locked
Need way to get count of mSMQDigests for AD Users RRS feed

  • Question

  • I have run into this issue outlined in this blog.
    https://blogs.msdn.microsoft.com/johnbreakwell/2008/09/15/clearing-up-msmq-certificates-from-active-directory/

    What I want to do is do a search of AD with powershell to find the count of mSMQDigests for each member of our AD environment.  Objective is to see just how widespread the issue is. 

    Any help would be greatly appreciated

    Michael
    Saturday, May 4, 2019 12:31 PM

Answers

  • Here is why using PowerShell with advanced features can help you to do this and to buld code incrementally.

    Get-Content C:\PowerShellScripts\ad-user-list.txt |
        ForEach-Object{
            Get-ADUser $_ -Properties mSMQDigests
        } |
        Select-Object SamAccountName, @{n='Count';e={if($_.mSMQDigests){ $_.mSMQDigests.Count}}}
    

    An even better way to do this is like this:

    $my_calculated_proeprties = @(
        'SamAccountName', 
        @{
            n = 'DigestCount'
            e = { 
                    if($_.mSMQDigests){
                        $_.mSMQDigests.Count 
                    } 
                } 
        }
    )
    Get-Content C:\PowerShellScripts\ad-user-list.txt |
        Get-ADUser $_ -Properties mSMQDigests |
        Select-Object $my_calculated_proeprties

    This makes the build and testing simple.  Just add one property tot he array and test code then add the calculated properties as needed and test on each one.


    \_(ツ)_/

    • Marked as answer by michaeltr2014 Saturday, May 4, 2019 2:45 PM
    Saturday, May 4, 2019 2:32 PM

All replies

  • Can you post your script?  Post an error if you are getting one.


    \_(ツ)_/

    Saturday, May 4, 2019 12:59 PM
  • ##My loop
    Foreach ($ADUser in (Get-Content -Path C:\PowerShellScripts\ad-user-list.txt))
        {
            $mSMQDigestsCount = (GET-ADUSER –Identity $ADUser –Properties mSMQDigests | Select-Object mSMQDigests).mSMQDigests.count
            Write-output "$ADUser, $mSMQDigestsCount"
        }

    The error I get.

    Get-ADUser : A positional parameter cannot be found that accepts argument 'mSMQDigests'.
    At C:\PowerShellScripts\Get-SMQDigestsCount.ps1:5 char:24
    + ... stsCount = (GET-ADUSER –Identity $ADUser –Properties mSMQDigests  ...
    +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
        + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.GetADUser


    If I get run this command by itself (GET-ADUSER –Identity <ID of AD user> –Properties mSMQDigests | Select-Object mSMQDigests).mSMQDigests.count

    I get the count, it breaks when I put it inside the loop.


    Saturday, May 4, 2019 1:59 PM
  • The that user has no value set for that property.

    You have to test the return to be sure it exists on each user.


    \_(ツ)_/

    Saturday, May 4, 2019 2:15 PM
  • Except the user does, my import file has but one user in it right now.  If I run the command outside of the loop I get a good return.

    See here
    PowerCLI C:\PowerShellScripts> (GET-ADUSER –Identity Levine –Properties mSMQDigests | Select-Object mSMQDigests).mSMQDigests.count
    1113

    The user Levine has 1113 mSMQDigests


    Saturday, May 4, 2019 2:25 PM
  • Here is why using PowerShell with advanced features can help you to do this and to buld code incrementally.

    Get-Content C:\PowerShellScripts\ad-user-list.txt |
        ForEach-Object{
            Get-ADUser $_ -Properties mSMQDigests
        } |
        Select-Object SamAccountName, @{n='Count';e={if($_.mSMQDigests){ $_.mSMQDigests.Count}}}
    

    An even better way to do this is like this:

    $my_calculated_proeprties = @(
        'SamAccountName', 
        @{
            n = 'DigestCount'
            e = { 
                    if($_.mSMQDigests){
                        $_.mSMQDigests.Count 
                    } 
                } 
        }
    )
    Get-Content C:\PowerShellScripts\ad-user-list.txt |
        Get-ADUser $_ -Properties mSMQDigests |
        Select-Object $my_calculated_proeprties

    This makes the build and testing simple.  Just add one property tot he array and test code then add the calculated properties as needed and test on each one.


    \_(ツ)_/

    • Marked as answer by michaeltr2014 Saturday, May 4, 2019 2:45 PM
    Saturday, May 4, 2019 2:32 PM
  • Except the user does, my import file has but one user in it right now.  If I run the command outside of the loop I get a good return.

    See here
    PowerCLI C:\PowerShellScripts> (GET-ADUSER –Identity Levine –Properties mSMQDigests | Select-Object mSMQDigests).mSMQDigests.count
    1113

    The user Levine has 1113 mSMQDigests


    What is in your file?  Does it have blank lines or spaces?


    \_(ツ)_/

    Saturday, May 4, 2019 2:34 PM
  • Except the user does, my import file has but one user in it right now.  If I run the command outside of the loop I get a good return.

    See here
    PowerCLI C:\PowerShellScripts> (GET-ADUSER –Identity Levine –Properties mSMQDigests | Select-Object mSMQDigests).mSMQDigests.count
    1113

    The user Levine has 1113 mSMQDigests


    What is in your file?  Does it have blank lines or spaces?


    \_(ツ)_/



    One Line, no space, no breaks, just the user.
    Saturday, May 4, 2019 2:40 PM
  • The code works for me:

    You must run this in PowerShell 3 or later at a command prompt. 

    Try this to validate you file:

    Get-Content C:\PowerShellScripts\ad-user-list.txt |
        ForEach-Object{
            Get-ADUser $_ -Properties mSMQDigests
        }


    \_(ツ)_/

    Saturday, May 4, 2019 2:44 PM
  • Here is why using PowerShell with advanced features can help you to do this and to buld code incrementally.

    Get-Content C:\PowerShellScripts\ad-user-list.txt |
        ForEach-Object{
            Get-ADUser $_ -Properties mSMQDigests
        } |
        Select-Object SamAccountName, @{n='Count';e={if($_.mSMQDigests){ $_.mSMQDigests.Count}}}

    An even better way to do this is like this:

    $my_calculated_proeprties = @(
        'SamAccountName', 
        @{
            n = 'DigestCount'
            e = { 
                    if($_.mSMQDigests){
                        $_.mSMQDigests.Count 
                    } 
                } 
        }
    )
    Get-Content C:\PowerShellScripts\ad-user-list.txt |
        Get-ADUser $_ -Properties mSMQDigests |
        Select-Object $my_calculated_proeprties

    This makes the build and testing simple.  Just add one property tot he array and test code then add the calculated properties as needed and test on each one.


    \_(ツ)_/



    This works, thank you.


    Saturday, May 4, 2019 2:45 PM