Richard Siddaway's Blog

Deal of the Day July 19: Half off my book Learn Active Directory Management in a Month of Lunches. Use code dotd071916au at http://bit.ly/2a8jroO

For more information on Manning’s Deal of the Day see -  https://www.manning.com/dotd.

Manning are offering 40% off everything – print & ebooks – www.manning.com. They have a very extensive set of PowerShell books – now would be the time to add to your collection

I had a question left on my blog about renaming all of the user accounts in an OU had their name changed to match the display name.  I started by creating a few dummy accounts:

PS s> Get-ADUser -Filter * -SearchBase "OU=Test,DC=Sphinx,DC=org"  -Properties DisplayName | Format-Table DisplayName, Name -AutoSize

DisplayName Name
———– —-
Green Fred  Fred Green
Green Jo    Jo Green
Green Dave  Dave Green

In the case of the first account the goal is to change the Name to match the display name.

One thing to be aware of with AD names – NEVER, NEVER, NEVER and I mean NEVER use a comma between the first and last parts of the name.

So

CN=Fred Green,OU=Test,DC=sphinx,DC=org

is good

CN=Green Fred,OU=Test,DC=sphinx,DC=org

is good

CN=Green, Fred,OU=Test,DC=sphinx,DC=org

is BAD, BAD, BAD.

The reason is that the comma is a delimiter between the parts of the distinguished name. LDAP doesn’t expect a comma between parts of an element so it errors.  You have to escape the comma so its treated as a literal character. I can guarantee that you will forget. Been there, done that & designed the T-Shirt.

Don’t use commas – its fair simpler and you’ll have less errors.

The only option to rename an object is to use Rename-ADObject

PS > Get-ADUser -Filter * -SearchBase "OU=Test,DC=Sphinx,DC=org"  -Properties DisplayName | foreach {Rename-ADObject -Identity $_.DistinguishedName -NewName $_.Displayname -PassThru}

You’ll get a display showing the new names.

If you want to check run the original test

PS > Get-ADUser -Filter * -SearchBase "OU=Test,DC=Sphinx,DC=org"  -Properties DisplayName | Format-Table DisplayName, Name -AutoSize

DisplayName Name
———– —-
Green Fred  Green Fred
Green Jo    Green Jo
Green Dave  Green Dave

Job done

Learn Active Directory Management in a MoL is 43% off through April 3, 2014 with code pbradm at www.manning.com/siddaway3/

In this post  http://richardspowershellblog.wordpress.com/2013/10/28/setting-ad-attributes-from-a-csv-file/

I showed how to modify the user’s home folder setting in Active Directory.

A comment was recently left asking about automatically creating the folder on the fileserver and creating the share that is associated with it.

This isn’t a simple exercise – you will need a script to:

You can create the folder using New-Item

New-Item -Path c:\test -Name anyolduser -Type Directory

You can share it

$max = [uint32]5

$type = [uint32]0

Invoke-CimMethod -ClassName Win32_Share -MethodName Create -Arguments @{Name=’anyolduser’; Path=’c:\test\anyolduser’;
Type=$type; MaximumAllowed=$max; Description=’anyolduser – homedrive’}

And then you have to set share and NTFS permissions according to your organization’s policies

The ebook – PDF format – for Learn AD Management in a Month of Lunches has been published – http://www.manning.com/siddaway3/

If you bought the ebook as part of your MEAP you should be able to down load it – you’ll get or have got an email with the link. The printed version is at the printers and will be available on 12 March.

If you want the ebook in Kindle or epub versiosn they will be available 20 March.

Enjoy.

I was recently asked if there was any way to fill in the LastLogoff timestamp

The short answer is no.  The values in the attributes related to logons are maintained by Active Directory during the logon process.

I wouldn’t want them to be programmable as that as would create a potential loop hole in my logging process.

As far as I can tell LastLogoff isn’t currently used in Active Directory though if you have access to the Exchange cmdlets you could use Get-mailboxStatistics to discover logon and loggoff times to the mailbox which would be close

A new version of the AD Migration Tool (ADMT) has been announced – http://blogs.technet.com/b/askds/archive/2013/12/13/an-update-for-admt-and-a-few-other-things-too.aspx

While not ready for download just yet at least we know its in the pipeline and supports the newer versions of Windows

The final MEAP for AD Management in a Month of Lunches has been released. The book is on a half price offer today so still time for a Christmas bargain if you’re quick

http://www.manning.com/siddaway3/

Deal of the Day December 11:

Half off my book Learn Active Directory Management in a Month of Lunches.

Use code dotd1211au at www.manning.com/siddaway3/

Also available:

Learn SQL Server Administration in a Month of Lunches (www.manning.com/jones5/)

Learn SCCM 2012 in a Month of Lunches (www.manning.com/bannan/)