RE: [powershell] Add-Member question

[Kelley, Matthew]

Copy\paste got me…

$AllCustomizedObjects += $user.GetDirectoryEntry() | select 
givenName,LastName,DisplayName,Email,sAMAccountName,employeeID,departmentNumber,@{Name="Match";Expression={$false}}


-----Original Message-----
From: Kelley, Matthew
Sent: Tuesday, August 25, 2015 12:39 PM
To: powersh...@lists.myitforum.com
Subject: RE: [powershell] Add-Member question

No worries, I probably didn't have enough coffee yet today and took it the 
wrong way. I don't have the quest commandlet pack so this is all I can offer.

The first one doesn't seem to return email, not sure why, and the result is a 
collection rather than an object - probably not helpful since you would have 
to: foreach($obj in $AllCustomizedObjects){$obj.Properties} to get the values 
out.

The second one does a second look up, so not sure how efficient that is, but it 
does get all the properties you are looking for. In my AD the email is named 
mail, but I put email in the code below since that is what your property is 
named.

 Hopefully something is usable\useful in this that you can add to your code. 
You can test using findone instead of findall, makes it quicker to just grab 
the first object that meets the ldapfilter. Watch out for line breaks the email 
system puts in the code when it converts the content to text...


$ldapQuery = "(&(objectCategory=user)(!(lastname=\00)))"
$de = new-object system.directoryservices.directoryentry
$ads = new-object system.directoryservices.directorysearcher -argumentlist 
$de,$ldapQuery $colProplist = 
"givenName","LastName","DisplayName","Email","sAMAccountName","employeeID","departmentNumber"
foreach ($i in $colPropList){$ads.PropertiesToLoad.Add($i)}

$AllCustomizedObjects = @()

foreach($user in $ads.FindAll())
{
$user.Properties.Add("Matched",$false)
$AllCustomizedObjects += $user
}


OR


$ldapQuery = "(&(objectCategory=user)(!(lastname=\00)))"
$de = new-object system.directoryservices.directoryentry
$ads = new-object system.directoryservices.directorysearcher -argumentlist 
$de,$ldapQuery

$AllCustomizedObjects = @()

foreach($user in $ads.FindAll())
{
$AllCustomizedObjects += $user.GetDirectoryEntry() | select 
givenName,LastName,DisplayName,Email,sAMAccountName,employeeID,departmentNumber,@{Name="Name";Expression={$false}}
}


-----Original Message-----
From: listsadmin@lists.myITforum.com<mailto:listsadmin@lists.myITforum.com> 
[mailto:listsadmin@lists.myITforum.com] On Behalf Of Michael Leone
Sent: Tuesday, August 25, 2015 12:20 PM
To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com>
Subject: Re: [powershell] Add-Member question

On Tue, Aug 25, 2015 at 11:37 AM, Kelley, Matthew 
<kelle...@med.umich.edu<mailto:kelle...@med.umich.edu>> wrote:
> Good for you on liking the Quest product.

Didn't mean to come off as if I was dismissing you, I just happen to have a lot 
of scripts written using the Quest commandlets. Sorry if it seemed otherwise.

>The filter is what you asked for. I mistyped that is gets users where last 
>name is blank. If you look at the filter it has the "not" symbol - "!" - so 
>lastname not equal null is what the filter gets you.

I missed that, the first time.

>You could just add a property to $User, instead of creating a temporary 
>$CustomizedObject variable.  Something like:

Ah, that could help some. Thanks.

>
> $AllCustomizedObjects = @()
>  ForEach ($User in $AllActiveUsers
> {
>         $AllCustomizedUsers +=  $User | Add-Member -MemberType
> NoteProperty -Name Matched -Value $false }
>
> But actually, it sounds like you already have a better solution than the list 
> can offer. Nice Work!

Thanks. I try and muddle through. :-)


>
>
>
> -----Original Message-----
> From: listsadmin@lists.myITforum.com<mailto:listsadmin@lists.myITforum.com>
> [mailto:listsadmin@lists.myITforum.com] On Behalf Of Michael Leone
> Sent: Tuesday, August 25, 2015 11:16 AM
> To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com>
> Subject: Re: [powershell] Add-Member question
>
> On Tue, Aug 25, 2015 at 10:55 AM, Kelley, Matthew 
> <kelle...@med.umich.edu<mailto:kelle...@med.umich.edu>> wrote:
>>
>> If you are using Posh v3 or higher you can just use the MS commandlets. Try 
>> this:
>
> I am, but I like the Quest commandlets. Effectively the same, for what I do 
> with them.
>
>> $AllCustomizedObjects = @()
>> ForEach ($User in Get-ADUser -LDAPFilter "(!(lastname=\00))")
>>        {
>>        $CustomizedObject = $User
>>        $CustomizedObject | Add-Member -MemberType NoteProperty -Name Matched 
>> -Value $false
>>        $AllCustomizedUsers += $CustomizedObject
>>        }
>>
>> It will give you all users where lastname is blank. It looks like that is 
>> what you were asking for.
>
> Exact opposite, actually. I want AD accounts where the LastName field isn't 
> blank (well, not $null) ...
>
> We try and make it a point that only humans get lastname entries. So
> service accounts, console logins, generic departmental logins, etc are
> supposed to have a blank firstname and last name, and we just use the
> DisplayName for those type of accounts. Not perfect, but it's
> surprising how effective it can be ... if you follow the protocol, of
> course ... LOL)
>
> So looking for active AD accounts with a blank lastname is a pretty
> good first approximation of accounts belong
>> If you want all those other attributes (you aren’t using them in the
>> snippet you provided)
>
> I need to output those fields later, if they match a search criteria further 
> down (matching a name in a CSV provided by another department). That's why I 
> want the customized property - to indicate that this AD account matched one 
> provided in the CSV. Then later, I will output into a CSV only the objects 
> that didn't match. (and I can also output in a separate CSV all the accounts 
> that did match, since I know my guys will eventually want that, too).
>
>>you can use a select statement on $user within the loop to dump that data 
>>into an array.
>>
>>
>>
>> Matt
>>
>>
>>
>> From: listsadmin@lists.myITforum.com<mailto:listsadmin@lists.myITforum.com>
>> [mailto:listsadmin@lists.myITforum.com] On Behalf Of Michael Leone
>> Sent: Tuesday, August 25, 2015 10:07 AM
>> To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com>
>> Subject: [powershell] Add-Member question
>>
>>
>>
>> So I have a list of AD users, that I created using Quest cmdlets (Get-ADUser 
>> ..). I need to add a new NoteProperty to each object (I want to add a 
>> boolean member, to indicate that this object meets certain criteria, 
>> determined later in the script). And I seem to be confused. (I know, what 
>> else is new).
>>
>>
>>
>> Do I need to:
>>
>> Do a ForEach-Object loop through all the returned users
>>
>> Create a new CustomObject
>>
>> Set it to the value of the user
>>
>> Add-Member boolean field to the custom object
>>
>> save custom object into new list?
>>
>>
>>
>> $AllActiveUsers = Get-QADUser <OneUser> -Enabled -SizeLimit 0
>> -IncludedProperties employeeID, departmentNumber| Select
>> givenName,LastName,DisplayName,Email,sAMAccountName,employeeID,depart
>> m
>> entNumber| Where-Object {$_.LastName -ne $null} | sort
>> LastName,givenName
>>
>>
>>
>> $AllCustomizedObjects = @()
>>
>>
>>
>> ForEach ($User in $AllActiveUsers)
>>
>>             {
>>
>>             $CustomizedObject = $User
>>
>>             $CustomizedObject | Add-Member -MemberType NoteProperty
>> -Name Matched -Value $false
>>
>>             $AllCustomizedUsers += $CustomizedObject
>>
>>             }
>>
>>
>>
>> That works, but is there a better way?
>>
>>
>>
>> I could come at it from the other direction; get my list of all users; when 
>> I find one that matches the criteria later, at that point create a new 
>> object with my boolean field; save all those objects; use those customized 
>> objects later in output. That would double up memory use, but possibly 
>> shorten execution time, since I wouldn't have to loop through all users 
>> first, adding an object. Instead only adding objects when I find a match 
>> (which should only be about 20% of the users, I am expecting).
>>
>>
>>
>>
>>
>>
>>
>>
>> ================================================
>> Did you know you can also post and find answers on PowerShell in the forums?
>> http://www.myitforum.com/forums/default.asp?catApp=1
>>
>> **********************************************************
>> Electronic Mail is not secure, may not be read every day, and should
>> not be used for urgent or sensitive issues
>>
>>
>> ================================================
>> Did you know you can also post and find answers on PowerShell in the forums?
>> http://www.myitforum.com/forums/default.asp?catApp=1
>
>
> ================================================
> Did you know you can also post and find answers on PowerShell in the forums?
> http://www.myitforum.com/forums/default.asp?catApp=1
>
> **********************************************************
> Electronic Mail is not secure, may not be read every day, and should
> not be used for urgent or sensitive issues
>
> ================================================
> Did you know you can also post and find answers on PowerShell in the forums?
> http://www.myitforum.com/forums/default.asp?catApp=1


================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1


**********************************************************
Electronic Mail is not secure, may not be read every day, and should not be 
used for urgent or sensitive issues 

================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1