Friday, June 15, 2012

Powershell and Active Directory: Find Active Directory users in a particular Organizational Unit whose Script Path is not set or blank using Powershell.

 

Hi,

If we are using "Active Directory" then one this is sure that 98% we are using some login scripts. Sometime while creating users we forget to mentioned to specify the login script in account.

15-06-2012 12-43-37

My task of today is to find all users accounts those have no login script defined in their accounts.

Let's Start.

 Make sure you have "RSAT" installed on you laptop.

Now Import the Active Directory module.

Import-Module ActiveDirectory

30-04-2012 23-21-03 

..

ok, Module is imported,

...

I want to search a particular organizational unit for users. I am not so good in LDAP so i always do a trick to find full path of OU.

Find OU.

I know a user name "Will smith" in located in that Organizational unit on whom i want to search users those have blank LOGIN SCRIPT field.

I run Get-ADUser cmdlet against Will.smith and i choose to show me of DistinguishedName the user. That DistinguishedName name contain full path of that OU

(Get-ADUser will.smith).DistinguishedName

Copy all fields expect CN and saved it to a variable.

15-06-2012 12-44-57 

$ou = "OU=testing,DC=localDC,DC=com"

15-06-2012 12-55-32

We are using  Get-ADUser cmdlet , to the information about active Directory users, in -SearchBase we are telling it to search our  predefined Organizational Unit in $ou variable,   then -Filter * to search for all users , and then -Properties * to show all the properties of the user account , then we are piping the command to  where cmdlet and we are choosing to choose only those users whose SCRIPTPATH is equal to null or blank and after that we are selecting only names using select cmdlet.

Get-ADUser -SearchBase $ou -Filter * -Properties * | where { $_.ScriptPath -eq $null } | select Name

15-06-2012 12-59-34

All Done...Job is secured | once again ...

Thanks!

Aman Dhally

Buy-More-Twitter-Followers   4fb29548b6adc

dance_goofy

2 comments:

  1. Working with a large number of users you would probably want to do a LdapFilter instead.

    Get-ADUser -LDAPFilter "(!ScriptPath=*)"

    If you don't, the Get-ADUser will return _every_ user in the OU and then the Where-Object will do the filtering...

    ReplyDelete
    Replies
    1. Hi Rikard,

      thanks for the nice TIP and sharing your knowledge with us.

      thanks
      aman

      Delete

Note: Only a member of this blog may post a comment.