Hi,
If we are using "Active Directory" then one this is sure that 98% we are using some login scripts. Sometime while creating users we forget to mentioned to specify the login script in account.
My task of today is to find all users accounts those have no login script defined in their accounts.
Let's Start.
Make sure you have "RSAT" installed on you laptop.
Now Import the Active Directory module.
Import-Module ActiveDirectory
..
ok, Module is imported,
...
I want to search a particular organizational unit for users. I am not so good in LDAP so i always do a trick to find full path of OU.
Find OU.
I know a user name "Will smith" in located in that Organizational unit on whom i want to search users those have blank LOGIN SCRIPT field.
I run Get-ADUser cmdlet against Will.smith and i choose to show me of DistinguishedName the user. That DistinguishedName name contain full path of that OU
(Get-ADUser will.smith).DistinguishedName
Copy all fields expect CN and saved it to a variable.
$ou = "OU=testing,DC=localDC,DC=com"
We are using Get-ADUser cmdlet , to the information about active Directory users, in -SearchBase we are telling it to search our predefined Organizational Unit in $ou variable, then -Filter * to search for all users , and then -Properties * to show all the properties of the user account , then we are piping the command to where cmdlet and we are choosing to choose only those users whose SCRIPTPATH is equal to null or blank and after that we are selecting only names using select cmdlet.
Get-ADUser -SearchBase $ou -Filter * -Properties * | where { $_.ScriptPath -eq $null } | select Name
All Done...Job is secured | once again ...
Thanks!
Aman Dhally
Working with a large number of users you would probably want to do a LdapFilter instead.
ReplyDeleteGet-ADUser -LDAPFilter "(!ScriptPath=*)"
If you don't, the Get-ADUser will return _every_ user in the OU and then the Where-Object will do the filtering...
Hi Rikard,
Deletethanks for the nice TIP and sharing your knowledge with us.
thanks
aman