AdvancedADManagement.psm1
|
Function Get-DomainUser{ <# .SYNOPSIS Get information about a user account .PARAMETER User The user account to gather information for Accepts wildcards .EXAMPLE Get-DomainUser -User jsmith* Finds all users that start with jsmith .NOTES Contact: Contact@mosaicMK.com Version 1.0.1 .LINK https://www.mosaicmk.com #> [CmdletBinding()] Param( [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName)] [Alias("Name","AccountName","UserAccount","UserName","User")] $SamAccountName ) process{ $DMUser = Get-ADUser -filter {SamAccountName -like $SamAccountName} -Properties * Foreach ($item in $DMUser){ $DomainUser = New-Object -TypeName psobject $DomainUser | Add-Member -MemberType NoteProperty -Name DisplayName -Value $Item.DisplayName $DomainUser | Add-Member -MemberType NoteProperty -Name SamAccountName -Value $Item.SamAccountName $DomainUser | Add-Member -MemberType NoteProperty -Name CanonicalName -Value $Item.CanonicalName $DomainUser | Add-Member -MemberType NoteProperty -Name EmailAddress -Value $Item.EmailAddress $DomainUser | Add-Member -MemberType NoteProperty -Name Initials -Value $Item.Initials $DomainUser | Add-Member -MemberType NoteProperty -Name DateCreated -Value $Item.whenCreated $DomainUser | Add-Member -MemberType NoteProperty -Name LastLogonDate -Value $item.LastLogonDate $DomainUser | Add-Member -MemberType NoteProperty -Name PasswordExpired -Value $item.PasswordExpired $DomainUser | Add-Member -MemberType NoteProperty -Name PasswordLastSet -Value $Item.PasswordLastSet $DomainUser | Add-Member -MemberType NoteProperty -Name PasswordNeverExpires -Value $Item.PasswordNeverExpires $DomainUser | Add-Member -MemberType NoteProperty -Name PasswordNotRequired -Value $Item.PasswordNotRequired $DomainUser | Add-Member -MemberType NoteProperty -Name LockedOut -Value $Item.LockedOut $DomainUser | Add-Member -MemberType NoteProperty -Name badPwdCount -Value $Item.badPwdCount $DomainUser | Add-Member -MemberType NoteProperty -Name LastChanged -Value $item.WhenChanged $DomainUser | Add-Member -MemberType NoteProperty -Name DistinguishedName $item.DistinguishedName $DomainUser | Add-Member -MemberType NoteProperty -Name Description -Value $item.Description $DomainUser | Add-Member -MemberType NoteProperty -Name AccountExpirationDate -Value $item.AccountExpirationDate $DomainUser | Add-Member -MemberType NoteProperty -Name UserPrincipalName -$item.UserPrincipalName $DomainUser } } } Function Unlock-DomainUser{ <# .SYNOPSIS unlocks a user account .PARAMETER SamAccountName the samaccount of the user .NOTES Contact: Contact@mosaicMK.com Version 1.0.1 .LINK https://www.mosaicmk.com #> Param( [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName)] [Alias("Name","AccountName","UserAccount","UserName","User")] $SamAccountName ) Process{Unlock-ADAccount $SamAccountName} } Function Reset-DomainUserPassword{ <# .SYNOPSIS Resets the the password for a user account .PARAMETER Samaccountname the samaccount of the user .PARAMETER Password the password you want to set for the user .PARAMETER DontChangePasswordAtLogin use this switch if the user is to not change there password on the next login .NOTES Contact: Contact@mosaicMK.com Version 1.0.1 .LINK https://www.mosaicmk.com #> [CmdletBinding()] Param( [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName)] [Alias("Name","AccountName","UserAccount","UserName","User")] $SamAccountName, [string]$Password, [switch]$DontChangePasswordAtLogin ) Process{ If ($Password) { $Value = $Password | ConvertTo-SecureString -AsPlainText -Force Set-ADAccountPassword -Identity $SamAccountName -Reset -NewPassword $Value } IF (!($Password)){Set-ADAccountPassword -Identity $SamAccountName -Reset} IF ($DontChangePasswordAtLogin) {Set-ADUser -Identity $SamAccountName -ChangePasswordAtLogon $false} IF (!($DontChangePasswordAtLogin)){Set-ADUser -Identity $SamAccountName -ChangePasswordAtLogon $True} $Value = $null $Password = $null } } function Get-DomainUserGroupMembership { <# .SYNOPSIS Gets the groups the user is a member of .PARAMETER Samaccountname the samaccount of the user .NOTES Contact: Contact@mosaicMK.com Version 1.0.1 .LINK https://www.mosaicmk.com #> [CmdletBinding()] param( [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName)] [Alias("Name","AccountName","UserAccount","UserName","User")] [string]$SamAccountName ) Process{ $Groups = (Get-Aduser $SamAccountName -Properties *).MemberOf $AllObjects = @() foreach ($item in $Groups) { $GroupName = Get-ADGroup "$item" -Properties * $DGroup = $GroupName.cn | Out-String | ForEach-Object {$_.Trim()} $AllObjects += [pscustomobject]@{GroupName = $DGroup} } $AllObjects } } Function Get-DomainGroupMembers{ <# .SYNOPSIS Gets gets the members of a domain group .PARAMETER GroupName Name of the group to the members of .NOTES Contact: Contact@mosaicMK.com Version 1.0.1 .LINK https://www.mosaicmk.com #> [CmdletBinding()] param( [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName)] [Alias("Name","Group","DomainGroupName","DomainGroup")] $GroupName ) process{ $Objects = Get-ADGroupMember $GroupName foreach ($Object in $Objects){ $DCObject = New-Object -TypeName psobject $DCObject | Add-Member -MemberType NoteProperty -Name Name -Value $Object.Name $DCObject | Add-Member -MemberType NoteProperty -Name ObjectClass -Value $Object.ObjectClass $DCObject | Add-Member -MemberType NoteProperty -Name SamAccountName -Value $Object.SamAccountName $DCObject } } } function Get-DomainGroup { <# .SYNOPSIS Gets inforamtion about a group .PARAMETER Samaccountname Name of the group you want to gether information for .NOTES Contact: Contact@mosaicMK.com Version 1.0.1 .LINK https://www.mosaicmk.com #> [CmdletBinding()] param ( [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName)] [Alias("Name","Group","DomainGroupName","DomainGroup")] [string]$GroupName ) Process{ $Group = Get-ADGroup -Filter {CN -like $GroupName} -Properties * Foreach ($Item in $Group){ $DGroup = New-Object -TypeName psobject $DGroup | Add-Member -MemberType NoteProperty -Name GroupName -Value $Item.CN $DGroup | Add-Member -MemberType NoteProperty -Name CononicalName -Value $Item.CanonicalName $DGroup | Add-Member -MemberType NoteProperty -Name DistinguishedName -Value $Item.DistinguishedName $DGroup | Add-Member -MemberType NoteProperty -Name DateCreated -Value $Item.whenCreated $DGroup | Add-Member -MemberType NoteProperty -Name DateModified -Value $Item.WhenChanged $DGroup | Add-Member -MemberType NoteProperty -Name Type -Value $Item.GroupCategory $DGroup | Add-Member -MemberType NoteProperty -Name Scope -Value $Item.GroupScope $DGroup } } } Function Get-DomainComputer{ <# .SYNOPSIS Gets a domain computer .PARAMETER ComputerName Name of the computer to get .NOTES Contact: Contact@mosaicMK.com Version 1.0.0 .LINK https://www.mosaicmk.com #> [CmdletBinding()] param ( [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName)] [Alias("Name","DeviceName","Computer","Device")] [string]$ComputerName ) Process{ $Device = Get-ADComputer -filter {name -like $ComputerName} -Properties * Foreach ($item in $Device){ $DDevice = New-Object -TypeName psobject $DDevice | Add-Member -MemberType NoteProperty -Name ComputerName -Value $item.Name $DDevice | Add-Member -MemberType NoteProperty -Name Description -Value $item.Description $DDevice | Add-Member -MemberType NoteProperty -Name CanonicalName -Value $item.CanonicalName $DDevice | Add-Member -MemberType NoteProperty -Name DistinguishedName -Value $item.DistinguishedName $DDevice | Add-Member -MemberType NoteProperty -Name DateCreated -Value $item.Created $BitLockerObjects = (Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase $item.DistinguishedName -Properties 'msFVE-RecoveryPassword').'msFVE-RecoveryPassword' $DDevice | Add-Member -MemberType NoteProperty -Name BitLockerRecoveryPassword -Value $BitLockerObjects $DDevice } } } function Get-DomainComputerGroupMembership { <# .SYNOPSIS Gets the groups the computer is a member of .PARAMETER ComputerName Name of the computer .NOTES Contact: Contact@mosaicMK.com Version 1.0.0 .LINK https://www.mosaicmk.com #> [CmdletBinding()] param ( [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName)] [Alias("Name","DeviceName","Computer","Device")] [string]$ComputerName ) Process{ $Groups = (Get-ADComputer -Filter {name -like $ComputerName} -Properties *).MemberOf $AllObjects = @() foreach ($item in $Groups) { $GroupName = Get-ADGroup "$item" -Properties * $DGroup = $GroupName.cn | Out-String $DGroup = $DGroup.Trim() $AllObjects += [pscustomobject]@{GroupName = $DGroup} } $AllObjects } } Function Get-ADObjectInfo { <# .SYNOPSIS gets info about an ad object .PARAMETER Object Name of the object .NOTES Contact: Contact@mosaicMK.com Version 1.0.0 .LINK https://www.mosaicmk.com #> param ( [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName)] [Alias("Name","DeviceName","Computer","Device","AccountName","UserAccount","UserName","User","SamAccountName")] [string]$Object ) Process{ $IL = Get-ADObject -Filter {Name -like $Object} -Properties * IF ($IL -eq $null){$IL = Get-ADObject -Filter {sAMAccountName -like $Object} -Properties *} foreach ($item in $IL){ IF ($item.ObjectClass -eq "computer"){Get-DomainComputer -ComputerName $item.name} IF ($item.ObjectClass -eq "User"){Get-DomainUser -SamAccountname $item.sAMAccountName} IF ($item.ObjectClass -eq "group"){Get-DomainGroup -GroupName $item.name} IF ($item.ObjectClass -eq "organizationalUnit"){Get-DomainOU -OU $item.name} } } } Function Get-DomainOU { <# .SYNOPSIS gets .PARAMETER ComputerName Name of the computer .NOTES Contact: Contact@mosaicMK.com Version 1.0.0 .LINK https://www.mosaicmk.com #> param ( [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName)] [Alias("Name")] [string]$OU ) Process{Get-ADOrganizationalUnit -Filter {Name -like $OU}} } # In dev # Function Remove-DomainObject { # <# # .SYNOPSIS # gets # PARAMETER ComputerName # Name of the computer # .NOTES # Contact: Contact@mosaicMK.com # Version 1.0.0 # .LINK # https://www.mosaicmk.com # #> # param ( # [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName)] # [Alias("Name","DeviceName","Computer","Device","AccountName","UserAccount","UserName","User","SamAccountName")] # [string]$Object # ) # Process{ # $IL = Get-ADObject -Filter {Name -like $Object} -Properties * # IF ($IL -eq $null){$IL = Get-ADObject -Filter {sAMAccountName -like $Object} -Properties *} # $DCs = (Get-ADDomain).ReplicaDirectoryServers # foreach ($item in $IL){ # IF ($item.ObjectClass -eq "computer"){ # } # IF ($item.ObjectClass -eq "User"){ # } # IF ($item.ObjectClass -eq "group"){} # IF ($item.ObjectClass -eq "organizationalUnit"){ # } # } # } # } Function Copy-ADGroupMembership{ <# .SYNOPSIS Copy user group membership from one user to another .DESCRIPTION Gets the group membership of one user and a user to eac group .NOTES Contact: Contact@mosaicMK.com Version 1.0.0 .LINK https://www.mosaicmk.com #> PARAM( [Parameter(Mandatory=$True)] [string]$UserCopyFrom, [Parameter(Mandatory=$True)] [string]$UserCopyTo ) $Groups = (Get-ADUser -Filter {samaccountname -eq $UserCopyFrom} -Properties *).MemberOf If (!($Groups)) {Write-Error "Could not find $UserCopyFrom";Return} $User = Get-ADUser -Filter {samaccountname -eq $UserCopyTo} -Properties * If (!($User)) {Write-Error "Could not find $UserCopyTo";Return} Foreach ($Group in $Groups){Add-ADGroupMember -Identity $Group -Members $User} } |