If you don’t have an AD user provisioning tool implemented in your environment, I’m sure most of your user provisioning and de-provisioning is done using PowerShell scripts which helps in reducing the amount of time consumed in this process.
You probably are bombarded with requests from various departments in your organization to provide them with a list of new users who were created for various reasons.
This script can be automated by securely storing the credentials and running a scheduled task that runs on a specific day. Don’t store your admin or any credentials in any of your scripts.
You can use ConvertFrom-SecureString command to get an encrypted standard string and ConvertTo-SecureString to simply reverse the process by importing the data from your file and then create a PSCredential object.
In this above method, the point of converting password to a SecureString and storing it in a file is to keep it out of plain text in PS scripts so that it’s not as easily discovered. This can be easily decrypted and not recommended.
You can use the Microsoft.PowerShell.SecretManagement and Microsoft.PowerShell.SecretStore PS modules which I’ve covered in a later post.
$Days = -7
$Maxdate = (Get-Date).addDays($Days)
$CurrentWeekNumber = Get-Date -UFormat %V
$dateformat = "dddd MM/dd/yyyy"
$subjDate = Get-Date $Maxdate -Format $dateformat
$NewUsers = Get-ADUser -filter { whencreated -ge $Maxdate} -Properties EmailAddress, co, Description | Select-Object -Property GivenName, SurName, DisplayName, Description, co, EmailAddress # Gathering recent New AD Users
if ($NewUsers) # If there are more than one new user created in last $Days, prepare to send a mail
{
$MailBody = $NewUsers | ConvertTo-Html -Fragment
$MailParams = @{Body = $mailBody | Out-String
BodyAsHtml = $true
From = "AD-Admin@acme.com"
To = "jsmith@acme.com" # separate with comma for multiple users. "jdoe@acme.com", "jroe@acme.com"
SmtpServer = "smtp.acme.com"
Subject = "New users for the week : $CurrentWeekNumber | Week Starting - $subjDate"
Encoding = "UTF8"
Priority = "Normal" # Accepted values: Normal, High, Low
#Port = xxxx #If not 25
Credential = $(Get-Credential)
}
Send-MailMessage @MailParams
}
Hope this script was useful is generating weekly reports of newly created AD users.
I recently faced an issue where users are provisioned to AD using an user system/tool that applies the Country value to the user while creating the account but it doesn’t have the ability to update the countryCode and co attributes. And I had few thousand users with no value set in the co and countryCode attributes.
In this post, I’ll cover the details on how came up with a workaround for this issue.
The AD attributes we are dealing with here are,
c (Country-Name): ISO-3166 2-digit string value
countryCode (Country-Code): ISO-3166 Integer value
co (Text-Country): Open string value
When we pick a country name from the drop-down in the Active Directory users and computers GUI, the c, co and countryCode attributes are automatically assigned.
With PowerShell, we can use the Set-ADUser to assign the c attribute to the user,
In this method, no values are assigned to the co and countryCode attributes automatically like how it happened while updating in the GUI. Below are the screenshots of the user properties after running the above cmdlet.
We can use this method to assign all three values for the user,
In my scenario, the users provisioned by the tool already had the c attribute value set. I exported all users from the AD domain, determined the countries and then used the below script to update the co and countryCode attributes.
This table at the end of this post provides all countries in the AD address tab Country/region drop-down list. You can use this to update the above script according to your needs. I also made this script to be run as a scheduled task to run once a week to update the new users created throughout the week. Not a perfect solution but replacing the user provisioning tool wasn’t an option in my case, hence I stuck with this method.
Hope this post helped you in better understanding the c, co and countryCode attributes in AD and an easier method to update it.
Organizational hierarchy is vital to run everyday activities smoothly in any enterprise. With Azure AD, user’s manager information can be updated easily and this information can be used in other features like Teams and apps that require workflow.
In this post, I’ll go over steps on how to update manager information for a specific user, for a list of users based on information from a csv file and to determine users’ manager information
Managing file shares can be daunting task some times and when you are trying to make sure the data doesn’t walk out of these shares, other control mechanism usually come into place and along with that comes questions to administrators. One such question I got asked recently was, can you tell me all the file types in this share and how many files there are?
If you come across this situation, you can use the below lines to get an easy overview of the filetypes and the count of files. The input can also be in the UNC format(Ex: \\Server2\Share)
I also put together this below script that will generate two csv files as output. One with a overview of file extensions and count of files and the second with the files’ path on where it is stored in the share.
$path = Read-Host "Enter folder path to analyze file extensions"
$dir = Split-Path -Path $path -Leaf
# create a folder named 'Report' in the script path to store the csv files generated
$ReportFolder = ".\Report"
if (Test-Path $ReportFolder){
Write-Host "Report folder already exists" -ForegroundColor Green
}
else
{
New-Item $ReportFolder -ItemType Directory
Write-Host "Report Folder Created successfully" -ForegroundColor Red
}
#variable to store file name for log file extensions and count. Create top two columns = Extension and File Count
$ft = “.\Report\Folder report for ” + $dir + "$((Get-Date).ToString("MMddyyyy_HHmmss"))" + “.csv”
“Extension`tFile Count” | Out-File -FilePath $ft
#variable to store file name for file name to log file list by extension
$fl = “.\Report\File extension report for ” + $dir + "$((Get-Date).ToString("MMddyyyy_HHmmss"))" +“.csv”
#Analyse path for file type extension
$dirext = Get-ChildItem -Path $path -Recurse -File | Group-Object Extension | Sort-Object count -desc
foreach($ext in $dirext)
{
$ext.Name + “`t” + $ext.Count | Out-File -FilePath $ft -Append
“File Report on file Extensions`: ” + $($ext.Name) + ” [Count`: ” + $ext.Count + “]” | Out-File -FilePath $fl -Append
$ext.Group.FullName | Out-File -FilePath $fl -Append
“`n`r” | Out-File -FilePath $fl -Append
}
Write-Host "Reports generated successfully" -ForegroundColor Green
Hope this post helped you in digging into what’s in your file shares when it comes to file types.😉😁
