Script to run against ALL AD users in a loop

Similar Messages

• Script to mail enable all exchange users

  i am looking for a script to mail enable all users
  Enable-MailUser -Identity alais -ExternalEmailAddress primary SMTP

  Hello,
  You can find more scripts in:
  http://blogs.technet.com/b/onescript/
  Thanks,
  Simon Wu
  TechNet Community Support

• Need Power shell script to run on all databases.

  Hi,
  I have a stored procedure to generate report, using power shell script want to get all databases, run stored procedure on each database and generate the results as .csv file, output the file with database name (place it on directory) and  email .csv
  file.
  looking for script, can any one help pls?
  Naveen| Press Yes if the post is useful.

  Can you please share with me the codes
  Naveen| Press Yes if the post is useful.
  Dear N_14
  You can have a look on the followings
  http://www.csharp-station.com/Tutorial/AdoDotNet/lesson07
  http://www.codeproject.com/Articles/415732/Reading-and-Writing-CSV-Files-in-Csharp
  https://msdn.microsoft.com/en-us/library/system.net.mail.mailmessage%28v=vs.110%29.aspx
  Best Regards
  mintssoul

• Calc scripts are running slow(all of a sudden)

  All of a sudden, for the past few days, we are noticing that all our calc scripts have been running very slow.
  The same scripts used to run much faster earlier.
  Has anybody seen this kind of scenario?
  We did a RAM upgrade on the eas server, and have restarted all services.
  Other than that, nothing has changed in our system.
  Thanks.

  It can be quite common for calcs to slow down over time, but there are some things to do to mitigate this.
  1. Are you using Intelligent Calc? All things being equal (a very broad statement in essbase, since things are never equal) if there is more activity by users, it could affect how many blocks are marked dirty. This is probably not your issue, because a properly written calc wouldn't slow down much for this reason. I had to mention it though because I have seen an installation where their calc was 'Calc All' and they used intelligent calc to create the scope of the calc. (bad, very bad)
  2. Do you perform DB restructures? (either explicity by Restructuring or by exporting level 0, clearing and import level 0 then agg) If this is not done on a regular basis (regular depends on the usage of the cube) then you could be experiencing fragmentation, which increases the size of the database, increasing run times.
  3. Have you just added another fiscal year to the database? More data means bigger database.
  RAM upgrade on the EAS server shouldn't affect calc times (unless essbase services are also running on the EAS server, then there might be something to it).
  Most of these (and other) issues can be mitigated by applying proper scope to your calcs (Fix statements).
  What environment are you running in? Windows or Unix?
  New application?
  What kind of time increases are we talking about here?
  Robert

• Shell script to run against 1000s dbs

  what's should be the things to put in this scripts, like how to connect to different server & connect /as sysdba ; and run .sql ? just trying to understand how these kind of scripts work?

  #!/bin/sh
  #Pull all entries from your tnsnames.ora file, skipping lines with # ( )
  #SQLPLUS to each as sys and show the current date
  #This assumes that your SYS password is the same on all instances.
  for tns_name in `grep -v -E '#|\(|\)' $TNS_ADMIN/tnsnames.ora | cut -f 1 -d ' '`
  do
  sqlplus -s sys/sys_pwd@${tns_name} as sysdba <<EOF
  set head off pages 0 verify off
  select sysdate from dual;
  exit;
  EOF
  done
  Hope this helps.

• Creating Powershell script to run against Multiple XML Files: Correcting Nordic characters. Renaming only the files that were corrected.

  Greetings,
  I am new to powershell and scripting and would like to create a powershell script to do the following to XML files.
  I would like to change the data received in XML files that contains special Nordic characters: such as 
  ä, Ä, é, ö, Ö, ü, Ü, and ß respectfully.
  The file names that gets drop to me come in with the following naming convention: C54ABC_111120140500_1, C54ABC_111120140500_2, C54ABC_111120140500_3, C54ABC_111120140500_4 all the way to C54ABC_111120140500_12.
  By automating the script, I would like the script to look into a directory containing these files and access the data within it and change the the data that has the special characters to the English Dictionary character equivalent.
  e.g. ä for a, Ä for A, é for e, ö for o, Ö for O, ü for u, Ü for U, and ß for ss.
  Once that step is complete. I would like to rename the file from C54ABC_111120140500_1.xml to C54ABC_111120140500_1_rctf.xml (adding an additional 5 characters to the end of a file that was corrected) if the file did not need any correction then renaming is
  not needed.
  the working directory (Source and destination) will remain in the same location. e.g. C:\Temp\
  Currently I was able to come up with the following, however I am stuck when it comes to the renaming part since, it requires "IF and Else" statments .... I think.
  $Source = "C:\Temp"
  $Destination = "C:\Temp"
  $regex33 = "\*.xml"
  (Get-Content $regex33) |
  ForEach-Object {$_ -replace "ä", "a" -replace "Ä", "A" -replace "é", "e" -replace "ö", "o" -replace "Ö", "O" -replace "ü", "u" -replace "Ü", "U" -replace "ß", "ss"}
  #Rename-Item -NewName {$_.name -replace -whatif}
  Your Assistance and Expertise is greatly appreciated.
  Thank you in advance KC.

  Hi KC
  You could try something like this.
  Let me know how you get on and if you've any questionds.
  cheers, Tim
  $Source = 'C:\Temp'
  Set-Location $source
  $xmlFiles = Get-ChildItem -Path $source -Filter *.xml
  ForEach ($xmlFile in $xmlFiles)
    $content = Get-Content -Path $xmlFile.FullName
    $renameFile = $false
    Switch -Wildcard ($content) {
      '*ä*'
        $renameFile = $true
        $content = $content -creplace 'ä', 'a'
      '*Ä*'
        $renameFile = $true
        $content = $content -creplace 'Ä', 'A'
      '*é*'
        $renameFile = $true
        $content = $content -creplace 'é', 'e'
      '*ö*'
        $renameFile = $true
        $content = $content -creplace 'ö', 'o'
      '*Ö*'
        $renameFile = $true
        $content = $content -creplace 'Ö', 'O'
      '*ü*'
        $renameFile = $true
        $content = $content -creplace 'ü', 'u'
      '*Ü*'
        $renameFile = $true
        $content = $content -creplace 'Ü', 'U'
      '*ß*'
        $renameFile = $true
        $content = $content -creplace 'ß', 'ss'
    If ($renameFile)
      $newFileName = "$($xmlFile.BaseName)_rctf.xml"
      $content | Out-File -FilePath $xmlFile.FullName -Force
      Rename-Item -Path $xmlFile.PSChildName -NewName $newFileName

• Enumerating all AD users, so script runs in a loop

  I am going to do a SharePoint upgrade this weekend from 2010 to 2013.
  I need this script to run against every Active Directory user automatically, not just one at a time. How do I get this get this script to do that? I figure I create a pipeline, I just don't know where.
  Here is the script:
  Param(
      [string]  $account = $(Read-Host -prompt "UserAccount")
  Add-PSSnapIn Microsoft.SharePoint.PowerShell
  foreach ($wa in get-SPWebApplication)
      Write-Host "$($wa.Name) | $($wa.UseClaimsAuthentication )"
      #http://technet.microsoft.com/en-us/library/gg251985.aspx
      $wa.UseClaimsAuthentication = $true
      $wa.Update()
      $account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
      $zp = $wa.ZonePolicies("Default")
      $p = $zp.Add($account,"PSPolicy")
      $fc=$wa.PolicyRoles.GetSpecialRole("FullControl")
      $p.PolicyRoleBindings.Add($fc)
      $wa.Update()
      $wa.MigrateUsers($true)
      $wa.ProvisionGlobally()
  Please help me! Thank you!

  Thank you! 
  Where would I place this line in the script?
  SR
  http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx
  ¯\_(ツ)_/¯

• All the users authorization report

  Dear Experts,
  I want run the all the users authorization in SAP. I want prepare authorization matrix from all the users.
  Please help me on this. Thanks for advance.
  Regards
  S.Prasad

  Hi,
  post your query in abap forum.
  the following tables are useful to create such report
  ROLES BY  TCODE  ASSIGNMENT
  TSTCT
  AGR_1251
  ROLES BY  USERS ASSIGNMENT
  AGR_USERS
  USER_ADDR
  ROLES BY ORGANIZATIONAL LEVEL ELEMENT ASSIGNMENT
  AGR_1252
  USVART
  regards,
  kaushal

• How to get all AD User accounts, associated with any application/MSA/Batch Job running in a Local or Remote machine using Script (PowerShell)

  Dear Scripting Guys,
  I am working in an AD migration project (Migration from old legacy AD domains to single AD domain) and in the transition phase. Our infrastructure contains lots
  of Users, Servers and Workstations. Authentication is being done through AD only. Many UNIX and LINUX based box are being authenticated through AD bridge to AD. 
  We have lot of applications in our environment. Many applications are configured to use Managed Service Accounts. Many Workstations and servers are running batch
  jobs with AD user credentials. Many applications are using AD user accounts to carry out their processes. 
  We need to find out all those AD Users, which are configured as MSA, Which are configured for batch jobs and which are being used for different applications on
  our network (Need to find out for every machine on network).
  These identified AD Users will be migrated to the new Domain with top priority. I get stuck with this requirement and your support will be deeply appreciated.
  I hope a well designed PS script can achieve this. 
  Thanks in advance...
  Thanks & Regards Bedanta S Mishra

  Hey Satyajit,
  Thank you for your valuable reply. It is really a great notion to enable account logon audit and collect those events for the analysis. But you know it is also a tedious job when thousand of Users come in to picture. You can imagine how complex it will be
  for this analysis, where more than 200000 users getting logged in through AD. It is the fact that when a batch / MS or an application uses a Domain Users credential with successful process, automatically a successful logon event will be triggered in associated
  DC. But there are also too many users which are not part of these accounts like MSA/Batch jobs or not linked to any application. In that case we have to get through unwanted events. 
  Recently jrv, provided me a beautiful script to find out all MSA from a machine or from a list of machines in an AD environment. (Covers MSA part.)
  $Report= 'Audit_Report.html'
  $Computers= Get-ADComputer -Filter 'Enabled -eq $True' | Select -Expand Name
  $head=@'
  <title>Non-Standard Service Accounts</title>
  <style>
  BODY{background-color :#FFFFF}
  TABLE{Border-width:thin;border-style: solid;border-color:Black;border-collapse: collapse;}
  TH{border-width: 1px;padding: 2px;border-style: solid;border-color: black;background-color: ThreeDShadow}
  TD{border-width: 1px;padding: 2px;border-style: solid;border-color: black;background-color: Transparent}
  </style>
  $sections=@()
  foreach($computer in $Computers){
  $sections+=Get-WmiObject -ComputerName $Computer -class Win32_Service -ErrorAction SilentlyContinue |
  Select-Object -Property StartName,Name,DisplayName |
  ConvertTo-Html -PreContent "<H2>Non-Standard Service Accounts on '$Computer'</H2>" -Fragment
  $body=$sections | out-string
  ConvertTo-Html -Body $body -Head $head | Out-File $report
  Invoke-Item $report
  A script can be designed to get all scheduled back ground batch jobs in a machine, from which the author / the Owner of that scheduled job can be extracted. like below one...
  Function Get-ScheduledTasks
  Param
  [Alias("Computer","ComputerName")]
  [Parameter(Position=1,ValuefromPipeline=$true,ValuefromPipelineByPropertyName=$true)]
  [string[]]$Name = $env:COMPUTERNAME
  [switch]$RootOnly = $false
  Begin
  $tasks = @()
  $schedule = New-Object -ComObject "Schedule.Service"
  Process
  Function Get-Tasks
  Param($path)
  $out = @()
  $schedule.GetFolder($path).GetTasks(0) | % {
  $xml = [xml]$_.xml
  $out += New-Object psobject -Property @{
  "ComputerName" = $Computer
  "Name" = $_.Name
  "Path" = $_.Path
  "LastRunTime" = $_.LastRunTime
  "NextRunTime" = $_.NextRunTime
  "Actions" = ($xml.Task.Actions.Exec | % { "$($_.Command) $($_.Arguments)" }) -join "`n"
  "Triggers" = $(If($xml.task.triggers){ForEach($task in ($xml.task.triggers | gm | Where{$_.membertype -eq "Property"})){$xml.task.triggers.$($task.name)}})
  "Enabled" = $xml.task.settings.enabled
  "Author" = $xml.task.principals.Principal.UserID
  "Description" = $xml.task.registrationInfo.Description
  "LastTaskResult" = $_.LastTaskResult
  "RunAs" = $xml.task.principals.principal.userid
  If(!$RootOnly)
  $schedule.GetFolder($path).GetFolders(0) | % {
  $out += get-Tasks($_.Path)
  $out
  ForEach($Computer in $Name)
  If(Test-Connection $computer -count 1 -quiet)
  $schedule.connect($Computer)
  $tasks += Get-Tasks "\"
  Else
  Write-Error "Cannot connect to $Computer. Please check it's network connectivity."
  Break
  $tasks
  End
  [System.Runtime.Interopservices.Marshal]::ReleaseComObject($schedule) | Out-Null
  Remove-Variable schedule
  Get-ScheduledTasks -RootOnly | Format-Table -Wrap -Autosize -Property RunAs,ComputerName,Actions
  So I think, can a PS script be designed to get the report of all running applications which use domain accounts for their authentication to carry out their process. So from that result we can filter out the AD accounts being used for those
  applications. After that these three individual modules can be compacted in to a single script to provide the desired output as per the requirement in a single report.
  Thanks & Regards Bedanta S Mishra

• Applescript: How to run a script once upon logon for multiple users

  I'm deploying a NetRestore image to about 150 Macs which will be using Active Directory and I've designed a custom default user for each new user. However, our system requires a specialized certificate that has to be installed on the local login.keychain for each user otherwise network connectivity is impacted.
  I've tried to use the security command through Terminal to install the certificate, but no matter what combination of commands, I cannot seem to get that to work properly even with an already-created user. While it will often say it's installed, the cert will not actually show up in the login keychain in Keychain Access. And the network connectivity is still impacted.
  So instead, I created a brief AppleScript that just gives the user brief instructions to click "Add" on the prompt for which Keychain to add the cert and then "Always Trust" for the "This cert is not verified" prompt. Then it launches Keychain Access. Originally, I was going to have it actually click the buttons for the user, but I realized trying to get the whole Accessibility apps and assitive devices to work on every new user would be a nightmare.
  I created the script on another 10.9 Mac using Automator to make it an actual application. I've used the instructions in OS X: Using AppleScript with Accessibility and Security features in Mavericks to sign it and I'm using root to move it from its network location into the Applications folder. I've adjusted the permissions to allow all Admin users to r/w (along with everyone else). To the root user, it shows as a usable application, but every other user on the Mac sees it as damaged/incomplete.
  What I want to do is add it to the default Login Items, so I can run the final AppleScript command to simply remove the login items listing. That way I don't need to worry about it running again, but it's still available for the next user to sign onto the deployed Mac.
  I know it's a little convoluted, but this is the final piece to the NetRestore deployment I've been working on for months. Any suggestions on how to make this work (or even a completely different solution) would be greatly appreciated.
  Here was the original shell script in case you're curious.
  #!/bin/bash
  ## Prompt for current user admin for use in Certificate Install
  while :; do # Loop until valid input is entered or Cancel is pressed.
      localpass=$(osascript -e 'Tell application "System Events" to display dialog "Enter your password for Lync Setup:" default answer "" with hidden answer' -e 'text returned of result' 2>/dev/null)
      if (( $? )); then exit 1; fi  # Abort, if user pressed Cancel.
      localpass=$(echo -n "$localpass" | sed 's/^ *//' | sed 's/ *$//')  # Trim leading and trailing whitespace.
      if [[ -z "$localpass" ]]; then
          # The user left the password field blank.
          osascript -e 'Tell application "System Events" to display alert "You must enter the local user password; please try again." as warning' >/dev/null
          # Continue loop to prompt again.
      else
          # Valid input: exit loop and continue.
          break
      fi
  done
  echo $localpass | sudo security import /'StartupFiles'/bn-virtual.crt ~/Library/Keychain/login.keychain
  osascript -e 'tell Application "System Events" to delete every login item whose name is "LyncCert"
  And this is the AppleScript itself. (I used the \ to make it easier to read. The first line is actually one complete command)
  display dialog "Click OK to start installing Mac Network Certificate." & return & return & \
  "In the following prompts, click the 'Add' then 'Always Trust'." & return & return & \
  After you have clicked 'Always Trust', quit Keychain Access." default button 1 with title \
  "Mac Network Certificate Install"
  activate application "Keychain Access"
  tell application "Finder" to open POSIX file "/StartupFiles/bn-virtualcar.crt"
  tell application "System Events" to delete login item "Lync-AppleScript"
  end
  Thank you for your help!

  I have run into this same issue. Are you trying to run the script one time as a new  user logs in or everytime a user logs in?

• How do I view all transactions run by a certain user?

  Hi SDN experts,
  I am being asked by management whether it is possible to provide a report showing all transactions run by certain users and I'm struggling to figure out how to do this in 'standard' SAP.
  I can use ST03N to show all users that have run a certain transaction, but can't see anywhere in ST03N that gives this information the other way round (i.e. all transactions run by a certain user). I can use SUIM to see all transactions that a user is authorised to run, but this doesn't show me which of those transactions a user has actually run - which is what I need.
  Can anyone help me with this?
  Many thanks,
  Arwel.

  Hi Arwel,
                      You need to run Auditing by configuring SM19, it's very simple you need to select the tabs which are need to be audited. This will create small amount of log file make sure about disk space.
  Once you turn on auditing you can go to SM20 and watch all the activities of the users. Make sure that you configure SM19 after every server reboot.
  Regards,
  Hari.
  PS: Awarding points will get you some points.

• PowerShell script to check permissions given to "NT Authority\All Authenticated Users" and..

  Hi there,
  On my SharePoint site - some places (Sites/Lists etc) have given permissions to "NT Authority\All Authenticated Users"
  We need to remove these permissions and instead give permissions to "Forest1\Domain Users" and "Forest1\Domain Users"
  PowerSHell script to do above will be appreciated.
  Thank you so much.

  Hello,
  In order to check whether "NT Authority\All Authenticated Users" are present in your site use this reference - Link
  Remove permission script reference - Link
  Finally grant permission script reference - link
  Kindly mark it as answer if it helps you.
  -Hatim

• Triggering Group Membership Rules against all users

  I have created a few new groups and access policies that use rules to define membership. How do I trigger the search through the entire user list to populate the new groups? If I edit a single record, then the rule gets applied. I need to batch apply the new rules to all users.
  KC

  Hi,
  I am not very sure if it will work or not but try running this default task it update all the user I guess.
  Set User Provisioned Date
  Else you can write a schedule task to update some attribute on user profile.
  Regards
  Nitesh

• 4EA3 - ISSUE: run-as-script exits silently, deleting all text from "Script Output"

  I have a short-to-medium sized script I've been developing in SQL Developer 4 EA (build MAIN-13.30).
  It was going pretty well, then just when I was ready to verify the whole thing start to finish, it started silently aborting, deleting output.
  This happened several times with the script.  Because output is deleted, I can't tell definitively when it failed.
  The log messages include pairs of messages matching the runs:
  SEVERE
  3088
  0
  oracle.dbtools.worksheet.commands.scriptrunner.task.executor.DefaultStatementExecutorTask
  java.io.PipedInputStream.checkStateForReceive(PipedInputStream.java:261)
  SEVERE
  3087
  10046
  oracle.dbtools.raptor.newscriptrunner.ScriptRunnerContext
  java.io.PipedInputStream.checkStateForReceive(PipedInputStream.java:261)
  I perform a bit of unconventional handling of DEFINE variables and WHENEVER SQLERROR, but these have been in the script during successful runs.
  Andrew Wolfe

  You haven't provide ANY information about what the script is even trying to do, what database you are working with or what 'output' you are talking about being deleted.
  I suggest that you perform more troubleshooting on your own to determine more about the issue that might be involved.
  Use the 'binary search' method: cut the script in half and run the first half. If that works add half of the second half of the script (now using 75% of the script) and run that. Maybe 'divide and conquor' will isolate the particular part that is failing.,
  If you are using Oracle then execute the script in sql*plus. If it works there but doesn't work in sql developer that provides more info.
  Run the script in the latest OFFICIAL version of sql developer. If that works then the problem may be related to the un-released version you are using.
  Not much anyone on the forums can do for you unless you post info about what it is you are even doing.
  Because output is deleted, I can't tell definitively when it failed
  Then you need to be more proactive and add steps to the script that display, print or log each step that is executed. Then it is easy to tell which steps completed and which step failed.

• Reporting Services through ISA server for All Authenticated Users

  Hello colleagues.
  I have MS SQL 2012 server with Reporting Services and it work via link:
  https://reports2.domain.com/reports
  In LAN all work fine, but I want publish this resource via ISA for All Authenticated Users.
  When in publish rule I configure (in Condition) "All users" - all work fine, but when I configure "All Authenticated Users" - I have trouble on web form on
  https://reports2.domain.com/reports/Pages/Report.aspx?ItemPat...  - scripts not work, because it run how "anonymous" (I see on ISA logging) and ISA block scripts.
  I can't use "All Users", because it's not secure.
  Maybe somebody publish Reporting Services through ISA server for All Authenticated Users?
  OR maybe - how on Reporting Services configure Negotiate authenticated for scripts?

  Hi Alexander,
  All users or applications who request access to report server content or operations must be authenticated using the authentication type configured on the report server before access is allowed. The AuthenticationType named RSWindowsNegotiate is supported
  by Reporting Services. To configure Windows Authentication on the Report Server, please see:
  http://msdn.microsoft.com/en-us/library/cc281253(v=sql.110).aspx
  Besides, we can publish report server via ISA server. Please note that you should use a new web port number with a new listener which shouldn’t be used by other web site for report server. Reference:
  http://social.technet.microsoft.com/Forums/forefront/en-US/1cc68996-1ce6-4d88-a30d-2bfd13fba06e/how-to-publish-ssrs-2008-through-isa-2006?forum=Forefrontedgegeneral
  Hope this helps.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support
  Katherine thanks for answer.
  Report Server service started as Domain account.
  I have in RSReportServer.config this:
  <Authentication>
  <AuthenticationTypes>
  <RSWindowsNegotiate />
  </AuthenticationTypes>
  <RSWindowsExtendedProtectionLevel>Allow</RSWindowsExtendedProtectionLevel>
  <RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>
  <EnableAuthPersistence>true</EnableAuthPersistence>
  </Authentication>
  In web.config I have this:
  <authentication mode="Windows" />
      <identity impersonate="true" />
  I can go (from Internet through ISA) to
  https://reports2.domain.com/reports  and LogOn Authentication is work, but scripts not work, because it run how "anonymous" (I see this on ISA logging) and ISA block scripts.
  Do you know where in Reporting Services configure run scripts with Negotiate authentication?