none
Powershell combining get-aduser and get-adcomputer

    Question

  • Hi,

    I have a script with read-host to find users in AD, but i want to change it so it shows more information about the user and the computername he or she works with.

    What i like to do is:

    1: search with the last name of the user instead of the username 

    2: getting the desired information of the searched user at 1 (already in the script Get-ADUser) 

    3: getting the computer name of the user (the pc has the name of the user in the description like this: Doe, J (John)

    4: show a txt file with information of the user and the name of the computer (info about the user is already in the script invoke-item)

    The hard part for me is combining get-aduser and get-adcomputer. 

    I searched and tried, but i'm new to powershell and was not able to do this.

    I think the easiest way to work this out is to search the last name in the description of the computer  and using that to get the user information (as you see in the script at get-ADUser

    the code:

    $name = Read-Host -Prompt "Please enter the login name of the user"
                Get-ADUser $name -Properties * | Select CN, SamAccountName, Title, DisplayName, EmployeeNumber, Department, EmailAddress, telephoneNumber, HomeDirectory, ProfilePath, AccountExpirationDate, LastLogonDate, LockedOut, PasswordExpired, PasswordLastSet > "C:\LOGTEST\User.txt"    
                Invoke-Item "C:\LOGTEST\User.txt"  
                Write-Host "Your user information is now on your screen" -ForegroundColor Green
                Log ("Check user information about $name")
              Sleep -Seconds 5
              $name = "" 

    Thank you

    Thursday, October 4, 2018 1:36 PM

All replies

  • help get-aduser -parameter filter

    Look at the examples and instructions.

    You will find many blogs describing how to use the filter to return matches.


    \_(ツ)_/

    Thursday, October 4, 2018 1:42 PM
  • Partial code to retrieve computer name from the description:

    $UserName = "Doe, J (John)"
    $ComputerName = (Get-ADComputer -Filter {Description -eq $UserName}).Name



    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, October 4, 2018 2:02 PM
    Moderator
  • Thank you, I try to search for that.
    Friday, October 5, 2018 7:00 AM
  • That is what I was looking for thank you!
    Friday, October 5, 2018 7:47 AM
  • I have found a way for step 1 and 2 but I can't combine the results with question 3 (as asked before).

    new script:

    # 1: because there are more users with the same name/surname, I have put the first- and last name in.

     $FirstName = (read-host -prompt "First name")
     $LastName = (read-host -prompt "Surname")

     $fullname= Get-ADUser -Filter "GivenName -like '$FirstName*' -and Surname -like '$LastName*'" | select-object name

     output is:

    Name

    --------

    Doe, J (John)

    Doe, J (John) (admin)

    Doe, J (John) (XX)

    #Now the problem. Some users have 2 or more accounts in AD as above. I think because of the results the script won't show the computer name. I need to filter it somehow to show/select 1 account like "Doe, J (John)" and leave the other out. So it can search only for "Doe, J (John)" computer name.

    edit: Below shows empty result if I use it in this script, but if I do it like how Richard Mueller told then it works fine

    $ComputerName = (Get-ADComputer -Filter {Description -eq $fullname}).Name > "C:\LOGTEST\User.txt"

    Invoke-Item "C:\LOGTEST\User.txt"



    • Edited by R.R.452B Friday, October 12, 2018 8:20 AM
    Friday, October 12, 2018 8:04 AM
  • Hey, you need to know on which criteria you want to filter the returned accounts, then we can help. So for instance, taking the 3 John Doe's above, do you want to pick the first one, a random one, or one that has a logical property in addition to those you have listed that identifies it as the account you are looking for. 

    Otherwise you should think about what AD attributes you have to work with and how consistent are they? In your above example I think I would filter out all strings that had more than one set of parenthesize but you didn't indicate if that way even the right one so I would just be guessing.

    Saturday, October 13, 2018 11:16 AM
  • Hey, you need to know on which criteria you want to filter the returned accounts, then we can help. So for instance, taking the 3 John Doe's above, do you want to pick the first one, a random one, or one that has a logical property in addition to those you have listed that identifies it as the account you are looking for. 

    Otherwise you should think about what AD attributes you have to work with and how consistent are they? In your above example I think I would filter out all strings that had more than one set of parenthesize but you didn't indicate if that way even the right one so I would just be guessing.

    Thanks you for the information.

    I have finally  found a solution and I will post it here so people who have the same challenge as I did can use it and modify it (sharing is caring) 

    I know the script is "noobish" and need to work on it, but this is what I  asked for. I search and learned and with $null knowledge about powershell, I managed to do something like this. 

    What it does is:  find the computers in AD and save it as TXT file. Based on the input (first name and last name, the desired information will be selected. The script will see if the SamAccountname is like the login name of the computer in the text file  if that is the case then you get a prompt. 

    For now it's slow if there are like a few thousand computers in AD.

     
    start-transcript -path "C:\Transcript.txt"  -force -NoClobber
    Get-ADComputer -property * -filter "name -like 'XXX*' -and description -notlike 'ABC-*'" | select Name | out-file "C:\Computers.txt" -force
    
    $ErrorActionPreference= 'silentlycontinue'
    
    $FirstName = (read-host -prompt "Firstname")
    $LastName = (read-host -prompt "Lastname")
    $filter = (Get-ADUser -property  * -filter "GivenName -like '$FirstName' -and Surname -like '$LastName*'" ) | Select SamAccountName, name, surname, EmailAddress, telephoneNumber, LastLogonDate, PasswordExpired, profilePath, LockedOut, physicalDeliveryOfficeName
    $fullname = $filter.name
    
    
    $name1 = $filter.SamAccountName
    $Deskl = $filter.physicalDeliveryOfficeName
    
    $computers = Get-Content -path "C:\computers.txt"
    foreach ($computer in $computers) {
    
    $UserName = (Get-WmiObject -ComputerName "$computer" -class Win32_computersystem).username 
    $PCDescription = Get-ADComputer $computer -Properties description | ForEach-Object {$_.Description}
    
    if ($username -like "*$name1*")  {write-host " User $name1 is logged in on: $computer | PC Description $pcdescription" -ForegroundColor Cyan  } 
    
    }
    
    
    
    
    
    
    
    
    

    Wednesday, November 7, 2018 9:58 AM
  • Nice selection of guesses and copied code but you have not created a script that will do anything but fial with no knowledge of why.

    Here is an example.

    $computers = Get-ADComputer -filter "name -like 'XXX*' -and description -notlike 'ABC-*'"
    
    $FirstName = read-host Firstname
    $LastName = read-host Lastname
    
    
    if($user = Get-ADUser -filter "GivenName -like '$FirstName' -and Surname -like '$LastName*'"){
        foreach ($computer in $computers) {
            if(Get-WmiObject Win32_computersystem -Filter "Username LIKE '%$($user.SamAccountName)'" -ComputerName $computer){
                $msg = 'User {0} is logged in on: {1} | PC Description {2}' -f $user.Name, $computer.Name, $computer.Description
                write-host $msg -ForegroundColor Cyan
            }else{
                Write-Host 'User not found on any computer'
            }
        }
    }else{
        Write-Host 'User not found in AD'
    }
    

    Abandon copy and guess before it gets you into trouble again.

    Here is a place to actually learn what PowerShell is and how it is intended to be used.

    1. Microsoft Virtual Academy - Getting Started with Microsoft PowerShell
    2. PowerShell Documentation
    3. PowerShell Style Guidelines


    \_(ツ)_/

    Wednesday, November 7, 2018 10:17 AM
  • The fastest way to do this is to get all computers and users once then query the results for the user.

    An even easier and faster way is to use a form with a listbox or grid with a search button that can find a user


    \_(ツ)_/

    Wednesday, November 7, 2018 10:20 AM
  • A fast way to get user info from full name.

    $computers = Get-ADComputer -filter "name -like 'XXX*' -and description -notlike 'ABC-*'" -Properties Description
    $fullname = Read-Host 'Enter user full name'
    $user = Get-WmiObject win32_useraccount -Filter "Fullname = '$fullname'" -computer ($env:LOGONSERVER -replace '\\\\')
    foreach ($computer in $computers) {
        if(Get-WmiObject Win32_computersystem -Filter "Username '$($user.Caption)'" -ComputerName $computer){
            $msg = 'User {0} is logged in on: {1} | PC Description {2}' -f $user.Fullame, $computer.Name, $computer.Description
            write-host $msg -ForegroundColor Cyan
        }else{
            Write-Host 'User not found on any computer'
        }
    }
    


    \_(ツ)_/

    Wednesday, November 7, 2018 10:38 AM
  • Here is a very fast method of getting the users location(s).

    workflow GetLoggedOnUserNames{
        Param([array]$computers)
        foreach -parallel ($computer in $computers){
            Get-WmiObject win32_computersystem -PsComputerName $computer|
                ForEach-Object{
                    [pscustomobject]@{
                        Login = $_.Username
                        ComputerName = $computer
                    }
                }
        }
    }
    $computers = Get-ADComputer -filter "name -like 'XXX*' -and description -notlike 'ABC-*'" -Properties Description
    $loggedOnUsers = GetLoggedOnUserNames $computers.Name 
    
    while($fullname = Read-Host 'Enter user full name'){
        if($user = Get-WmiObject win32_useraccount -Filter "Fullname = '$fullname'" -computer ($env:LOGONSERVER -replace '\\\\')){
            $loggedOnUsers |
                Where{$_.Login -eq '$($user.Caption)'} |
                Select Login, ComputerName
        }else{
            Write-Host 'User not found in AD'
        }
    }

    I know this is way too advanced for new users but, with a little research, its methods can be understood.

    "Workflow" increases the speed of searching computer logins and saving it allows the data to be local and reusable. The rest of the script just searches the local data for the login.  A check for current status can be added to be sure the user didn't logoff since the local data was extracted. 

    Of course the best way to do this is with a WMI event on each system to update a central database.  We can also use the eventlog with a script event to maintain a current and accurate list of user logins.


    \_(ツ)_/




    • Edited by jrv Thursday, November 8, 2018 2:07 AM
    Thursday, November 8, 2018 2:01 AM