MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

Powershell output incomplete with dots

Often admins face an issue where powershell output may contain dots – which means the output isn’t complete.

I have written a quick tip about the same topic but a different scenario:

Powershell outputs shows dots in Exchange management shell: http://msexchangeguru.com/2010/12/17/powershell-dots/

Let’s visit this with the help of an example. It’s a good practice to have a weekly backup of important details of all user mailboxes:

If I don’t use the expression – @{Name=’EmailAddresses’;Expression={[string]::join(“;”, ($_.EmailAddresses))}} for the attribute EmailAddresses as shown, it may throw one of the following in the output – System.String[] or Microsoft.Exchange.Data.ProxyAddressCollection or Microsoft.Exchange.Data.MultiValuedProperty`1[System.String]

So the cmdlet may look like this:

Get-Mailbox -ResultSize Unlimited | Select DisplayName, Alias, PrimarySmtpAddress, Database, Identity, @{Name=’EmailAddresses’;Expression={[string]::join(“;”, ($_.EmailAddresses))}}| Export-CSV “C:\EmailID_Backup_DATE.csv” –noType

I’m a huge fan of Quest AD management tools

ActiveRoles Management Shell for Active Directory: www.quest.com/powershell/activeroles-server.aspx

Let’s find out all Distribution lists in the company with type Security and Members in it.

The best way to achive this is to use Quest AD cmdlets

Get-QADObject -Sizelimit 0 | Where {$_.’GroupType’ -eq ‘Security’ } |Select SAMAccountName, GroupName, groupType, @{Name=’Members’;Expression={[string]::join(“;”, ($_.Members))}}, @{Name=’Memberof’;Expression={[string]::join(“;”, ($_.Memberof))}}| Export-CSV “C:\Security_DLs.csv” -noType

The expression is to avoid dots in output like I mentioned before.

By default, windows can only return a set of attributes on a user. Before you start playing with Quest AD Cmdlets, know these points:

-ResultSize Unlimited in Quest AD cmdlets is “-SizeLimit 0” which will ensure the output won’t have a limit of 1000 objects returned.

-IncludedProperties means you are explicitly calling for one/multiple attributes

-IncludeAllProperties means you are querying all attributes on an AD object (takes more time)

-oa means Object Attribute (used with the Set parameter to Set an attribute on an object)

Let’s look at some of my favorite cmdlets:

If you want all attributes returned on a user account

Get-QADUser USERNAME -IncludeAllProperties |fl

This is extremely helpful while troubleshooting

To get the list of users who are enabled for Office Communications service and Exchange ActiveSync

Get-QADUser -Sizelimit 0 -IncludedProperties msRTCSIP-UserEnabled,msexchOMAAdminWirelessenable | Select Name, msRTCSIP-UserEnabled, msexchOMAAdminWirelessenable

Get-QADUser –Sizelimit 0 -IncludedProperties msRTCSIP-UserEnabled | Where {$_.’msRTCSIP-UserEnabled’ -eq $true } | Select Name, msRTCSIP-UserEnabled

msRTCSIP-UserEnabled – This attribute determines whether the user is currently enabled for Office Communications Server.

To find accounts which are disabled, passwordneverexpires value etc

Get-QADObject -Sizelimit 0 |ft ClassName, Type, objectClass, AccountIsDisabled, LastLogon, LastLogoff, PasswordNeverExpires, PrimarySMTPAddress, DN, ParentContainerDN, EmailAddressPolicyEnabled

To find accounts with Federation enabled

Get-QADUser –Sizelimit 0 -IncludedProperties msRTCSIP-FederationEnabled,msRTCSIP-UserEnabled | Where {$_.’msRTCSIP-UserEnabled’ -eq $true } | WHERE {$_.’msRTCSIP-FederationEnabled’ -ne $true } |select name, msRTCSIP-FederationEnabled

To find Assistant Name, telephone of Assistant and country details on a list of user accounts:

You may add/remove attributes from the cmdlets at will…

Get-Content .\List.txt | Get-QADObject –IncludedProperties,msExchAssistantName,telephoneAssistant,telephonenumber,co |ft DisplayName, Office, StreetAddress, City, StateOrProvince, PostalCode, co, telephonenumber, msExchAssistantName, telephoneAssistant

Get-QADObject -IncludedProperties msExchAssistantName,telephoneAssistant |ft DisplayName, Office, StreetAddress, City, StateOrProvince, PostalCode, Title, Department, HomePhone, mobile, msExchAssistantName, telephoneAssistant

If you need to set an attribute on a user account you may combine it as shown with a ;. If there is a list you need to edit, you may use the For-Each parameter instead.

Set-QADUser -oa @{msexchassistantname=”AlegraRoss”;telephoneassistant=”47457″;co=”Italy’}

Set-QADUser -oa @{employeeID=”$null”}

To find all locked accounts in AD

Get-QADObject -Sizelimit 0 -IncludedProperties AccountIsLockedOut, lockoutTime | where {$_.AccountIsLockedOut -Like “True”} |ft SamAccountName,
AccountIsLockedOut, lockoutTime, City, ParentContainerDN

Get-QADUser -Sizelimit 0 -IncludedProperties AccountIsLockedOut,lockoutTime -searchroot ‘OULocation’,’OULocation’,’OULocation’ -locked |ft SamAccountName, AccountIsLockedOut, lockoutTime, City, ParentContainerDN

Get-QADUser -searchRoot ‘OULocation’ | Select-Object Name, sAMAccountName, LastLogonTimeStamp, AccountIsDisabled, AccountIsExpired, AccountIsLockedOut | Sort-Object LastLogonTimeStamp | format-table -auto

Find an attribute which contains some value in it. In this example, I am querying all user mailboxes which has a forwarder set on their mailbox properties. Basically, the value on mailbox property – “Forward to” is checked and “Deliver messages to both forwarding Address and Mailbox” which corresponds to DeliverandRedirect attribute

Get-QADObject -SizeLimit 0 -IncludeAllProperties -oa @{altrecipient=’*’} | Select-Object Name, altRecipient, DeliverandRedirect | format-table -auto

Get-QADObject -SizeLimit 0 -IncludedProperties altrecipient,DeliverandRedirect -oa @{altrecipient=’*’;DeliverandRedirect=’*’} | Select-Object Name,
altRecipient, DeliverandRedirect | format-table -auto

To find all users with Inheritence or “Include inheritable permissions from this object’s parent” unchecked

Get-Qaduser -sizelimit 0 | where {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected}

Now to set it,

Get-Qaduser “Selected User” | where{$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected} | set-QADObjectSecurity -UnlockInheritance

Note that these are plain examples, you may output any attribute on a given user or list of users using powershell.

Ratish Nair

Microsoft MVP | Exchange Server

Team @MSExchangeGuru.com

Leave a Reply

ad

Categories

Archives