Script to Search Netlogon logon scripts and Replace Drive Mappings

Prologue

Ace Fekay here again!

Once again, As many of you know, I’m an avid Active Directory and Exchange server engineer/architect, and an MVP in Active Directory. And why am I posting simple stuff, you ask. Well, because we need to use this stuff day to day, that’s why.

Yea, this may be simple, but you’d be surprised who may struggle with it, like I did. I had to get help from a colleague who put the bulk of this together. I first had an idea with my beginner’s mentality to do it a little differently, but when I saw what he suggested, I said, hmm, I still have lots to learn.

I hope this, and my future scripts, especially with Office 365, help you out.

Scope

After migrating shares from one server to another server using a Robocopy script (that I’ll post later), we needed to change the drive mappings in the logon scripts in the Netlogon share.

Keep in mind, we already have a robust DFS in place. The new sharename has targets to the old server. However, we needed to change any logon scripts still referencing the old server by either NetBIOS or by FQDN (OldServer.domain.com).Well, with 28,000 scripts, that’s something we’re not going to do manually.

This script replaces any mappings using the old server name, “OldServer” such as either \\olderserver\sharename or \\oldserver.contoso.com\sharename, to the new DFS name, \\contoso.com\NewShareName.

Code

This works fine. Watch the word-wrap in the blog.

# First run the robocopy script to copy all data
# Then run the netlogon report script to see how many bat files in netlogon reference OldServer
# Then run this script to replace any reference to “OldServer” to the new DFS sharename in the batch files for each share.
# By Ace Fekay and a colleague, who put together the bulk of this together.
# I added counters and report to the screen.
 
# If you need to run it as a different users, un-remark the following
# get-credential

$Path = “\\contoso.com\NETLOGON\”
$FilesAltered = 0
$FilesProcessed = 0
 
# This code snippet gets all the files in $Path that end in “.bat”.
cd $Path

Get-ChildItem -Filter “*.bat” | foreach{
$file = Get-Content $_
 
    #only modify files that contain the string “OldServer”
    if (Select-String -InputObject $file “OldServer”){
 
    $file = Get-Content $_
    $file = $file -replace “\\\\OldServer\\Users”,”\\contoso.com\\OldServer-Users”
    $file = $file -replace “\\\\OldServer.contoso.com\\users”,”\\contoso.com\OldServer-User”
    $file = $file -replace “\\\\OldServer\\Department”,”\\contoso.com\\OldServer-Department”
    $file = $file -replace “\\\\OldServer.contoso.com\\Department”,”\\contoso.com\OldServer-Departmentt”
    $file = $file -replace “\\\\OldServer\\GDrive”,”\\contoso.com\OldServer-GDrive”
    $file = $file -replace “\\\\OldServer\\FDrive”,”\\contoso.com\OldServer-FDrive”
    $file = $file -replace “\\\\OldServer\\HDrive”,”\\contoso.com\OldServer-HDrive”
    $file = $file -replace “\\\\OldServer\\Share2\$”,”\\contoso.com\OldServer-Share2$”
    
#comment out any net time statements, if they exist
    $file = $file -replace “^net time”,”REM net time”
    
#write out the changes
    Set-Content -Value $file -Path $_;
    Write-Host $_.Name
    write-host $file
    Write-Host “”
    $FilesAltered++
   }
$FilesProcessed++
}
Write-Host $FilesAltered ” altered out of a total of” $FilesProcessed “files processed.” 
 

Comments are welcomed.

==================================================================

Summary

I hope this helps!

Published 9/9/2015

Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP – Directory Services

clip_image002622 clip_image004622 clip_image006622 clip_image008622 clip_image010622 clip_image012622 clip_image014622

Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Get-QADGroupMember to CSV

Prologue

Ace Fekay here again.

You might say to yourself this is some really simple stuff. Sure, it might be, for the pro. As many of you know, I’m an avid Active Directory and Exchange server engineer/architect, and an MVP in Active Directory.

Therefore with AD, Exchange, and Office 365, you will find that scripting comes into play more and more with your daily tasks.  The main reason I’m posting simple scripts is that to get the job done, I just needed an arsenal of simple quickie scripts when called upon a simple task, such as this one, when tasked to quickly get a list of users in a group.

I hope this, and my future scripts, especially with Office 365, help you out.

Scope

I needed to get a user membership list from a global group called, “Marketing Dept,” into a CSV. Group scope doesn’t matter. I just need a list of the members because the share owner that the group is controlling access, needed a list to ensure that it’s current and to clean up any disabled accounts from users that have left the company.

And yes, this is simple stuff. The main reason I’m posting this, and I will be posting much more, including Office 365 scripts, is that I had to look it up and there is no one place to get all of this at the simple level. All I see are elaborate scripts that do more than what I needed. Hence, my posts.

 

I usually kick it off with a get-credential because I run this from my workstation logged on with my non-admin account. And because I work in a multi-forest, multi domain environment, I must connect to the specific domain where the group exists.

Of course, we must add the PS Quest snap-in. In addition, I use the “-NoTypeInformation” switch to suppress the silly “Type” data that shows up in the output.

Code

get-credential
add-pssnapin Quest*
connect-qadservice domain2
Get-QADGroupMember “Marketing Dept” | Select-Object DisplayName,Name,AccountIsDisabled | Export-Csv c:\output\Domain2-MarketinDept.csv –NoTypeInformation

Comments are welcomed.

==================================================================

Summary

I hope this helps!

Published 8/17/2015

Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP – Directory Services

clip_image00262 clip_image00462 clip_image00662 clip_image00862 clip_image01062 clip_image01262 clip_image01462

Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

PowerShell: Getting AD groups of one User and Add them to a List of Other Users

Prologue

Ace here again. Yep, me again. I’ve been on the sidelines lately with a big mail migration, then changed roles to the AD and Windows management side of things.

Part of what I do is perform necessary file maintenance (FSRM, DFS, fileserver migration, etc.), and of course, respond to tickets for requests or issues.

One request that came in was for 16 new users that are to have identical group memberships as a current user. I looked at the group membership of the user in question and saw he was part of 11 or 12 groups. Hmm, and he wants this done for 16 users? I could sit there and add group to each user one at a time. Nah, too much work.

So I thought to try to do it programmatically, because who knows when this will come up again.

Script

It’s pretty straight forward.

#===========================================================================================
# This was created for a ticket request to mimic one user, SomeSamAccountUsername, group membership to add to a list of user accounts.
# By Ace Fekay 7/15/2015
#
# First, get a memberOf for SomeSamAccountUsername and save it to a file called c:\PSScripts\SomeSamAccountUsername-grouplist.txt
#     Run Get-QADMemberOf SomeSamAccountUsername
#
#     Copy and paste the output from the screen to the file
#     In the file, keep the DN values and delete everything else.
#
# Second, get a list of the user accounts that you want adjusted from the ticket owner
#     Then save the list in another text file called c:\PSscripts\Usernames.txt
#     Prefix the user accounts with the domain name, such as philly\username
#
# Third, read the first user in the list, then add the groups to that user, then read the next user in the list, repeat.
#===========================================================================================

# The next line adds all of the Quest tools.

Add-PSSnapIn Quest *
Get-QADMemberOf SomeSamAccountUsername

#===========================================================================================
# Sample output from Get-QADMemberOf SomeSamAccountUsername:
#===========================================================================================
#
#Name                           Type            DN                                                                                                            
##
#Domain Users                   group           CN=Domain Users,OU=IT,DC=philly,DC=contoso,DC=com                                                       
#Deployment Technician          group           CN=Deployment Technician,OU=IT,DC=philly,DC=contoso,DC=com                                         
#Desktop-Technician             group           CN=Desktop-Technician,OU=IT,DC=philly,DC=contoso,DC=com                                                     
#AddComputerToDomain            group           CN=AddComputerToDomain,OU=IT,DC=philly,DC=contoso,DC=com                                               
#Vendor-A-contractors           group           CN=Vendor-A-contractors,OU=IT,DC=philly,DC=contoso,DC=com                                               
#General-Group                  group           CN=General-Group,OU=IT,DC=philly,DC=contoso,DC=com                                                            
#Wireless-Users                 group           CN=Wireless-Users,OU=IT,DC=philly,DC=contoso,DC=com                                                
#Group-B                        group           CN=Group-B,OU=IT,DC=philly,DC=contoso,DC=com                                                                
#IT-Staff                       group           CN=IT-Staff,OU=IT,DC=philly,DC=contoso,DC=com                                                      
#IT-Admins                      group           CN=IT-Admins,OU=IT,DC=philly,DC=contoso,DC=com                                                     
#IT-Technicians                 group           CN=IT-Technicianss,OU=IT,DC=philly,DC=contoso,DC=com                                                   
#Client-Support                 group           CN=Client-Support,OU=IT,DC=philly,DC=contoso,DC=com   

# #=================================================================================================
# Sample of what C:\PSScripts\groupmembership\SomeSamAccountUsername-grouplist.txt  will look like:
# #=================================================================================================
# CN=Domain Users,OU=IT,DC=philly,DC=contoso,DC=com                                                       
# CN=Deployment Technician,OU=IT,DC=philly,DC=contoso,DC=com                                         
# CN=Desktop-Technician,OU=IT,DC=philly,DC=contoso,DC=com                                                     
# CN=AddComputerToDomain,OU=IT,DC=philly,DC=contoso,DC=com                                               
# CN=Vendor-A-contractors,OU=IT,DC=philly,DC=contoso,DC=com                                               
# CN=General-Group,OU=IT,DC=philly,DC=contoso,DC=com                                                            
# CN=Wireless-Users,OU=IT,DC=philly,DC=contoso,DC=com                                                
# CN=Group-B,OU=IT,DC=philly,DC=contoso,DC=com                                                                
# CN=IT-Staff,OU=IT,DC=philly,DC=contoso,DC=com                                                      
# CN=IT-Admins,OU=IT,DC=philly,DC=contoso,DC=com                                                     
# CN=IT-Technicians,OU=IT,DC=philly,DC=contoso,DC=com                                                   
# CN=Client-Support,OU=IT,DC=philly,DC=contoso,DC=com  
#=================================================================================================

#===========================================================================================
# Sample of what C:\PSScripts\groupmembership\List-Of-Usernames.txt username list will look like:
#==========================================================================================
# philly\username1
# philly\username2
# philly\username3
# philly\username4
# philly\username5
# philly\username6
# philly\username7
# philly\username8
# philly\username9
# philly\username10
# philly\username11
# philly\username12
# philly\username13
# philly\username14
# philly\username15
# philly\username16
#==========================================================================================

$GroupList = get-content C:\PSScripts\groupmembership\SomeSamAccountUsername-grouplist.txt 
$UsernameList = get-content C:\PSScripts\groupmembership\List-Of-Usernames.txt

# Now pull in each user one a time:
Foreach ($Username in $UsernameList)
{
 
# Now pull in each group one at a time and add them to the user
   Foreach ($Group in $GroupList)
  
# Add the group to the user 
    {
    Add-QADGroupMember  -Identity $Group -Member $Username
   
# Write out on the screen what username is and what group they were added to:
    write-host $Username “has been added to ” $Group
   
# Repeat for next group until all groups are done.
   }
  
# Repeat for the next user
}
#===========================================================================================
# That’s it!
#===========================================================================================

 

 

Summary

I hope this helps!

Published 7/27/2015

Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP – Directory Services

clip_image00262 clip_image00462 clip_image00662 clip_image00862 clip_image01062 clip_image01262 clip_image01462

Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This posting is provided AS-IS with no warranties or guarantees and confers no rights.