The scripts allow exporting properties of user and computer accounts in all domains managed by Adaxes to CSV files, editing them, and then importing back into Active Directory. The scripts uses 2 files, one file for users and one more for computers. For computers, only workstation computer accounts are included.
Script for exporting user and computer properties
This script can be used to export properties of all users and computers managed by Adaxes.
To be able to export properties, create a custom command configured for the Domain-DNS object type and run it on any of your AD domains.
Note: The selected domain does not limit the range of accounts included in the reports. It is used only to trigger the script.
Parameters:
- $usersSCVFilePath - Specifies a path to a CSV file that will contain properties of user accounts.
- $computersCSVFilePath - Specifies a path to a CSV file that will contain properties of computer accounts.
- $valueSeparator - Specifies a character that will be used to separate values of multi-valued properties in the CSV files.
PowerShell
$usersCSVFilePath = "\\Server\share\users.csv" # TODO: modify me
$computerCSVFilePath = "\\Server\share\computers.csv" # TODO: modify me
$valueSeparator = ";" # TODO: modify me
function BuildReport($filter, $properties)
{
# Search objects in all domains
$searcher = $Context.TargetObject
$searcher.SearchFilter = $filter
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SetPropertiesToLoad($properties)
$searcher.VirtualRoot = $True
try
{
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
foreach ($searchResult in $searchResults)
{
# Add object to report
$record = New-Object PSObject
foreach ($propertyName in $properties)
{
try
{
$value = $searchResult.GetPropertyByName($propertyName).Values -join $valueSeparator
}
catch
{
$value = $NULL
}
$record | Add-Member -MemberType NoteProperty -Name $propertyName -Value $value
}
$record
}
}
finally
{
$searchResultIterator.Dispose()
}
}
# Create CSV file for users
$userReport = BuildReport "(sAMAccountType=805306368)" @("telephoneNumber", "mobile", "ipPhone", "mail", "manager", "distinguishedName")
$userReport | Export-Csv -NoTypeInformation -Path $usersCSVFilePath
# Create CSV file for computers
$computerReport = BuildReport "(&(objectCategory=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=8192)))" @("managedBy", "distinguishedName")
$computerReport | Export-Csv -NoTypeInformation -Path $computerCSVFilePathScript for importing user and computer properties
This script can be used to import properties of users and computers from CSV files to Active Directory.
To be able to import properties, create a custom command configured for the Domain-DNS object type and run it on any of your AD domains.
Note: The selected domain does not limit the range of accounts included in the reports. It is used only to trigger the script.
Parameters:
- $usersSCVFilePath - Specifies a path to a CSV file that will contain properties of user accounts.
- $computersCSVFilePath - Specifies a path to a CSV file that will contain properties of computer accounts.
PowerShell
$usersCSVFilePath = "\\Server\share\users.csv" # TODO: modify me
$computerCSVFilePath = "\\Server\share\computers.csv" # TODO: modify me
function UpdateObjects($objects)
{
$propertiesToCheck = New-Object System.Collections.ArrayList
$objects[0].PSObject.Properties | %%{[void]$propertiesToCheck.Add($_.Name)}
$propertiesToCheck.Remove("distinguishedName")
foreach ($objectInfo in $objects)
{
# Bind to object
$objectDN = $objectInfo.distinguishedName
$object = $Context.BindToObjectByDN($objectDN)
# Update properties
foreach ($propertyName in $propertiesToCheck)
{
$value = $objectInfo."$propertyName"
if ([System.String]::IsNullOrEmpty($value))
{
$value = $NULL
}
$object.Put($propertyName, $value)
}
try
{
$object.SetInfo()
}
catch
{
$Context.LogMessage("An error occurred while updating the object '$objectDN'. Error: " + $_.Exception.Message, "Warning")
}
}
}
# Import users
if (Test-Path -Path $usersCSVFilePath)
{
[Object[]]$users = Import-Csv -Path $usersCSVFilePath
UpdateObjects $users
}
else
{
$Context.LogMessage("File '$usersCSVFilePath' was not found.", "Warning")
}
# Import computers
if (Test-Path -Path $computerCSVFilePath)
{
[Object[]]$computers = Import-Csv -Path $computerCSVFilePath
UpdateObjects $computers
}
else
{
$Context.LogMessage("File '$computerCSVFilePath' was not found.", "Warning")
}
Is there a way to narrow down the search to specific OU(s)? Currently the script is setup to export all objects in the domain.
Regards,
Jed
Yes, it is possible. To achieve the desired, do the following:
with the following:
For your information, instead of using the script, you can use the built-in All users (by default located in container Reports\All Reports\Users) and All computers (by default located in container Reports\All Reports\Computers) built-in reports. For information on how to schedule reports, have a look at the following tutorial:https://www.adaxes.com/tutorials_ActiveDirectoryManagement_ScheduleReports.htm.
$userReport = BuildReport "(sAMAccountType=805306368)" @("telephoneNumber", "mobile", "ipPhone", "mail", "manager", "distinguishedName", "directreports")
When looking at the exported file each user that has more than one direct report only lists one direct report and the rest of the users are missing.
I noticed this same behavior when trying to export Direct Reports for a user using PowerShell.
Add-Content -path "username.txt" -Value 'Direct Reports: %directReports% '
This does the same thing where it's only listing 1 direct report even though the user it was ran on has more than one direct report.
how can we list all direct reports for a user?
Currently, this behavior is expected for multi-valued properties. We will update the script accordingly and get back to you right away.
Thank you for your patience. We updated the script accordingly. Pay attention, that a new variable ($valueSeparator) was added.