get-adgroupmember $group.name
foreach ($user in $users)
{
$Userinfo = Get-ADUser -id $user.SamAccountName -Properties *

$array = @()
$Properties = @{Name=$Userinfo.Name;LastName=$Userinfo.surname;FirstName=$Userinfo.givenname;"Department Number"=$Userinfo.departmentnumber;"Group Name"=$group.name}

$Newobject = New-Object  PSObject -Property  $Properties

$Array +=$Newobject

 

$date = (get-date).tostring("MMddyyyy")
$path = "your path" + $date + ".csv"

$array | Select-Object Name,LastName,FirstName,@{Name="Department Number";Expression={$userinfo.departmentNumber}},"Group Name" | export-csv $path -Append

}
}


note: it requires powershell 3.0 to support -append under export-csv
0
 

Author Comment

by:Jerry Seinfield
ID: 39910352
Thanks Justin

Allow me some time to do full testing and will get back to you
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

In this previous article (https://oddytee.wordpress.com/2016/05/05/provision-new-office-365-user-and-mailbox-from-exchange-hybrid-via-powershell/), we made basic license assignments to users in O365. When I say basic, the method is the simplest way …
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now