Powershell Get-ADUser returns Computer objects as well ???! How to prevent.

Similar Messages

• How to add SaveFileDialog to PowerShell Get-ADUser Export-CSV

  Hi,
  I am having a bit of difficulties with getting the SaveFileDialog to work when I use the Get-ADUser export-CSV.
  Current code:
  $handler_Output_Click=
  $User = Get-Aduser $textBox1.Text -Properties DisplayName,sAMAccountName,EmailAddress,Mobile,Company,Title,Enabled,LockedOut,Description,Created,Modified,LastLogonDate,AccountExpirationDate,AccountLockoutTime,BadLogonCount,CannotChangePassword,LastBadPasswordAttempt,PasswordLastSet,PasswordExpired,LogonWorkstations,CanonicalName | Select DisplayName,sAMAccountName,EmailAddress,Mobile,Company,Title,Enabled,LockedOut,Description,Created,Modified,LastLogonDate,AccountExpirationDate,AccountLockoutTime,BadLogonCount,CannotChangePassword,LastBadPasswordAttempt,PasswordLastSet,PasswordExpired,LogonWorkstations,CanonicalName | Export-CSV C:\temp\test.csv -NoTypeInformation ';' -encoding utf8
  $richTextBox1.Text = "A file 'test.csv' has been created to C:\temp\ based on the user: $($textBox1.Text)"
  Here a specific filename is already defined and I have to edit the code each time I want a different filename.
  It would be perfect if I could implement the SaveFileDialog box so I have the ability to name the file before saving and possibly even have the option to select the file type (among .CSV and All files).
  This it the export/output button itself:
  $System_Drawing_Point = New-Object System.Drawing.Point
  $System_Drawing_Point.X = 502
  $System_Drawing_Point.Y = 38
  $Output.Location = $System_Drawing_Point
  $Output.Name = "Output"
  $System_Drawing_Size = New-Object System.Drawing.Size
  $System_Drawing_Size.Height = 23
  $System_Drawing_Size.Width = 85
  $Output.Size = $System_Drawing_Size
  $Output.TabIndex = 2
  $Output.Text = "Export as file"
  $Output.UseVisualStyleBackColor = $True
  $Output.add_Click($handler_Output_Click)
  # $form1.AcceptButton = $Output
  $Output.DataBindings.DefaultDataSourceUpdateMode = 0
  $form1.Controls.Add($Output)
  And in the beginning of my script I also have defined the following:
  [System.Windows.Forms.Application]::EnableVisualStyles();
  [reflection.assembly]::loadwithpartialname("System.Windows.Forms") | Out-Null
  [reflection.assembly]::loadwithpartialname("System.Drawing") | Out-Null
  [reflection.assembly]::loadwithpartialname("System.Windows.Forms.SaveFileDialog") | Out-Null
  And also:
  $Output = New-Object System.Windows.Forms.Button
  Any ideas how can I implement the SaveFileDialog so when I press the "Export as file" button the PowerShell command "Get-Aduser $textBox1.Text -Properties DisplayName,sAMAc..." is ran and I can choose the file name from a pop-up
  dialog box where to save the file and also put a filename? Currently I have to edit the code in order to assign a new file name (or go rename the file from that location).
  Thank you in advance,
  Henri
  EDIT:
  I know that the below is the answer to the SaveFileDialog, however I cannot imagine how I could implement it to my script into the "Get-Aduser $textBox1.Text -Properties a,b,c,d | select a,b,c,d | Export-CSV C:\temp\test.csv" cmdlet.
  Function Get-SaveFile($initialDirectory)
  [System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms") |
  Out-Null
  $SaveFileDialog = New-Object System.Windows.Forms.SaveFileDialog
  $SaveFileDialog.initialDirectory = $initialDirectory
  $SaveFileDialog.filter = "All files (*.*)| *.*"
  $SaveFileDialog.ShowDialog() | Out-Null
  $SaveFileDialog.filename

  Just run the dialog before exporting the file.  Why is that a problem?
  \_(ツ)_/
  It works now! I made some modifications and it works. Thank you very much for the advice.
  $handler_Output_Click={
  Add-Type -AssemblyName System.Windows.Forms
  $SaveAs1 = New-Object System.Windows.Forms.SaveFileDialog
  $SaveAs1.Filter = "CSV Files (*.csv)|*.csv|Text Files (*.txt)|*.txt|Excel Worksheet (*.xls)|*.xls|All Files (*.*)|*.*"
  $SaveAs1.SupportMultiDottedExtensions = $true;
  $SaveAs1.InitialDirectory = "C:\temp\"
  if($SaveAs1.ShowDialog() -eq 'Ok'){
  $User = Get-Aduser $textBox1.Text -Properties DisplayName,sAMAccountName,EmailAddress,Mobile,Company,Title,Enabled,LockedOut,Description,Created,Modified,LastLogonDate,AccountExpirationDate,AccountLockoutTime,BadLogonCount,CannotChangePassword,LastBadPasswordAttempt,PasswordLastSet,PasswordExpired,LogonWorkstations,CanonicalName | Select DisplayName,sAMAccountName,EmailAddress,Mobile,Company,Title,Enabled,LockedOut,Description,Created,Modified,LastLogonDate,AccountExpirationDate,AccountLockoutTime,BadLogonCount,CannotChangePassword,LastBadPasswordAttempt,PasswordLastSet,PasswordExpired,LogonWorkstations,CanonicalName | Export-CSV $($SaveAs1.filename) -NoTypeInformation ';' -Encoding UTF8
  $richTextBox1.Text = "A file $($SaveAs1.filename) has been created based on the user: $($textBox1.Text)"

• Powershell Get-Aduser

  Trying to write a script that will check whether a few accounts are enabled, locked out, and return the last password reset time.  Any reason why $User.LockedOut or $_.LockedOut will not return a value?
  $Users = "USER1",
  "USER2",
  "USER3"
  ForEach ($User in $Users) {
  Get-ADUser $User -Properties Name,sAMAccountType,Enabled,LockedOut,PasswordLastSet | Select Name,sAMAccountName,Enabled,LockedOut,PasswordLastSet | Out-Null
  # Check if account is Enabled or Disabled
  Write-Host $User.LockedOut

  $User is just a string, in the code you've posted. You're calling Get-ADUser, but not saving the object that it returns anywhere (and in fact, you're piping it to Out-Null.)
  Try this:
  $Users = "USER1",
  "USER2",
  "USER3"
  ForEach ($UserName in $Users) {
  $User = Get-ADUser $UserName -Properties Name,sAMAccountType,Enabled,LockedOut,PasswordLastSet
  # Check if account is Enabled or Disabled
  Write-Host $User.LockedOut

• Powershell get-aduser filter problem

  Powershell'Filter' = {(Enabled -eq $True) -and ((Office -ne "EXCLUDE") -or (Office -notlike '*'))}
  The filter parameter isn't very user friendly.  Try this and see if it is what you want.

  Hello all, I am trying to filter a script I found here from Martin9700to get users from an ad ou. The original line: 'Filter' = {Enabled -eq $True} works and I am trying to add a filter to exclude users that have Office value of EXCLUDE. If I use: 'Filter' = {(Enabled -eq $True) -and (office -eq "EXCLUDE")} then it will get the user that has EXCLUDE but I can't get any negative to work. I have tried -ne, -notlike and several combos of syntax but I really don't understand much of it. Any help would be greatly appreciated! The complete script is below. Thanks!

• Powershell get-ADUser Security

  Hello
  I've got a question, is it possible to get the Securitycontext of an Useraccount (which groups/Users has access to the account and with wihich rights? --> img)
  Thank you in advance.
  n0rthclub
  n0rthclub

  Hi,
  Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
  TechNet Subscriber Support
  If you are
  TechNet Subscription
  user and have any feedback on our support quality, please send your feedback
  here.
  Regards, Yan Li

• When you get a new computer and redownload itunes, how do you redownload your music from your account onto your ipod?

  how do you re download music?

  The ipod is not a backup device.
  You should copy everything from your old computer, or your backup copy of your old computer, to your new one.

• Lately I have been getting many too many popups while browsing how to prevent?

  I typically visit newspaper sites, Yahoo, TWC and others, I am bombarded with pop-up ads top, bottom and both sides of the screen. Sometimes they block the information. Many do not have "X" in the corners and often they jump to their site if I click by mistake.
  This is a fairly recent issue maybe a month old but seems to be getting worse or my patience is wearing!
  Any insight would be appreciated.

  Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of (What is? LyricXeeker).
  You can try these free programs to scan for malware, which work with your existing antivirus software:
  * [http://www.microsoft.com/security/scanner/default.aspx Microsoft Safety Scanner]
  * [http://www.malwarebytes.org/products/malwarebytes_free/ MalwareBytes' Anti-Malware]
  * [http://support.kaspersky.com/faq/?qid=208283363 TDSSKiller - AntiRootkit Utility]
  * [http://www.surfright.nl/en/hitmanpro/ Hitman Pro]
  * [http://www.eset.com/us/online-scanner/ ESET Online Scanner]
  [http://windows.microsoft.com/MSE Microsoft Security Essentials] is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one.
  Further information can be found in the [[Troubleshoot Firefox issues caused by malware]] article.
  Did this fix your problems? Please report back to us!

• Powershell - get details about members of ad group

  hi, i want to perform this task:
  Get a list with name, samaccountname and department for all members of an ad-group. I have been trying with different ways, but still no complete success. Need def more powershell skills. Anybody who can guide me in the right direction here? Thanks
  in advance.

  Here's an alternative method which can be used as a workaround if you run into issues with large groups (5000+ users).
  (Get-ADGroup "groupname" -properties members).members | Get-ADUser -properties Department |
  Select-Object SamAccountName, Name, Enabled, Department | Export-CSV ".\USERS005.csv" -noType
  Enabled is a default property for Get-ADUser so you don't need to specifically include this in the properties.  (Department is not, so you do need to include this).
  Due to performance reasons, commands do not return all the properties of a object.
  For example.  Get-ADUser returns the following properties by default.
  DistinguishedName
  Enabled
  GivenName
  Name
  ObjectClass
  ObjectGUID
  SamAccountName
  SID
  Surname
  UserPrincipalName
  If you want to know the default properties for a given command, you can expand the propertynames.
  For example :-
  Get-ADUser 'user' | select -expand propertynames
  or
  (Get-ADUser 'User').propertynames

• Get-aduser wildcards for finding extension attribute

  Hello,
  The end users in our organization have 100+ property names that include; distinguished name, all extension and custom attributes, a boatload of custom attributes, so on and so forth. If I perform a "get-aduser -properties | more" there are
  just too many to scan through to find the one I need that begins with the word "script".  I tried the like operator in the manner below:
  get-aduser user12345 | where-object {$_.name -like "*script*"} 
  and 
  get-aduser user12345 -propertites * | where-object {$_.name -like "*script*"} 
  I don't' get any errors but I don't have any results either. I made sure an attribute with that naming convention existed and there are several entries that start with the word "script". Still no results returned.  Would like some input. 
  thank you,
  admin
  Ok I already have 25 views on this and still no-one has any suggestions? I think I may just be overlooking some minor detail. Surely someone has a suggestion right? 

  Hello,
  You should ask in the
  Windows PowerShell forum.
  However, generally, you'd pipe the cmdlet to the Select-Object cmdlet
  get-aduser user12345 -propertites * |Select-Object *script*
  Karl
  When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
  My Blog: Unlock PowerShell
  My Book: Windows PowerShell 2.0 Bible
  My E-mail: -join ('6F6C646B61726C40686F746D61696C2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

• Get-aduser filters

  My organization has a lot of users, including limited-use accounts and service accounts. Sometimes I just want to perform a query on "real" users which have a specific format:
  1) all "real" users start with the letter "s"
  2) they all have a 5 digit number after the "s"
  3) they all end with an "n" or a "d"
  How would I do a get-aduser to return just the "real" users in my organization? Do I need some sort of regex, or can I use get-aduser -filter 'samaccountname -like xxxxx' ?
  Thank you
  [email protected]

  I don't think you'd need a loop, at the worst, a where-object piped after:
  $users = get-aduser -filter * | Where-Object {$_.samaccountname -match "[Ss]{1}[0-9]{5}[NnDd]{1}"}
  [email protected]
  Don't discount the provider filter just because it won't filter exactly what you want:
  Get-ADUser -Filter {SamAccountName -like 's*'} |
  where { ($_.SamAccountName -match "[Ss]{1}[0-9]{5}[NnDd]{1}") }
  will eliminate all the accounts that don't start with "s" up front, cutting down on what's left to filter in Where-Object.
  [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

• Health rollup to computer object from Microsoft.Windows.ApplicationComponent

  Hi All.
  Trying to author a Management Pack in Authoring Console 2007 R2. And can't get rollup to work as I want.
  Here's the long story.
  I've created:
  A discovery MP witch holds:
  - an abstract class inherited from Microsoft.Windows.Computer, named: "AppX.Cmp.Role"
  - a (seed?) class inherited from the above, named: "AppX.Cmp.Role.Server"
  - a class inherited from "AppX.Cmp.Role.Server" named "App.Cmp.Role.Server.Replicator"
  - a class inherited from "Microsoft.Windows.ApplicationComponent" named: "AppX.Cmp.Role.Server.Replicator.Loginstance"
  - a class of type "Microsoft.SystemCenter.InstanceGroup" named: "AppX.Group"
  - a relationship (system.hosting) where source class is "AppX.Cmp.Role.Server.Replicator" and target class is "AppX.Cmp.Role.Server.Replicator.Loginstance"
  - a registrydiscovery to discover "AppX.Cmp.Role.Server" targeted at "Windows.Operating.System"
  - a scriptdiscovery to discover "AppX.Cmp.Role.Server.Replicator" targeted at "AppX.Cmp.Role.Server"
  - a scriptdiscovery to discover "AppX.Cmp.Role.Server.Replicator.Loginstance" targeted at "AppX.Cmp.Role.Server.Replicator"
  - a groupdiscovery ("Microsoft.SystemCenter.GroupPopulator") target: "AppX.Group" (Microsoft.Windows.Computer)
  - a dependencymonitor targeted at "AppX.Cmp.Role.Server.Replicator" and monitor dependency set to "AppX.Cmp.Role.Server.Replicator.Loginstance", HealthRollup set to "worst state".
  A monitoring MP (depending on the discovery MP) witch holds:
  - a processmonitor targeted to "AppX.Cmp.Role.Server.Replicator" and "replicator.exe"
  - a logfilemonitor targeted to "AppX.Cmp.Role.Server.Replicator.Loginstance"
  - a stateview targeted to "AppX.Group"
  When I kill the "replicator.exe" process the object goes to unhealthy all the way up to "Windows.Computer". But when the logfilemonitor triggers and turns into "unhealthy state" the object in the above view turns RED but not the
  "Windows.Computer" object (looking at the default view "Windows Computers").
  Is it possible to get the "Windows.Computer" object to reflect the "AppX.Cmp.Role.Server.Replicator.Loginstance" state?
  How?

  Sorry about that - its been a long weekend.
  I was quoting from the following;
  "Use the Microsoft.Windows.LocalApplication as
  a base class when your class type represents a local application that shares the resources of the hosting Windows computer with other applications. Unlike theMicrosoft.Windows.ComputerRole class,
  the Microsoft.Windows.LocalApplication class
  type does not automatically roll its health up to the hosting computer."
  http://msdn.microsoft.com/en-us/library/ee533867.aspx
  Would you be able to upload the results if you run the Visio MP diagram generator and possibly the health explorer views and this will help me see how it hangs togther?

• AMT Computer Object Creation in Out of Band Management

  Just configured our Out of Band Management / AMT settings and we're getting all our AMT systems provisioned successfully. I've noticed that now, in SCCM 2012, the AMT object that gets created are Computer objects in AD. Their objectCategory is
  CN=Computer,CN=Schema,CN=Configuration,DC=mydomain,DC=com
  Back in the SCCM 2007 days, They were Person objects in AD. We still have some in AD.
  CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=com
  Is this the default setting or do I have the option to change it?
  Orange County District Attorney

  Since no one has answer this post, I recommend opening  a support case with CSS as they can work with you to solve this problem.
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• Fix for "your computer's system firewall settings will prevent you...?"

  I finally did the dreaded feat and performed an update - had all kinds of problems afterwards (repeating Network settings message error, unknown error -3256 error, etc.) that I have (I think) successfully fixed thanks to these fabulous forums. After getting the -3256 error I updated the firmware and software for my AE and applied the Apple support fix for -3256. Then I started getting a new issue - being the following message after opening my new i-tunes version 8.0.2 "your computer's system firewall settings will prevent you from using Airtunes". After going into the firewall settings and trying to modify the port number (which I found suggested here) that i-tunes would use to stream to my airport express in the edit pane for 'i-tunes music sharing'. I ended up creating a new port specification, which I called i-tunes 1 with ports 5000 - 6000 specified. Tried opening i-tunes again - but no luck, same error. Thinking that I'd done nothing to improve the situation, I deleted my new port specification in the allow pane under firewall - I noticed that the original spec was gone (because I had edited it?). Anyway, as soon as I deleted the spec that I had edited, airtunes started working beautifully! To check things - I closed i-tunes and re-started, then, got the same message ""your computer's system firewall settings will prevent you from using Airtunes" with the option to check my firewall settings - which I did. This time, I noticed that 'i-tunes music streaming' was again listed as an option under allow in my firewall. I selected and deleted it - then again, my Airtunes works perfectly.
  I really have no idea what exactly occurs 'behind the scenes' so to speak when you delete this from the list - but - it seems to have fixed my problem. I'm guessing that I'll have to do that each time I open i-tunes. At least I got my airtunes back. I guess I'm a little worried that deleting this item presents some sort of risk or could lead to another problem and so if anyone can comment on this I would really appreciate it. Alternatively, if anyone has a solution that won't require me deleting this item each time I open i-tunes, I'd be glad to hear it.
  Thanks!
  Leigh-Ann

  Leigh-Ann, you didn't say that Airtunes didn't work, only that you got that error. I, too, am getting the "Your computer's system firewall settings will prevent you from using Airtunes" message, but when I click "Ignore" I find that Airtunes works just fine.

• Powershell: Why does this Get-ADUser command return Nada??!

  get-aduser-filter*-propertiesName,employeeID|Where-Object{$_.type
  -like"*user*"}
  | 
  selectName,employeeID|out-gridview

  get-aduser-filter*-propertiesName,employeeID|Where-Object{$_.type
  -like"*user*"}
  | 
  selectName,employeeID|out-gridview
  At line:1 char:34
  + get-aduser-filter*-propertiesName,employeeID|Where-Object{$_.type -like"*user*"} ...
  +                                  ~
  Missing argument in parameter list.
  At line:1 char:95
  + ... } |  selectName,employeeID|out-gridview
  +                    ~
  Missing argument in parameter list.
      + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
      + FullyQualifiedErrorId : MissingArgument
  Don't retire TechNet! -
  (Don't give up yet - 13,225+ strong and growing)

• Get-ADUser Script Runs but issues error command before returning all results

  Greetings;
  I am running Windows Server 2008-R2 and try to execute a PowerShell command as follows:
  I am trying to locate user objects that have been inactive since September 1 and do not have any Exchange mailboxes. The query does run and I do get a number of records, however, the error is issued, as shown above.
  can you please shed some light as to why I am getting this error message? I do appreciate your time.
  Behrooz

  I see this thread isn't answered yet, so I'm taking another shot at it.  I am positive my script is going to give you the results you are looking for. I have reproduced this in my lab.
  What I did:
  - I created a set of users in an OU in my domain.
  - I populated the 'employeeType' property on a handful of them
  - I created mailboxes fora subset of those users on my Exchange server
  - I did NOT log in with any of these accounts, but that is the easy part.
  Run this query and you will get a returned set of accounts that:
  - Have not logged on since 9/1/2013
  - Do NOT have a mailbox (this is query-able through Get-ADUser because the HomeMDB property is only populated when you have a mailbox.  Using the Exchange tools is not necessary)
  - Accounts that do NOT have any anything in their 'employeeType' property.
  Get-AdUser -filter * -properties * |
  Where-Object {$_.HomeMDB -eq $NULL -AND
  $_.employeeType -eq $NULL -AND
  $_.lastlogondate -ge "9/01/2013"} |
  Select displayname,distinguishedname,samaccountname,employeetype |
  Export-Csv "employeetype.csv" -notypeinformation
  ** This result is going to find people with NO employeeType.  If that is the opposite of what you're looking for, change that like from -eq (equal) to -ne (not equal) or you can use -like and -notlike.  Both give the same results.
  Your results will export to a CSV and will not print to the screen.  Again, with the way this is written, the employeetype column will be empty.
  If you want to copy and paste this script, please paste it into the ISE and push play.  If you save it as a .ps1, you'll have to ensure you have the appropriate executionpolicy set (Open PS as an admin, run 'set-executionpolicy unrestricted')
  If you chose to run it in a PS window as is, please ensure this whole syntax is all on one line.
  Okay! Come back and tell me you were successful and mark me as the answer!! :)
  Chris Ream