Archive for the ‘attributes’ tag
Populating Outlook forms with AD User Attributes
Did you ever want an Custom Outlook Form to automatically populate a Custom Outlook Field with the Active Directory .displayName of the logged on user?
The code below populates the custom Outlook Fields “LOUDisplay”,”LOUGivenName”,”LOUSN” upon the creation of the Form.
This action does not repeat if the item is re-opened. This is restricted because the code is initiated only when the Item_Open() event occurs and Item.size = “0″ or newly generated. You will have to add this code in the Visual Basic part of the Custom Form.
Function Item_Open() If Item.Size = "0" Then 'Item is New Set objSysInfo = CreateObject("ADSystemInfo") objUser = objSysInfo.UserName Set ADOUser = GetObject("LDAP://"&objUser) StrDisplayName = ADOUser.displayName StrGivenName = ADOUser.givenName StrSN = ADOUser.SN Item.UserProperties("LOUDisplay") = StrDisplayName Item.UserProperties("LOUGivenName") = StrGivenName Item.UserProperties("LOUSN") = StrSN Else 'Item Exists End If End Function
If you want any other properties for the logged on user accessing the Form just add to the fields pulled from ADUser and link to the required custom field.
Hope this helps.
All information is provided on an AS-IS basis, with no warranties and confers no rights.
Quest Get-QADUser – All User Attributes
This article is part of a series of articles on the Quest Active Roles Management Shell and the CmdLets that are included in that.
Previously:
Getting Started
Get-QADGroup
The Get-QADUser CmdLet from Quest Tools can be used to return attributes back from your AD directory on a specific user object and place them in the local memory cache. The object returned by the CmdLet contains a pre-defined set of attributes. You can view or modify this default attribute set using the Get- or Set-QADPSSnapinSettings CmdLet. You can also change the returned attribute set on the returned object on an Ad-Hoc basis by using the -ExcludedProperties and -IncludedProperties parameters with the Get-QADUser CmdLet. One final option is the -IncludeAllProperties parameter, with this you can return all attributes of the user object and access them through the returned object in the memory cache.
So Examples,
The default attributes accessible in the returned object can be found here on page 39 in the “Quest Active Roles Management Shell for AD” guide.
Or enter this at the command line(With the Quest snap-in loaded)
Get-QADUser -Name accountname | Get-Member -MemberType Properties
To obtain all available attributes for a user object in your AD directory using the -IncludeAllProperties parameter.
Get-QADUser -Name accountname -IncludeAllProperties | Get-Member -MemberType Properties
Note: The above command will include all properties available in your AD directory in the returned user object, however when outputting the results to the cmdline the default attribute set controlled by the Get- or Set-QADPSSnapinSettings will prevail.
To see all user object attribute values
Get-QADUser -Name accountname -IncludeAllProperties | Format-List *
Export them to a .csv file
Get-QADUser -Name accountname -IncludeAllProperties | Export-CSV "C:\Scripts\UserDump.csv"
Including all properties(attributes) when you do not need them can add time to your executing code. I find it wise to minimize the data being queried and returned back whenever possible.
Using the above examples you can start to complete more complex user object queries.
For Example:
I would like to search for a user based on their SMTP address (.mail attribute) and then retrieve their set mailbox limits. The SMTP address or mail attribute is a standard attribute we can filter on using the -Email parameter. See here o n page 34 of the “Quest Active Roles Management Shell for AD” guide. The required returned object attribute of .mDBUseDefaults, .mDBStorageQuota and .mDBOoverQuotaLimit are not attributes cached by default in the returned object. To gain these attributes you need to include them in the returned object and specify them in the output pipe.
Get-QADUser -Email 'user@domain.com' -IncludedProperties mDBUseDefaults','mDBStorageQuota','mDBOoverQuotaLimit' | Format-List name,displayname,mDBUseDefaults,mDBStorageQuota,mDBOoverQuotaLimit
From this you should get back all the details of the user object specified in the Format-List command.
Hope this helps.
All information is provided on an AS-IS basis, with no warranties and confers no rights.
Quest AD Management Shell – Get-QADGroup
In my previous blog entry “Getting Started” I went over downloading and installing the Quest AD Management shell, registering the snapins and running some basic commands using the Get-QADUser CmdLet.
Today I will be looking at the Get-QADGroup CmdLet.
This allows easy access to Active Directory “Group” objects.
As before open a PowerShell Shell window and add in your snapins.
add-pssnapin Quest.ActiveRoles.ADManagementGetting the number of members in a group.
(Get-QADGroup "GroupName").members.count
Export out the members of a group to a formatted table including the name,displayname,mail(SMTP) and office for each member.
Function Get-MemberName() { Process { ForEach($Member In $_) { Get-QADUser –ObjectAttributes @{distinguishedName=$Member} } } } (Get-QADGroup "GroupName").members | Get-MemberName | Format-Table name,displayname,mail,office
I often have to clean up groups by looking for disabled users.
To do this you can just add the “accountisdisabled” property to the script above.
E.g.
(Get-QADGroup "GroupName").members | Get-MemberName | Format-Table name,displayname,mail,office,accountisdisabled
Export out the members of a group to a CSV file with all properties.
Function Get-MemberName() { Process { ForEach($Member In $_) { Get-QADUser –ObjectAttributes @{distinguishedName=$Member} } } } (Get-QADGroup "GroupName").members | Get-MemberName | Export-Csv "C:\GroupMembers.csv"
Above are some useful examples of using Quest AD CmdLets to enumerate Active Directory Group objects.
Hope this helps.
All information is provided on an AS-IS basis, with no warranties and confers no rights.
Converting .diasplayName to .cn User object attributes
I routinely have to populate Active Directory Email distribution lists from lists of employee full names. These list usually contain the “.displayName” of the user. A quick way to resolve this is to convert the “.displayName” of the user into the users common name or “.cn” attribute and cut/paste them into the distribution lists “Members” box. I put the list of users display names into a C:\Scripts\Users.txt file and the script will produce a list of .cn attribute in the C:\Scripts\ConvertedUsers.txt file.
All information is provided on an AS-IS basis, with no warranties and confers no rights.
