Script Repository


Export and import user and computer properties

July 27, 2022
2917

The scripts allow exporting properties of user and computer accounts in all domains managed by Adaxes to CSV files, editing them, and then importing back into Active Directory. The scripts uses 2 files, one file for users and one more for computers. For computers, only workstation computer accounts are included.

Script for exporting user and computer properties

This script can be used to export properties of all users and computers managed by Adaxes.

To be able to export properties, create a custom command configured for the Domain-DNS object type and run it on any of your AD domains.

Note: The selected domain does not limit the range of accounts included in the reports. It is used only to trigger the script.

Parameters:

  • $usersSCVFilePath - Specifies a path to a CSV file that will contain properties of user accounts.
  • $computersCSVFilePath - Specifies a path to a CSV file that will contain properties of computer accounts.
  • $valueSeparator - Specifies a character that will be used to separate values of multi-valued properties in the CSV files.
Edit Remove
PowerShell
$usersCSVFilePath = "\\Server\share\users.csv" # TODO: modify me
$computerCSVFilePath = "\\Server\share\computers.csv" # TODO: modify me
$valueSeparator = ";" # TODO: modify me

function BuildReport($filter, $properties)
{
    # Search objects in all domains
    $searcher = $Context.TargetObject
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.SetPropertiesToLoad($properties)
    $searcher.VirtualRoot = $True
    
    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
        
        foreach ($searchResult in $searchResults)
        {
            # Add object to report
            $record = New-Object PSObject
            foreach ($propertyName in $properties)
            {
                try
                {
                    $value = $searchResult.GetPropertyByName($propertyName).Values -join $valueSeparator
                }
                catch
                {
                    $value = $NULL
                }
                $record | Add-Member -MemberType NoteProperty -Name $propertyName -Value $value
            }
            $record
        }
    }
    finally
    {
        $searchResultIterator.Dispose()
    }
}

# Create CSV file for users
$userReport = BuildReport "(sAMAccountType=805306368)" @("telephoneNumber", "mobile", "ipPhone", "mail", "manager", "distinguishedName")
$userReport | Export-Csv -NoTypeInformation -Path $usersCSVFilePath

# Create CSV file for computers
$computerReport = BuildReport "(&(objectCategory=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=8192)))" @("managedBy", "distinguishedName")
$computerReport | Export-Csv -NoTypeInformation -Path $computerCSVFilePath

Script for importing user and computer properties

This script can be used to import properties of users and computers from CSV files to Active Directory.

To be able to import properties, create a custom command configured for the Domain-DNS object type and run it on any of your AD domains.

Note: The selected domain does not limit the range of accounts included in the reports. It is used only to trigger the script.

Parameters:

  • $usersSCVFilePath - Specifies a path to a CSV file that will contain properties of user accounts.
  • $computersCSVFilePath - Specifies a path to a CSV file that will contain properties of computer accounts.
Edit Remove
PowerShell
$usersCSVFilePath = "\\Server\share\users.csv" # TODO: modify me
$computerCSVFilePath = "\\Server\share\computers.csv" # TODO: modify me

function UpdateObjects($objects)
{
    $propertiesToCheck = New-Object System.Collections.ArrayList
    $objects[0].PSObject.Properties | %%{[void]$propertiesToCheck.Add($_.Name)}
    $propertiesToCheck.Remove("distinguishedName")
    
    foreach ($objectInfo in $objects)
    {
        # Bind to object
        $objectDN = $objectInfo.distinguishedName
        $object = $Context.BindToObjectByDN($objectDN)
        
        # Update properties
        foreach ($propertyName in $propertiesToCheck)
        {
            $value = $objectInfo."$propertyName"
            if ([System.String]::IsNullOrEmpty($value))
            {
                $value = $NULL
            }
            $object.Put($propertyName, $value)
        }
        
        try
        {
            $object.SetInfo()
        }
        catch
        {
            $Context.LogMessage("An error occurred while updating the object '$objectDN'. Error: " + $_.Exception.Message, "Warning")
        }
    }
}

# Import users
if (Test-Path -Path $usersCSVFilePath)
{
    [Object[]]$users = Import-Csv -Path $usersCSVFilePath
    UpdateObjects $users
}
else
{
    $Context.LogMessage("File '$usersCSVFilePath' was not found.", "Warning")
}

# Import computers
if (Test-Path -Path $computerCSVFilePath)
{
    [Object[]]$computers = Import-Csv -Path $computerCSVFilePath
    UpdateObjects $computers
}
else
{
    $Context.LogMessage("File '$computerCSVFilePath' was not found.", "Warning")
}

Comments ( 5 )
avatar
Jed
Sep 29, 2021
Hello,
Is there a way to narrow down the search to specific OU(s)? Currently the script is setup to export all objects in the domain.

Regards,
Jed
avatar
Support
Sep 30, 2021
Hello Jed,

Yes, it is possible. To achieve the desired, do the following:
  1. Replace this line in the script

    Edit Remove
    PowerShell
    $searcher = $Context.BindToObject("Adaxes://rootDSE")

    with the following:

    Edit Remove
    PowerShell
    $searcher = $Context.BindToObject("Adaxes://%distinguishedName%")
  2. Execute the script in a business rule, custom command or scheduled task configured for the Organizational Unit object type.
  3. In case of a business rule or scheduled task, the Activity Scope must include the OU itself (This object only), not its subtree.

For your information, instead of using the script, you can use the built-in All users (by default located in container Reports\All Reports\Users) and All computers (by default located in container Reports\All Reports\Computers) built-in reports. For information on how to schedule reports, have a look at the following tutorial:https://www.adaxes.com/tutorials_ActiveDirectoryManagement_ScheduleReports.htm.
avatar
Dylan
Dec 28, 2021
I want to use this to export data on users. I edited line 38 to include Direct Reports for users.

$userReport = BuildReport "(sAMAccountType=805306368)" @("telephoneNumber", "mobile", "ipPhone", "mail", "manager", "distinguishedName", "directreports")

When looking at the exported file each user that has more than one direct report only lists one direct report and the rest of the users are missing.

I noticed this same behavior when trying to export Direct Reports for a user using PowerShell.

Add-Content -path "username.txt" -Value 'Direct Reports: %directReports% '

This does the same thing where it's only listing 1 direct report even though the user it was ran on has more than one direct report.

how can we list all direct reports for a user?
avatar
Support
Dec 28, 2021
Hello Dylan,

Currently, this behavior is expected for multi-valued properties. We will update the script accordingly and get back to you right away.
avatar
Support
Jan 04, 2022
Hello Dylan,

Thank you for your patience. We updated the script accordingly. Pay attention, that a new variable ($valueSeparator) was added.
Leave a comment