First time programming powershell, need help. - Developers

Hey, so my boss just gave me a job as an IT trainee, i need to make a script that would enable me to disable the user from active directory users database and after 2 weeks disable his email. So i have a working template on the script of how to get the active directory user list. [QUOTE]PROCESS { $path = Split-Path -parent "$CSVReportPath\*.*" $pathexist = Test-Path -Path $path If ($pathexist -eq $false) {New-Item -type directory -Path $path} $reportdate = Get-Date -Format ssddmmyyyy $csvreportfile = $path + "\ALLADUsers_$reportdate.csv" Import-Module ADUser }[/QUOTE] Import-Module : The specified module 'ADUser' was not loaded because no valid module file was found in any module directory. At ****** Eh, like i said, i'm quite new with powershell, only know most of the basic MS-DOS commands. Any tips on how the script should work? Would be very grateful!

You say this was working? Were you ever able to get users with ADUser? Did you mean to import activedirectory and use the Get-ADUser command? [url]https://blogs.msdn.microsoft.com/adpowershell/2009/02/25/active-directory-module-for-windows-powershell-quick-start-guide/[/url]

[QUOTE=brianosaur;50972726]You say this was working? Were you ever able to get users with ADUser? Did you mean to import activedirectory and use the Get-ADUser command? [URL]https://blogs.msdn.microsoft.com/adpowershell/2009/02/25/active-directory-module-for-windows-powershell-quick-start-guide/[/URL][/QUOTE] No, this was not working, as a first script this is only part of the skeleton for the entire one. It's just so i can get the list for all the users in active directory user. Yes, i meant to import active directory, but when i try get-ADUser i get "it is not recognized as the name of a cmdlet, etc." Thanks for helping! I used to code in visual basic, blitz 3D and python before, but now i'm very rusty, the only recent use of MS-DOS was DOSbox for me :v: Question is is how can i find out what's the correct source. Oh, and i'm on win7, so i don't use windows server 2008

The G in Get-ADUser is capitalized.

[QUOTE=brianosaur;50972777]The G in Get-ADUser is capitalized.[/QUOTE]Tried both. Does it have to do something with server permissions or location of AD?

On that page I linked there's a command to show the list of cmdlets. Did you try that? get-help *-AD* Its also helpful to read the documentation as well, there might be some gotchas that might help you.

[QUOTE=brianosaur;50972847]On that page I linked there's a command to show the list of cmdlets. Did you try that? get-help *-AD* Its also helpful to read the documentation as well, there might be some gotchas that might help you.[/QUOTE] Hey, thanks for the help, after quite a while i figured it out. I just didn't enable the powershell AD modules during installation :v now, for this script PROCESS { $path = Split-Path -parent "$CSVReportPath\*.*" $pathexist = Test-Path -Path $path If ($pathexist -eq $false) {New-Item -type directory -Path $path} $reportdate = Get-Date -Format ssddmmyyyy $csvreportfile = $path + "\ALLADUsers_$reportdate.csv" Import-Module Activedirectory Get-ADUser -Server $ADserver -searchbase "$SearchLoc" -Properties * -Filter *| select-Object @{Label = "First Name";Expression = {$_.GivenName}}, @{Label = "Last Name";Expression = {$_.Surname}}, @{Label = "Display Name";Expression = {$_.DisplayName}}, @{Label = "Logon Name";Expression = {$_.sAMAccountName}}, @{Label = "Full address";Expression = {$_.StreetAddress}}, @{Label = "City";Expression = {$_.City}}, @{Label = "State";Expression = {$_.st}}, @{Label = "Post Code";Expression = {$_.PostalCode}}, @{Label = "Country/Region";Expression = {if (($_.Country -eq 'EU') ) {'Lithuania'} Else {''}}}, @{Label = "Job Title";Expression = {$_.Title}}, @{Label = "Description";Expression = {$_.Description}}, @{Label = "Department";Expression = {$_.Department}}, @{Label = "Office";Expression = {$_.OfficeName}}, @{Label = "Phone";Expression = {$_.telephoneNumber}}, @{Label = "Email";Expression = {$_.Mail}}, @{Label = "Manager";Expression = {%{(Get-AdUser $_.Manager -server $ADServer -Properties DisplayName).DisplayName}}}, @{Label = "Account Status";Expression = {if (($_.Enabled -eq 'TRUE') ) {'Enabled'} Else {'Disabled'}}}, # the 'if statement# replaces $_.Enabled @{Label = "Last LogOn Date";Expression = {$_.lastlogondate}} | Export-Csv -Path $csvreportfile -NoTypeInformation } Get-ADUser : Cannot validate argument on parameter 'Server'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. At C:\Users\****\Desktop\getthisthingworkingdamnit.ps1:15 char:37 + Get-ADUser -Server $ADserver -searchbase "$SearchLoc ... + ~~~~~~~~~ + CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser I'm really lost here. Any help?

Please use the code tags [code]

That error message I think sounds quite helpful. Its telling you that $ADserver variable is null or undefined. If that variable is something that the active directory module gives you (from what you give you do not set this variable), then check to see that it is spelled correctly or print it out to standard output

For the cmdlet Get-ADUser the Server parameter should be the hostname of a specific domain controller. Alternatively, you could specify the fqdn of your domain, and AD will load balance your request across your DCs.

[QUOTE=Smartguy5000;51030144]For the cmdlet Get-ADUser the Server parameter should be the hostname of a specific domain controller. Alternatively, you could specify the fqdn of your domain, and AD will load balance your request across your DCs.[/QUOTE] Smartguy is right, but you actually don't even have to specify the domain controller unless you're working with a domain controller from a trusted domain other than your own, or if you're worried about performance. Also, if you have Win7 RSAT tools installed, and the corresponding windows features enabled, you won't even need to import-module activedirectory, as long as you're on powershell 3.0 or higher. It's worth mentioning that you have a good opportunity; I had some interns this summer and gave them a similar project to work on. This is the kind of work that will set you apart from "click next" Sys Admins.

[QUOTE=andypopz;51030748]Smartguy is right, but you actually don't even have to specify the domain controller unless you're working with a domain controller from a trusted domain other than your own, or if you're worried about performance. Also, if you have Win7 RSAT tools installed, and the corresponding windows features enabled, you won't even need to import-module activedirectory, as long as you're on powershell 3.0 or higher. It's worth mentioning that you have a good opportunity; I had some interns this summer and gave them a similar project to work on. This is the kind of work that will set you apart from "click next" Sys Admins.[/QUOTE] Yeah, i'm an inter in my job too. But thanks for all the support guys, fixed the script. Now there's another question - how do you disable outlook emails (microsoft exchange) with a script? What kind of function do i need to import all of it through microsoft exchange? (sorry for my bad terminology, can't really correctly translate it from my languege) [editline]12th September 2016[/editline] Oh, and removing the membership from all groups concerning a user that's written in a text file (so you don't have to input wich group he should be removed from, just remove from all groups)

[QUOTE=RazorsharpLT;51038575]The principal i'm working on here is: [CODE]$ListOfUsers | Get-ADUser | Disable-ADAccount | Get-ADPrincipalGroupMembership | Remove-ADPrincipalGroupMembership -Identity "$ListOfUsers" |[/CODE] The List of Users being the text file i use to enter usernames[/QUOTE] So you're not far off; If you want to do a one-liner [CODE]Get-Content "C:\pathtolist.txt"[/CODE] piped to whatever is your friend. That being said, while you could do this as a one liner, I recommend you learn about functions in Powershell. Sorry I can't be of more help atm but I'm pretty tired. This should nudge you in the right direction- You also need to be aware that powershell is Powerful AF and I would recommend messing with this in a lab with a domain controller that has DNS & DHCP roles installed and configured, and at least 2 clients. This can all be virtualized -mine is. If I get some time in the lab I'll put together an example for you in the morning.

[QUOTE=andypopz;51042225]So you're not far off; If you want to do a one-liner [CODE]Get-Content "C:\pathtolist.txt"[/CODE] piped to whatever is your friend. That being said, while you could do this as a one liner, I recommend you learn about functions in Powershell. Sorry I can't be of more help atm but I'm pretty tired. This should nudge you in the right direction- You also need to be aware that powershell is Powerful AF and I would recommend messing with this in a lab with a domain controller that has DNS & DHCP roles installed and configured, and at least 2 clients. This can all be virtualized -mine is. If I get some time in the lab I'll put together an example for you in the morning.[/QUOTE] Thanks, i got the code. Made it a simple prompt and removed a user from all groups. The feedback ya'll been given me helped a lot. But there's still one last question i had - how can i make a timed email disable function? For example, a worker leaves our company and i run all the scripts to disable, remove him from all groups, but his email is still active, and he might use/need it for 2 weeks untill we get new employees, so what i wanna do is run a timed script that disables his email in 14 days. Where should i start? Any guides on managing emails with PS?

[QUOTE=RazorsharpLT;51049303]Thanks, i got the code. Made it a simple prompt and removed a user from all groups. The feedback ya'll been given me helped a lot. But there's still one last question i had - how can i make a timed email disable function? For example, a worker leaves our company and i run all the scripts to disable, remove him from all groups, but his email is still active, and he might use/need it for 2 weeks untill we get new employees, so what i wanna do is run a timed script that disables his email in 14 days. Where should i start? Any guides on managing emails with PS?[/QUOTE] Do you want a constantly running script or a nightly check ? If only once a night or once every few hours you might just want to run your script using a scheduled task in windows. [URL]https://technet.microsoft.com/en-us/library/cc721931(v=ws.11).aspx[/URL] [URL]http://stackoverflow.com/questions/2071496/run-a-powershell-script-in-the-background-once-per-minute[/URL]

[QUOTE=quincy18;51049580]Do you want a constantly running script or a nightly check ? If only once a night or once every few hours you might just want to run your script using a scheduled task in windows. [URL]https://technet.microsoft.com/en-us/library/cc721931(v=ws.11).aspx[/URL] [URL]http://stackoverflow.com/questions/2071496/run-a-powershell-script-in-the-background-once-per-minute[/URL][/QUOTE] No, it's a one time off script that will activate in 2 weeks. Maybe use timelapse?

You can use the Task Scheduler to kick of a .ps1 script for a one time schedule. [URL="https://blogs.technet.microsoft.com/heyscriptingguy/2012/08/11/weekend-scripter-use-the-windows-task-scheduler-to-run-a-windows-powershell-script/"]Here[/URL] is a good guide. However, when I make tasks at work I usually put [code]Powershell.exe -executionpolicy bypass -noninteractive -file [/code] before the path. This is what it'll end up looking like [IMG]http://i.imgur.com/f3oHgON.png[/IMG]

[QUOTE=Smartguy5000;51052595]You can use the Task Scheduler to kick of a .ps1 script for a one time schedule. [URL="https://blogs.technet.microsoft.com/heyscriptingguy/2012/08/11/weekend-scripter-use-the-windows-task-scheduler-to-run-a-windows-powershell-script/"]Here[/URL] is a good guide. However, when I make tasks at work I usually put [code]Powershell.exe -executionpolicy bypass -noninteractive -file [/code] before the path. This is what it'll end up looking like [IMG]http://i.imgur.com/f3oHgON.png[/IMG][/QUOTE] Any possible way i can do this without task scheduler? Don't really wanna use it for a single script

[QUOTE=RazorsharpLT;51054227]Any possible way i can do this without task scheduler? Don't really wanna use it for a single script[/QUOTE] Why would you not ? You can just schedule it to run it once and it is safer then using code because a loop or something else can crash while the scheduler works even if the PC / Server reboots.

[QUOTE=quincy18;51054953]Why would you not ? You can just schedule it to run it once and it is safer then using code because a loop or something else can crash while the scheduler works even if the PC / Server reboots.[/QUOTE]Eh, my boss just asked me, but thanks for the info, i'll inform him. He just wanted to avoid using an entire program for 1 script

[QUOTE=RazorsharpLT;51055255]Eh, my boss just asked me, but thanks for the info, i'll inform him. He just wanted to avoid using an entire program for 1 script[/QUOTE] It's already build into windows(so no seperate program) and made exactly for this purpose, to schedule a scrip / program to run on a specific time or multiple times. But I get it, bosses can be quite annoying when they don't know what they are talking about.

Also, you'll need to have the task run with a service account that has permissions to do what you need it to do. Don't put your credentials in the task.

Still, would be grateful for a way without using task scheduler. Not gonna use the script, but atleast my boss would be satisfied. Using timestamp maybe? Or Start-ScheduledTask? [editline]19th September 2016[/editline] Oh, and one of the reasons why i don't want to use task scheduler is for streamlining, so you could only enter the users name and, regardless of the date and current time, it will disable the mail in 2 weeks. In task scheduler you have to enter a new date manually methinks (never used task scheduler in any great depth)

So, any help guys? I need to disable the user's email (when i run the script) Task scheduler. The problem i have with task scheduler is that it starts the script on a certain day (enter date through a calendar). I need it to automatically adjust the date when it's launched...

Ahh I sort of get what you mean, I am currently a bit bussy with work so I can't really check things out but you could split your script to disable the user now with the prompt and then use powershell to schedule a second script with a argument to disable the mailbox. So script 1 would have: 1. prompt. 2. disable user. 3. schedule 2th script with prompt argument. Second script : 1. disable mailuser right now from argument. It's probably not the most elegant solution but atleast if you have a deadline you can build it.

[QUOTE=quincy18;51088136]Ahh I sort of get what you mean, I am currently a bit bussy with work so I can't really check things out but you could split your script to disable the user now with the prompt and then use powershell to schedule a second script with a argument to disable the mailbox. So script 1 would have: 1. prompt. 2. disable user. 3. schedule 2th script with prompt argument. Second script : 1. disable mailuser right now from argument. It's probably not the most elegant solution but atleast if you have a deadline you can build it.[/QUOTE] Yeah, a bit lost at the prompt argument (connecting scripts through arguments)