Deal of the Day July 19: Half off my book Learn Active Directory Management in a Month of Lunches. Use code dotd071916au at http://bit.ly/2a8jroO
For more information on Manning’s Deal of the Day see - https://www.manning.com/dotd.
Deal of the Day July 19: Half off my book Learn Active Directory Management in a Month of Lunches. Use code dotd071916au at http://bit.ly/2a8jroO
For more information on Manning’s Deal of the Day see - https://www.manning.com/dotd.
Manning are offering 40% off everything – print & ebooks – www.manning.com. They have a very extensive set of PowerShell books – now would be the time to add to your collection
I had a question left on my blog about renaming all of the user accounts in an OU had their name changed to match the display name. I started by creating a few dummy accounts:
PS s> Get-ADUser -Filter * -SearchBase "OU=Test,DC=Sphinx,DC=org" -Properties DisplayName | Format-Table DisplayName, Name -AutoSize
DisplayName Name
———– —-
Green Fred Fred Green
Green Jo Jo Green
Green Dave Dave Green
In the case of the first account the goal is to change the Name to match the display name.
One thing to be aware of with AD names – NEVER, NEVER, NEVER and I mean NEVER use a comma between the first and last parts of the name.
So
CN=Fred Green,OU=Test,DC=sphinx,DC=org
is good
CN=Green Fred,OU=Test,DC=sphinx,DC=org
is good
CN=Green, Fred,OU=Test,DC=sphinx,DC=org
is BAD, BAD, BAD.
The reason is that the comma is a delimiter between the parts of the distinguished name. LDAP doesn’t expect a comma between parts of an element so it errors. You have to escape the comma so its treated as a literal character. I can guarantee that you will forget. Been there, done that & designed the T-Shirt.
Don’t use commas – its fair simpler and you’ll have less errors.
The only option to rename an object is to use Rename-ADObject
PS > Get-ADUser -Filter * -SearchBase "OU=Test,DC=Sphinx,DC=org" -Properties DisplayName | foreach {Rename-ADObject -Identity $_.DistinguishedName -NewName $_.Displayname -PassThru}
You’ll get a display showing the new names.
If you want to check run the original test
PS > Get-ADUser -Filter * -SearchBase "OU=Test,DC=Sphinx,DC=org" -Properties DisplayName | Format-Table DisplayName, Name -AutoSize
DisplayName Name
———– —-
Green Fred Green Fred
Green Jo Green Jo
Green Dave Green Dave
Job done
Learn Active Directory Management in a MoL is 43% off through April 3, 2014 with code pbradm at www.manning.com/siddaway3/
In this post http://richardspowershellblog.wordpress.com/2013/10/28/setting-ad-attributes-from-a-csv-file/
I showed how to modify the user’s home folder setting in Active Directory.
A comment was recently left asking about automatically creating the folder on the fileserver and creating the share that is associated with it.
This isn’t a simple exercise – you will need a script to:
You can create the folder using New-Item
New-Item -Path c:\test -Name anyolduser -Type Directory
You can share it
$max = [uint32]5
$type = [uint32]0
Invoke-CimMethod -ClassName Win32_Share -MethodName Create -Arguments @{Name=’anyolduser’; Path=’c:\test\anyolduser’;
Type=$type; MaximumAllowed=$max; Description=’anyolduser – homedrive’}
And then you have to set share and NTFS permissions according to your organization’s policies
The ebook – PDF format – for Learn AD Management in a Month of Lunches has been published – http://www.manning.com/siddaway3/
If you bought the ebook as part of your MEAP you should be able to down load it – you’ll get or have got an email with the link. The printed version is at the printers and will be available on 12 March.
If you want the ebook in Kindle or epub versiosn they will be available 20 March.
Enjoy.
I was recently asked if there was any way to fill in the LastLogoff timestamp
The short answer is no. The values in the attributes related to logons are maintained by Active Directory during the logon process.
I wouldn’t want them to be programmable as that as would create a potential loop hole in my logging process.
As far as I can tell LastLogoff isn’t currently used in Active Directory though if you have access to the Exchange cmdlets you could use Get-mailboxStatistics to discover logon and loggoff times to the mailbox which would be close
A new version of the AD Migration Tool (ADMT) has been announced – http://blogs.technet.com/b/askds/archive/2013/12/13/an-update-for-admt-and-a-few-other-things-too.aspx
While not ready for download just yet at least we know its in the pipeline and supports the newer versions of Windows
The final MEAP for AD Management in a Month of Lunches has been released. The book is on a half price offer today so still time for a Christmas bargain if you’re quick
Deal of the Day December 11:
Half off my book Learn Active Directory Management in a Month of Lunches.
Use code dotd1211au at www.manning.com/siddaway3/
Also available:
Learn SQL Server Administration in a Month of Lunches (www.manning.com/jones5/)
Learn SCCM 2012 in a Month of Lunches (www.manning.com/bannan/)