Powershell Copy membership to user

[cmdletbinding()]

PARAM(
    [Parameter(Mandatory=$true, Position=0)]
    [String]$UserToCopyFrom,
    [Parameter(Mandatory=$true, Position=1)]
    [String]$UserToCopyTo
)
#Get All members from user $UserToCopyFrom
try{
    $Members = Get-ADUser $UserToCopyFrom -Properties MemberOf - 
    ErrorAction Stop | select -ExpandProperty MemberOf
}
catch
{
    Write-Warning "Failed to get members"
    Start-Sleep -s 3
    exit
}

#Get all members and add to new user
$Members | foreach {

    Write-Host "Add users $UserToCopyTo to group $_" -ForegroundColor Green
    Add-ADGroupMember -Identity $_ -Members $UserToCopyTo
}
Read-Host "Press to quit"

Powershell Disabel or Delete user

Here we have an Offboarding Script, to help you to save time.
But takes a backup on access rights in the ad in case the user comes back later or if someone needs to know what the user had access to.

If you have sync with office365 when user removed will sync stop with that account, depends on the federation setup it hopefully removes the account in office365 without you need to do anything.

#Import-Module activedirectory

$userid = Read-Host "Whats the USERID"
$dateString = Get-Date -Format "yyddMM-hhmm"


Set-ADUser $userid -Description "Disable $dateString by $env:USERNAME"
#Its edit users description with information who and when this account was disable

Get-ADPrincipalGroupMembership $userid | select name > "\\server.share.store\$userid-$dateString.txt" #Copy all the users memberships to text fil
#The plan is to remove the membership from the user but have a text file to fall back on, if someone needs to know the users membership
#}


#https://technet.microsoft.com/sv-se/library/dd378944(v=ws.10).aspx
Get-ADPrincipalGroupMembership -Identity $userid | % {Remove-ADPrincipalGroupMembership -Identity $userid -MemberOf $_ -Confirm:$false} #Remove all membership
#-confirm:$false does that all prompt messeage will be answeard with Yes due to the command is about removing memberships

#It has to remove membership before it moves the account or else it cant find the account without a new Get-ADPrincipalGroupMembership $userid
Disable-ADAccount -Identity $userid #Disable the account
Get-ADUser $userid| Move-ADObject -TargetPath 'OU=DisabledUsers,DC=company,DC=com' 
#Moves the account to OU DisableUsers

Remove-ADUser -Identity $userid
#This will remove user from AD
#https://docs.microsoft.com/en-us/powershell/module/addsadministration/remove-aduser?view=win10-ps

If the accident still happens to happen and you happen to remove someone who would not be removed.

Here’s how to restore the account

Powershell Get Users from OU

Let try something a little bit harder, we have a script that can export user from specific OU with values like Name, Email, Manager, and departmentnumber

I can be good nowadays with all the reorganization that is now done prematurely at companies.

Not values might need to change it depends where your company stores things in your ad attribute on the user.

Enjoy!

#Import-Module activedirectory

$SearchOU = "OU=YourUsers,OU=Company,DC=company,DC=domain"

#All extended AD-Attributes
$ADAttributes = @(
    "Name",
    "EmailAddress",
    "Manager",
    "departmentnumber",
    "employeeNumber"
)
$Users = Get-ADUser -SearchBase $SearchOU -Filter {employeenumber -like "*"} -Properties $ADAttributes
$counter = 0

$dateString = Get-Date -Format "yyddMM-hhmm"
"Name,Email,Costcenter,Approver"  | Out-File C:\TEMP\Export-$dateString.txt
Foreach ($User in $Users)
{
    $name = ""
    $email = ""
    $departmentnumber = ""
    $manager = ""

    $departmentnumber = $user.departmentnumber
    [string]$name = $user.Name
    [string]$email = $user.EmailAddress
try {
      [string]$managerDN = $user.manager
      [string]$manager = (Get-ADUser $managerDN).name
    }
   #Can be good to activate if you get probelem, for example 
   #some user might not have a manager
   #
   # Catch 
   # {
   # Write-Output $name
   # }

    [string]$employeeNumber = $user.employeeNumber
    [string]$results = $Name +","+ $email + ","+ $departmentnumber +"," + $manager
    [string]$results | Out-File C:\TEMP\export-$dateString.txt -Append        
}

Restore deleted item active directory

How do I find deleted items in active directory?

Restore deleted items when an accident has occurred.

First, you need to navigate to start and type dsac.exe. Open “Active Directory Administrative Centre”. In the left pane click domain name and select the “Deleted Objects” container in the context menu. Right-click the container and click “Restore” to restore the deleted objects.

Hint they might end up in disable if you do not specify restore point or restore it specific OU in your active directory.

How to add email alias

Want to know how to add an email alias to existing email address

Good to know before editing and creating an email address
SMTP = Primary address and answering address
smtp = alias address to primary address


In o365 you can do it two ways to add email alias.
1. go http://admin.microsoft.com
Search for the user, and pick the user.
Account, Alias, handle email Alias

or

http://admin.microsoft.com
Go to Exchange
Search for the user, and pick the user
Pick Email address

Now you can add an email address.


And if you want to do this change in your AD if you use federation or on-prem solution.

First, you need to navigate to correct OU where the user you are looking for is located, you cant search for the user, you need to have access to
For many you will not see it if you search for the user, is a known bug in windows active directory.

After you have located the user and pick properties
You will have picked it.
Now search for in long list Attributes.

Dubble clicks on it and follows the rules for adding an email.

SMTP = Primary address and answering address
smtp = alias address to primary address

Copy Users groupmember to another user Powershell

Copy or clone one user’s ad membership to another user

For example, there is a new user at the office and need the same access as someone else this script can help you copy all-access easy from one person to the other one.


[cmdletbinding()]
PARAM(
    [Parameter(Mandatory=$true, Position=0)]
    [String]$UserToCopyFrom,
    [Parameter(Mandatory=$true, Position=1)]
    [String]$UserToCopyTo
)

-Get All members from user $UserToCopyFrom
try{

     $Members1 = Get-ADGroupMember -identity $UserToCopyFrom -Recursive | Get-ADUser -Property DisplayName | select SamAccountName
    $Members2 = Get-ADGroupMember -identity $UserToCopyFrom -Recursive | Get-ADUser -Property DisplayName | select MemberOf

}
catch
{
    Write-Warning "Failed to get members"
    Start-Sleep -s 3
    exit
}

#Get all members and add to new user
$Members | foreach { 
    
    Write-Host "Add users $UserToCopyTo to group $_" -ForegroundColor Green
    Add-ADGroupMember -Identity $_ -Members $UserToCopyTo
}

Read-Host "Press to quit"

Export everyone with Phone nr in AD Powershell

How to export everyone with phone nr out of Active Directory

$AdusersNoPhone = Get-ADUser -Filter * -Properties mobile, officephone -SearchBase "OU=UserOU,DC=comany,DC=domain" | where {$_.Enabled -and $_.Mobile -like ""} | select Name, Emailaddress, Mobile, OfficePhone | sort Name

$AdusersNoPhone | Export-Csv -Path "C:\temp\ADusersWithNoMobileNR.csv" -NoTypeInformation -Encoding UTF8

Powershell Get mebers in a AD Group


Are you looking for a script that can help you to get all users that members in a specific AD Group?

#Ask for name of the group
$Group = Read-Host "Whats name of the group"

Get-ADGroupMember -identity "$Group" -Recursive | Get-ADUser -Property DisplayName | Select Name