Here's the script so far any ideas on how to make the 2 parts come together?
In the first query it finds the data but i want to trim off everything but the login ID. Here's what it is pulling now: 75000032 (GUZMAN,LUZ) . How do a edit out the (GUZMAN,LUZ) ???
Search for all users in OU:
Get-QADUser -SearchRoot 'OU=Partners,DC=xxx,DC=com' | foreach { Write-Output ([char]10) $_.Name;} | out-file C:\Userlist.txt
Working script to flip primary
$User = Get-content "C:\UserList.txt"
$LogFile = "Logfile.txt"
$un = Read-Host "User Name domain\username" # Your domain and username
$pw = read-host "Enter password" -AsSecureString # Your Password
connect-QADService -service 'xxx.com' -ConnectionAccount $un -ConnectionPassword $pw
foreach ($User in C:\Userlist.txt) {
Set-QADUser -Identity $User -ObjectAttributes @{primaryGroupID=@(222753)
}
2 elements I need to complete
1. Way to format list/array to only have the 8 numbers I need on list
2. At end of script to remove Domain Users from each account being altered.
is the LogonID the 8 Char number? If so, then you could pass it through something like this (assuming the return is already a string value)
$string = "75000032 (GUZMAN,LUZ)"$ID = $string -match "\d{8}" | % {$matches[0]}
I'm not using the Quest AD tools, so I'm not familiar with a simple way to grab just the ID from them. The above method should work.
Taking it a bit further you may be able to do something like this:
$users = Get-QADUser -SearchRoot 'OU=Partners,DC=xxx,DC=com' | % {$_.Name -match "\d{8}" ; $matches[0]}$un = Read-Host "User Name domain\username" # Your domain and username$pw = read-host "Enter password" -AsSecureString # Your Password$connect = Connect-QADService -service 'xxx.com' -ConnectionAccount $un -ConnectionPassword $pwforeach ($User in $users) { $set = Set-QADUser -Identity $User -ObjectAttributes @{primaryGroupID=@(222753)}}
Remember, I don't have the Quest tools, so I cannot test, but this looks like it could work.
Like I said in my message i am new so I need some explainations in order to grip this right..
Here is where I am at now, it appears my loop could be the issue. I would like to have a way to get a write-host after each function so I know if it completed or not.
$FilePath = "c:\userlist.txt" $OuDomain = "OU=Partners,DC=xxx,DC=com" $un = read-Host "User Name domain\username"
$pw = read-host "Enter password" -AsSecureString
connect-QADService -service 'xxx.com' -ConnectionAccount $un -ConnectionPassword $pwget-QADUser -searchRoot $OuDomain | select-Object SamAccountName | Out-File $Filepath$f=${C:\userlist.txt}$f[0]=$null$f[1]=$null$f[2]=$null${c:\userlist.txt}=$fforeach ($User in get-content $FilePath) {Set-QADUser -Identity $user -ObjectAttributes @{primaryGroupID=@(222753)}}
Actually I messed up here is the latest:
$u = "c:\userlist.txt" $OuDomain = "OU=Partners,DC=xxx,DC=com" $un = read-Host "User Name domain\username" # Your domain and username$pw = read-host "Enter password" -AsSecureString # Your Password
connect-QADService -service 'xxx.com' -ConnectionAccount $un -ConnectionPassword $pwget-QADUser -searchRoot $OuDomain | select-Object SamAccountName | Out-File $u$f=${C:\userlist.txt}$f[0]=$null$f[1]=$null$f[2]=$null${C:\userlist.txt}=$fforeach ($u in C:\userlist.txt){Set-QADUser -Identity $u -ObjectAttributes @{primaryGroupID=@(222753)}foreach($u in C:\userlist.txt){ Get-QADUser -Identity $u.memberOf | Get-QADGroup | where {$_.name -match 'domain users$'} | Remove-QADGroupMember -member $u } }
1st - Anytime you can put something into an object rather than a file do so. There should be very minimal reasons to save something to a file then read it back in.
2nd - I first must ask, what is the purpose of:
$f=${C:\userlist.txt}$f[0]=$null$f[1]=$null$f[2]=$null${C:\userlist.txt}=$f
3rd - Keep as many loops out of the equation as possible. It appears as tho you could put both foreach loops into one.
I'll keep looking at the loops, but start with this for now and let me know how things go.
$OuDomain = "OU=Partners,DC=xxx,DC=com"$un = read-Host "User Name domain\username" # Your domain and username$pw = read-host "Enter password" -AsSecureString # Your Passwordconnect-QADService -service 'xxx.com' -ConnectionAccount $un -ConnectionPassword $pw$users = get-QADUser -searchRoot $OuDomain | select-Object SamAccountNameforeach ($user in $users){ Set-QADUser -Identity $user -ObjectAttributes @{primaryGroupID=@(222753) Get-QADUser -Identity $user | foreach {$_.memberOf} | foreach {Get-QADGroup} | where {$_.name -match 'domain users$'} | Remove-QADGroupMember -member $user}
On the write output for the code check out MS's info on PoSh 2.0 Debug -
http://www.microsoft.com/technet/scriptcenter/topics/winpsh/debug.mspx
this was because when I pulled the data into the text file it had a blank line, title and a seperation line. This removs those so it could be read from the first username and not the first three lines. :)
Set-QADUser : Cannot bind parameter 'Identity'. Cannot convert the "@{SamAccountName=jberri}" value of type "Selected.Quest.ActiveRoles.ArsPowerShellSnapIn.Data.ArsUserObject" to type "Quest.ActiveRoles.ArsPowerShellSnapIn.Data.IdentityParameter".At Q:\andsoon.ps1:15 char:26+ Set-QADUser -Identity <<<< $user -ObjectAttributes @{primaryGroupID=@(222753) + CategoryInfo : InvalidArgument: (:) [Set-QADUser], ParameterBindingException + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets. SetUserCmdlet
Seems to be having an issue coverting the @{SamAccountName=username} to the $user variable. that is where the loop issue is i think.
So, $user is an object, and -Identity needs a string. I believe you should be able to use the SamAccountName property for this...
foreach ($user in $users){ Set-QADUser -Identity $user.SamAccountName -ObjectAttributes @{primaryGroupID=@(222753) Get-QADUser -Identity $user.SamAccountName | foreach {$_.memberOf} | foreach {Get-QADGroup} | where {$_.name -match 'domain users$'} | Remove-QADGroupMember -member $user}
The hash literal was incomplete. At :line:13 char:263 + Set-QADUser -Identity $user.SamAccountName -ObjectAttributes @{primaryGroupID=@(222753) | Get-QADUser -Identity $user.SamAccountName | foreach {$_.memberOf} | foreach {Get-QADGroup} | where {$_.name -match 'domain users$'} | Remove-QADGroupMember -member $user <<<< error message
The hash literal was incomplete.
At :line:13 char:263
+ Set-QADUser -Identity $user.SamAccountName -ObjectAttributes @{primaryGroupID=@(222753) | Get-QADUser -Identity $user.SamAccountName | foreach {$_.memberOf} | foreach {Get-QADGroup} | where {$_.name -match 'domain users$'} | Remove-QADGroupMember -member $user <<<<
error message
put the same .SamAccountName after the final $user
I ran across a post today that may explian the issue. I am running v2.0 and the Hash issue is a result of using XP with that version. I am going to remove 2.0 and see how it goes.
that didnt work :(