Thursday, July 25, 2013

Active Directory - Find Difference Between Group Membership For User

While getting access transferred from one user to another, you may need to know how the group memberships are different between two users.
Import-Module ActiveDirectory

$leaving = Get-ADUser -Identity John.Doe -Properties memberof | select -expand memberof
$promoted = Get-ADUser -Identity Michael.West -Properties memberof | select -expand memberof

Compare-Object -ReferenceObject $promoted -DifferenceObject $leaving

Tuesday, July 23, 2013

PowerShell Bible Scripture Function

I've been meaning to put this together for a while and just now got around to doing it. Here's a short function that calls the Bible.org Api for Bible scriptures. One idea I had was to plug this into my profile so that I could replace the Microsoft log with a scripture.
 
function Get-BibleVerse {
    <#
        .SYNOPSIS
            Calls the bible.org api and returns the specified scriptures.

        .DESCRIPTION
            Calls the bible.org api to return the specified book-chapter-verse,
            random verse, or verse of the day.

        .PARAMETER Random
            Indicates the scripture returned should be random.

        .PARAMETER VerseOfTheDay
            Indicates the scripture returned should be the verse of the day.

        .PARAMETER Book
            Indicates the book to return, such as Matthew, Marke, Luke, or John.

        .EXAMPLE
            PS C:\> Get-BibleVerse -Random

        .EXAMPLE
            PS C:\> Get-BibleVerse -VerseOfTheDay -Type Json -Formatting Plain

        .EXAMPLE
            PS C:\> Get-BibleVerse -Book Ephesians -Chapter 5 -Verse 25 -Type Json

        .NOTES
            Michael West
            07.23.2013
            http://michaellwest.blogspot.com

        .LINK
            http://labs.bible.org/api_web_service
    #>
    [CmdletBinding(DefaultParameterSetName="Default")]
    param(
        [Parameter(ParameterSetName="Random")]
        [switch]$Random,

        [Parameter(ParameterSetName="Votd")]
        [switch]$VerseOfTheDay,

        [Parameter(ParameterSetName="Default")]
        [ValidateNotNullOrEmpty()]
        [string]$Book="Genesis",
        
        [Parameter(ParameterSetName="Default")]
        [ValidateScript({$_ -gt 0})]
        [int]$Chapter = 1,

        [Parameter(ParameterSetName="Default")]
        [ValidateScript({$_ -gt -1})]
        [int]$Verse=1,

        [ValidateSet("Json","Xml","Text")]
        [string]$Type="Text",

        [ValidateSet("Full","Para","Plain")]
        [string]$Formatting="Plain"
    )

    $url = "http://labs.bible.org/api/?passage="

    if($PSCmdlet.ParameterSetName -eq "Votd") {
        $url += "votd"
    } elseif ($PSCmdlet.ParameterSetName -eq "Random") {
        $url += "random"
    } else {
        $url += "$($Book)+$($Chapter)"
        if($Verse) {
            $url += ":$($Verse)"
        }
    }
    $url += "&type=$($Type)&formatting=$($Formatting)"
    $url = $url.ToLower()

    $result = Invoke-WebRequest -Uri $url
    if($result) {
        $result.Content
    }
}
 
Update 07.24.2013 Add this to your profile to get the verse of the day.
    $scripture = (Get-BibleVerse -VerseOfTheDay -Type Json | ConvertFrom-Json)[0]
    "$($scripture.bookname) $($scripture.chapter):$($scripture.verse) $($scripture.text)"

Thursday, July 18, 2013

Add Users to AD Group Using First Initial

Today at work we had a need to add users to specific Active Directory groups based on the first letter of the first name. We'll be using a plain text file as an example for the list of Active Directory identities. Save the following text into a file called names.txt:
John.Doe
Jane.Doe
Jane.Smith
Then you will need to run this in the PowerShell ISE.
Import-Module ActiveDirectory

# Each row of the text file will be consider one object. The object being the Active Directory identity (SamAccountName).
$names = Get-Content c:\names.txt

# Set this to $false when you are ready to make the changes.
$whatIf = $true

foreach ($name in $names) {
    $user = Get-ADUser -Filter { SamAccountName -eq $name } -Properties MemberOf
    if($user) {
        # The groups object will contain a list of Active Directory groups by their distinguished name. 
        # (i.e. CN=GroupName_A-C,OU=Groups,OU=Company,DC=pri,DC=company,DC=com)
        $groups = $user | Select-Object -ExpandProperty MemberOf
        if(-not ($groups -like 'CN=GroupName_*')) {
            $groupName = ''
            switch -Regex($user.SamAccountName[0]) {
                # Match the first letter as a, b, or c.
                "[a-c]" { $groupName = 'GroupName_A-C' }
                # Match the first letter as d, e, f, or g.
                "[d-g]" { $groupName = 'GroupName_D-G' }
                "[h-k]" { $groupName = 'GroupName_H-K' }
                "[l-q]" { $groupName = 'GroupName_L-Q' }
                "[r-t]" { $groupName = 'GroupName_R-T' }
                "[u-z]" { $groupName = 'GroupName_U-Z' }
            }

            if($groupName) {
                "Adding $($user.SamAccountName) to the group $($groupName)"
                Add-ADGroupMember -Identity $groupName -Members $user.SamAccountName -WhatIf:$whatIf
            }
        } else {
            "Skipping $($user.SamAccountName) because they are already in the group $($groupName)"
        }
    } else {
        "$($name) does not exist"
    }
}

Monday, July 8, 2013

PoweShell Script Module

I put together a PowerShell Script Module some time ago and thought I would make it available for others. Hope it helps give you some ideas on creating your own. Click for more details.