creative555
asked on
powershell help
Hi,
I have the following script and it works. I am new to powershell. Could you please modify it so that I can add more than one trustee using input file or comma separated values. I tried to add more than one trustee - for example -trustee domain\user1, domain\user2 but it doesn't accept more than one value.
I have the following script and it works. I am new to powershell. Could you please modify it so that I can add more than one trustee using input file or comma separated values. I tried to add more than one trustee - for example -trustee domain\user1, domain\user2 but it doesn't accept more than one value.
EXAMPLE
.\Get-Set-ADAccountasLocalAdministrator.ps1.ps1 -Computer 'Server01,Server02' -Trustee Contoso\HRManagers
.EXAMPLE
.\Set-ADAccountasLocalAdministrator.ps1 -InputFile C:\ListofComputers.txt -Trustee User01
param(
[Parameter(ParameterSetName='InputFile')]
[string]
$InputFile,
[Parameter(ParameterSetName='Computer')]
[string]
$Computer,
[string]
$Trustee
)
<#
.SYNOPSIS
Function that resolves SAMAccount and can exit script if resolution fails
#>
function Resolve-SamAccount {
param(
[string]
$SamAccount,
[boolean]
$Exit
)
process {
try
{
$ADResolve = ([adsisearcher]"(samaccountname=$Trustee)").findone().properties['samaccountname']
}
catch
{
$ADResolve = $null
}
if (!$ADResolve) {
Write-Warning "User `'$SamAccount`' not found in AD, please input correct SAM Account"
if ($Exit) {
exit
}
}
$ADResolve
}
}
if (!$Trustee) {
$Trustee = Read-Host "Please input trustee"
}
if ($Trustee -notmatch '\\') {
$ADResolved = (Resolve-SamAccount -SamAccount $Trustee -Exit:$true)
$Trustee = 'WinNT://',"$env:userdomain",'/',$ADResolved -join ''
} else {
$ADResolved = ($Trustee -split '\\')[1]
$DomainResolved = ($Trustee -split '\\')[0]
$Trustee = 'WinNT://',$DomainResolved,'/',$ADResolved -join ''
}
if (!$InputFile) {
if (!$Computer) {
$Computer = Read-Host "Please input computer name"
}
[string[]]$Computer = $Computer.Split(',')
$Computer | ForEach-Object {
$_
Write-Host "Adding `'$ADResolved`' to Administrators group on `'$_`'"
try {
([ADSI]"WinNT://$_/Administrators,group").add($Trustee)
Write-Host -ForegroundColor Green "Successfully completed command for `'$ADResolved`' on `'$_`'"
} catch {
Write-Warning "$_"
}
}
}
else {
if (!(Test-Path -Path $InputFile)) {
Write-Warning "Input file not found, please enter correct path"
exit
}
Get-Content -Path $InputFile | ForEach-Object {
Write-Host "Adding `'$ADResolved`' to Administrators group on `'$_`'"
try {
([ADSI]"WinNT://$_/Administrators,group").add($Trustee)
Write-Host -ForegroundColor Green "Successfully completed command"
} catch {
Write-Warning "$_"
}
}
}ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Qlemo
That has been my first thought, too, but its getting very unefficient for a list of machines. Also, the code is a little cumbersome.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello,
thank you so much!
This works great now with foreach loop! Also, I tried the revised script but it is missing parentheses somewhere. Could you pls paste it again.
I am getting an error for the remote computers....WARNING: The following exception occurred while retrieving member "add": "The network path was not found
I wonder if we can use remote-powershelling here and invoke-command somehow.
powershell remoting is enabled and all computers are 2012. I was listening to youtube video and they say it is the best to use it for remote computers.
https://www.youtube.com/watch?v=WUgbMKOhShg
if I do this:
invoke-command pc01,pc02,pc02 {get-eventlog -logname } etc I don't get error about network path....but for this current script I do.....
Can we use invoke command with this script? what would be the command?
thank you so much!
This works great now with foreach loop! Also, I tried the revised script but it is missing parentheses somewhere. Could you pls paste it again.
I am getting an error for the remote computers....WARNING: The following exception occurred while retrieving member "add": "The network path was not found
I wonder if we can use remote-powershelling here and invoke-command somehow.
powershell remoting is enabled and all computers are 2012. I was listening to youtube video and they say it is the best to use it for remote computers.
https://www.youtube.com/watch?v=WUgbMKOhShg
if I do this:
invoke-command pc01,pc02,pc02 {get-eventlog -logname } etc I don't get error about network path....but for this current script I do.....
Can we use invoke command with this script? what would be the command?
ASKER
oh hey,
actually i tried this below but still get network not found error. I am having issue with pinging those computers. it is timing out. not sure if smth is blocking ping requests but script is working!!
invoke-command {Get-Content C:\CFscript2\Trustee.txt | % {.\Set-ADAccountasLocalAdm
thank you so much!
actually i tried this below but still get network not found error. I am having issue with pinging those computers. it is timing out. not sure if smth is blocking ping requests but script is working!!
invoke-command {Get-Content C:\CFscript2\Trustee.txt | % {.\Set-ADAccountasLocalAdm
thank you so much!
ASKER
both solutions are great!! I could pick only one best answer. thank you so much!