[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

QuestOne PowerShell

Posted on 2014-08-25
13
Medium Priority
?
343 Views
Last Modified: 2014-08-29
I'm trying to use :
http://mikefrobbins.com/2012/10/04/use-powershell-to-copy-the-group-membership-of-one-active-directory-user-to-another-active-directory-user-account/

But when I enter :
Get-QADUser 'username' |
, next line goes to >>

Then no other commands work -

Should be :
Get-QADUser 'username' |
Get-QADMemberOf


How can I use this software correct?
Thanks
0
Comment
Question by:mvalencia2003
  • 7
  • 6
13 Comments
 
LVL 4

Author Comment

by:mvalencia2003
ID: 40283776
or this one =

Get-QADUser 'username' |
Get-QADMemberOf |
Add-QADGroupMember -Member 'username'

after first line , next line goes to :
>>
0
 
LVL 29

Expert Comment

by:becraig
ID: 40283792
you are piping the command when you use "|" so powershell is waiting for something else .

Just run the command without the "|"


If you are at the powershell prompt use the pipes on the same line:
E.g

Get-QADUser 'username' | Get-QADMemberOf |Add-QADGroupMember -Member 'username'
0
 
LVL 4

Author Comment

by:mvalencia2003
ID: 40283957
got error =
Add-QADGroupMember : Access is denied.
At line:1 char:63
+ Get-QADUser 'username'| Get-QADMemberOf |Add-QADGroupMember <<<<  -Member 'username'
    + CategoryInfo          : NotSpecified: (:) [Add-QADGroupMember], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Quest.ActiveRoles.ArsPowerShellSnapIn.Commands.AddGro
   upMemberCmdlet2
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 29

Expert Comment

by:becraig
ID: 40284016
This indicates you do not have permissions to modify the group you are trying to make changes to.

I would suggest you start another question to troubleshoot issue with any potential ACL issues on your AD objects.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40284327
Can you try running this as administrator and see if you get a different response ?
0
 
LVL 4

Author Comment

by:mvalencia2003
ID: 40285728
on powershell I shift + right click and selected run as a different user , logged on with Admin AD account -

still get error : Add-QADGroupMember : Access is denied.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40285818
Can you share the exact command you are running.
0
 
LVL 4

Author Comment

by:mvalencia2003
ID: 40285877
Get-QADUser 'username' | Get-QADMemberOf | Add-QADGroupMember -Member 'username'
0
 
LVL 4

Author Comment

by:mvalencia2003
ID: 40285879
error =

Add-QADGroupMember : Access is denied.
At line:1 char:64
+ Get-QADUser 'username' | Get-QADMemberOf | Add-QADGroupMember <<<<  -Member 'username'
    + CategoryInfo          : NotSpecified: (:) [Add-QADGroupMember], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Quest.ActiveRoles.ArsPowerShellSnapIn.Commands.AddGro
   upMemberCmdlet2
0
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 40285909
Hmmm
This would be the correct syntax
Add-QADGroupMember -Identity 'groupname' -Member 'username'

What exactly are you doing here, it looks like you are getting the properties for a user:
Get-QADUser 'username'
Then getting the groups that user is a member of:
Get-QADMemberOf

Then I am not sure on the last step since you are Adding the user now to what group ?
There is no group specified here...
Add-QADGroupMember  -Member 'username'

If you are trying to add another user tho those groups, then you would do this:

Get-QADUser 'username' | Get-QADMemberOf |  % {Add-QADGroupMember -Identity $_ -Member '<newusername>'}

Open in new window

0
 
LVL 4

Author Comment

by:mvalencia2003
ID: 40285982
gave 16 of these :

Add-QADGroupMember : Cannot resolve directory object for the given identity: '<newusername>'.
At line:1 char:68
+ Get-QADUser 'username' | Get-QADMemberOf |  % {Add-QADGroupMember <<<<  -Identity $_ -Member '<newusername>'}
    + CategoryInfo          : NotSpecified: (:) [Add-QADGroupMember], ObjectNotFoundException
    + FullyQualifiedErrorId : Quest.ActiveRoles.ArsPowerShellSnapIn.DirectoryAccess.ObjectNotFoundException,Quest.Acti
   veRoles.ArsPowerShellSnapIn.Commands.AddGroupMemberCmdlet2
0
 
LVL 29

Expert Comment

by:becraig
ID: 40286004
identity: '<newusername>' HAS to be the user you now want to add to those groups.

Please take a look at the page you are referencing this from.

You are taking the membership from one group and adding another user to those groups, there are also a lot of other concerns eg:
where name -ne 'domain users'

you will also have to add that to your script, so your script will be
$user1 = "<some user>"; $user2 = "<Some other user>"; Get-QADUser $user1|Get-QADMemberOf |where name -ne 'domain users' | Add-QADGroupMember -Member $user2

Open in new window



This is pretty much what the page references.
You NEED to provide the user input values.
0
 
LVL 4

Author Closing Comment

by:mvalencia2003
ID: 40293005
Thanks
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question