Script for gathering AD Group Membership data

Similar Messages

• Monitoring scripts for AlwaysOn Availability Group

  Does anyone have any any monitoring scripts for AlwaysOn AG using Transact SQL or stored procedures?   I'm not a strong coder and don't know Powershell at all.  But if there are some Powershell scripts we may be able to use them.  I've
  seen the dashboard but that's only good if you're logged onto it.
  I'm looking for things like monitoring when a database is suspended, send an alert to us but also tries to do the resume.
  Thanks for any info.

  Start with this list
  http://technet.microsoft.com/en-us/library/ff877954.aspx
  Automating the issue resolution has to conform to your operational standards. For example, if you use a file share witness for your quorum configuration and your monitoring tells you that it is offline, do you automate bringing it online or do you escalate
  to your infrastructure team so that they can look into it? If the database is suspended or the Availability Group in offline state, do you just bring it online or do you check other dependencies like the quorum configuration and instead perform a forced quorum?
  I'm a big fan of automation but make sure you define your process first so that you don't cause more issues as a result.
  Edwin Sarmiento SQL Server MVP | Microsoft Certified Master
  Blog |
  Twitter | LinkedIn
  SQL Server High Availability and Disaster Recover Deep Dive Course

• Scripts for OTN Developer Day - Big Data

  Hi,
  I was wondering if anybody knows where to find the scripts used for "OTN Developer Day - Big Data" which was held during February/March 2014?
  The "Lab Guide" can be found in: https://www.oracle.com/webfolder/s/delivery_production/docs/FY14h1/BigDataWorkshop.pdf
  Regards,
  Babak.

  Not sure if these are the exact same ones, but it should be very close: Oracle Big Data Lite Virtual Machine
  It will also get you to the page where the VM is frequently updated and the HOL sections come with the updated VM.
  JP

• Script for gathering email address from my computer

  Hi, I'm a noob around here, but a mac user for many years.
  I am wondering if anyone knows of a way to gather email address from my computer. I havent kept my address book updated by saving people's email addresses, but I know they are there in old messages I've sent and recieved.
  If anyone has or knows how to easily make an applescript that will complie all of the addresses on my comp into one neat text file, please let me know. I just got a program called direct mail, and i want to set up different mailing lists to get in contact with my people about upcoming events and whatnot.
  Thank you so much for your time.
  Stillie War

  I will try that.. but I still want to actually try to gather EVERY email address in my computer, even, lets say, addresses that were in the CC of things sent to me. I'm not a hardcore spammer or anything, but i have a few events a year that I want to let all my people know about, so I think I'm looking for some kind of script to cull ALL of the addresses in my computer. Anyone know?

• Bhold attestation setup if FIM POrtal is already used for Group Membership

  Background - We had a FIM 2010 deployment in production deployment. Few
  months ago, we upgraded it to FIM R2. There are already about 4000 Criteria based Groups and Request Based Groups at FIM portal. FIM portal is used as an authoritative source for group membership.
  Problem Statement -  The requirement is to attest the existing and
  ongoing Request Based group membership of users using BHold User Attestation module. We want to continue FIM portal (not Bhold UI) as the end user interface for requesting the group membership.
  Hence, for metaverse' group object's member attribute, FIM Portal should have higher precedence than Bhold MA.
  From available documentation of Bhold, I understand that BHold is more suitable in cases where FIM Portal is not already the Group Membership deciding system. However, in our already existing
  deployment, both group membership is given by FIM portal. In fact this should be the case with all the FIM deployments before Bhold’ s release.
  Please suggest on how to attest the group memberships.
  Mayank Vaish

  I would not expect to have to attest group membership where that membership is controlled programmatically. The idea of Attestation is for a responsible person to attest and confirm that the membership of a given group/role/permission is correct (and remove
  users who don't need that permission). As long as someone responsible has attested that the rules that govern the automatic group membership are appropriate for the permission controlled by that group, then another round of attestation via BHOLD would seem
  like overkill.
  However, in the case where membership of FIM groups is managed via FIM's approval mechanism then there may well be a case for BHOLD attestation. It will depend on the business's audit requirements and how well the FIM logs are being maintained, and
  also the sensitivity/importance of the permission being managed by the group. If it is not possible to prove who approved membership of what group - and to confirm that that membership is still appropriate - then regular attestation may still be required,
  in which case BHOLD is an easier way of doing it than trying to build your own or do it manually.
  Cheers,
  Dave

• Performance factors for criteria based groups

  I am trying to understand what factors impact the performance of a criteria based group. I have read that member size has direct impact, but it does not make much sense, When a resource is updated, FIM looks for all criteria based groups that have criteria
  containing the attributes updated in the resource and recalculates the membership of those groups. So my understanding is that the performance of criteria based group is dependent on the criteria, not on the member size of the group. If you have a lot
  of criteria, then FIM will spend more time on evaluating the criteria and the chance of matching the attribute with the attributes updated in a resource will increase. The member size should not have much impact here.
  Yes, member size can be an issue, but that will not be limited to a criteria based group - that should apply to any groups with large number of members. Because that impacts the memory footprints and complexity of membership calculation both in Sync
  and in AD.
  Is my understanding correct, or I am missing something?

  If you have a lot of criteria, then FIM will spend more time on evaluating the criteria and the chance of matching the attribute with the attributes updated in a resource will increase.
  For this, I know that in FIM 2010 R2 a new optimization feature came which fetches the information of "Common Criteria" from maximum number of groups and sets and uses this feature for calculating the group membership in a much faster
  way which enhances the performance.
  You can also, use the Deferred option in groups for calculating group membership. It is also a feature of FIM 2010 R2 for better performance.
  http://technet.microsoft.com/en-us/library/jj863243(v=ws.10).aspx
  Regards,
  Manuj Khurana

• Export Users data with group membership

  Hey Guys,
  I'm using csvde to export users data for management reports.
  I'm asked to add to the exported data the group membership of the users and I'm having problem doing that.
  My current script is:
  csvde.exe -s 192.168.xx.xx -d "ou=CS,dc=Domain,dc=com" -r objectClass=user -l "Company,DisplayName,sAMAccountName,title,lastlogon,pwdLastSet" -f c:\usersonly-Users.csv
  Can anyone help me adding column with groups the user is member of?
  Thanks
  Nir 

  Add the memberOf attribute to the list of attribute values to retrieve.
  Richard Mueller - MVP Directory Services

• Are there any information gathering tools or scripts for Sun VDI 3.1.1?

  Hi,
  Are there any information gathering tools or scripts for Sun VDI 3.1.1?
  for problem reporting or service supportting , such as
  ut_gather, a ksh based tool to collect all Sun Ray related information from a Sun Ray server.
  http://www.sun.com/bigadmin/jsp/descFile.jsp?url=descAll/ut_gather_1_4_6
  http://www.sun.com/service/gdd/index.xml
  Sun Explorer Data Collector in The Sun Services Tools Bundle (STB)
  http://www.sun.com/service/stb/index.jsp
  http://www.unix-consultants.co.uk/examples/scripts/linux/linux-explorer/
  http://www.slideshare.net/Aeroplane23/information-gathering-2
  Windows MPSreports, msinfo32
  Redhat sysreport
  Suse Siga reportconfig
  Any advice would be appreciated.
  Thanks,

  ut_gather versions are available on MOS under reference #1260464.1

• Need help with a script for moving bulk users to another OU and removing/assigning groups

  I've never used PowerShell before and have been asked to track down a script that can move bulk users from one OU to another, and remove and assign new group membership. I've been googling it for about 30 minutes and haven't really gotten anywhere. If
  somebody can point me in the right direction or give some tips I'd greatly appreciate it. I'm sure this kind of task has been done by several people in similar environments I just haven't been able to find those people/examples. 

  Here's what I've got so far...
  Moving to new OU
  CSV constructed like below...
  DN  
                                                                                                                                                  TargetOU
  “CN=John R, OU=BB,OU=ES,OU=Students,OU=OSD,DC=usd233,=DC=local”
                        "OU=PRT,OU=MS,OU=Students,OU=OSD,DC=usd233,DC=local"
  Import-Module activedirectory
  $UserList = Import-Csv "c:\yourCSVhere.csv"
  foreach ($User in $UserList) {
  $User.DN
  $User.TargetOU
  Move-ADObject -Identity $User.DN -TargetPath $User.TargetOU
  Would this work? I also need to remove the user from two groups and add them to two different groups as well. Would I need to use the addUsertoGroups and removeUserfromGroups commands?

• Report of Groups owned along with group memberships for each group, all in a single .csv file

  Hello all,
  What I'm trying to do is generate a report of all groups owned by a specific user, along with the group memberships, and output it all to a single .csv file. In the .csv file, I would like to have the group names as the column headers, and underneath
  the group name, list all the members of the group down through the column. So for example, if User1 owns 3 groups, the output would look like:
  What I'm having trouble with is outputting the objects to the .csv using New-Object psobject, and I'm starting to wonder if there is an easier way to do this and my brain is just fried.
  Any ideas?

  OK so I can try and give some code here, but I'm asking more of a concept question about how PowerShell builds objects so I'm not sure it will help....
  $User = "User1"
  get-adgroup -filter {managedby -eq $user} -pr member | %{
  $_.name
  $_.member
  OK so this is a simple script that outputs a group name followed by the membership, all in a single column. What I would like is for the group names to each be the header of a column, and have the membership listed underneath. For example:
  Is this possible in PowerShell?

• Read group membership for a user object and populate every group with matching user from another domain

  I have LON\JSmith in LON domain and DEL\JimSmith in DEL domain
  I would like to extract group memberships of LON\JSmith in LON domain and append matching by email (i.e. DEL\JimSmith) user object in every group in LON domain.
  for instance
  LON\JSmith and DEL\JimSmith is the same person and has same email address [email protected]
  LON\JSmith belongs to 3 groups - LON\localadmingroup;LON\univdesktop;LON\globalsurvey
  The outcome of the script should be
  LON\JSmith; DEL\JimSmith    should be in 3 groups - LON\localadmingroup;LON\univdesktop;LON\globalsurvey.
  How can i do it?
  Navgup

  Hi Navgup,
  Please refer to the script below, to query users in other domain by specifying the parameter "-Server" in the cmdlet "get-aduser", and also note I haven't tested the script below:
  import-module activedirectory
  get-adgroupmember "group"|foreach{
  $email=(get-aduser $_.samaccountname -properties *).EmailAddress#get the user email
  Get-ADUser -filter {EmailAddress -eq $email} -properties * -server DomainB.company.com|select samaccountname, memberof}#filter user name and group with the email in other domain
  To get users across domain, please also refer this blog:
  Adding/removing members from another forest or domain to groups in Active Directory:
  http://blogs.msdn.com/b/adpowershell/archive/2010/01/20/adding-removing-members-from-another-forest-or-domain-to-groups-in-active-directory.aspx?Redirected=true
  I hope this helps.

• Scripting Group membership

  I have a ODM that has jut been added to AD. I have OD groups that I now need to add AD members to push MCX down to my clients, the problem is if I do it from WGM I'm only able to do one member at a time. This is not so bad when I have to do it to groups with about ten members, but it gets REALLY boring when I have groups with a large number of users. Seems this would be a great task to do from a script, has anyone done this or could lead me to some info on how to do it?

  Thanks for the reply.
  Will dseditgroup work with AD? After reading the man page for it I tried,
  dseditgroup -o read -n /Active\ Directory/All\ Domains/ testgroup
  *testgroup= Group we created in AD with about five users in it.
  After I hit enter the shell returns with nothing, not even a error. Do I have the syntax wrong or can I not use dseditgroup to read group membership from a AD group?

• Design question: Change Group membership for a AD resource via SelfService

  Hi all,
  based on the OIM tutorials, I designed OIM that way that an end user can successfully request a resource. Is there a way to allow end users to modify their resource "subscriptions"? For example, I would like to allow end users to change their AD group memberships after the initial provision to the resource.
  From what I have learned from the tutorials, I would assume to create an AD group membership attribute in the user account profile form and propagate changes to that attribute back to AD.
  Or is there a way to allow end users to change their resource data directly under "My Resources" ?

  there is no concept of requesting a modification of an already provisoned account. Like you said this can be achieved thru an attribute on the user's profile and on changing that attribute, downstream applications can be propagated the new value.
  Typically if changes to an already proviisoned account needs to be done in oim and through oim, an oim admin goes to the user's resource profile and clicks on edit on the process form and can edit any data there. in case of ad groups, there will be a child process form that shows the groups that the user is a member of, you can insert(add) new groups or delete existing groups from there and save the form. In the proviisoning porcess of AD you will need to write a porcess task, which should add/remove the user from the specified group in AD on the trigger when a new group is added or an existing group is removed wehn the admin is modifying the user's AD process form/process child forms in oim.

• How to format data for a custom group

  Hi all
  I have a pivot table with Actual and Budget as columns and some accounts in the rows. Since I'm using the account hierarchical column, I created custom groups for the accounts using the Selection steps pane. For example, I created a new group called Profit to combine 3 different Profit accounts and display one Profit line.
  Now I want to format the data for the Profit group. I right-click on the Profit group, choose to edit the group and click on the Format button on the bottom left corner. I add some formatting, e.g. borders. When I now view the pivot table, borders have been applied to the label of the group - so the word Profit is now bordered. However, the values in the Actual and Budget columns do not have a border. Don't know what I'm missing, but I want both the group label and the values to be formatted the same way.
  How can I apply formatting to the data/values for the custom group?

  Yeah tried that already, it formats the entire column whereas I need just the values for the Profit row to be formatted. Seems it is a limitation only when using custom groups?

• How to create master data source for Profit center group in source system

  Profit center group information is available in SAP(T-code:kch3). But, I want to have this information in BW too.
  Can anyone tell me how to create a datasource for Profit center group? And which SAP table is able to feed master data for this information?
  Many thanks
  rajatina.

  HI ,
  It looks lilke we need to use the FM like 'G_SET_LIST_SELECT' to get the Profit
  Here ais note from the forums to get profit center group from table
  From Table SETLEAF,  Field SETCLASS  =  '0106'. Field SUBCLASS with controlling area. Profit center in Field VALFROM.
  You will get Group name in Field SETNAME.
  Regards,
  Sathya