Powershell output incomplete with dots
Often admins face an issue where powershell output may contain dots – which means the output isn’t complete.
I have written a quick tip about the same topic but a different scenario:
Powershell outputs shows dots in Exchange management shell: https://msexchangeguru.com/2010/12/17/powershell-dots/
Let’s visit this with the help of an example. It’s a good practice to have a weekly backup of important details of all user mailboxes:
If I don’t use the expression – @{Name=’EmailAddresses’;Expression={[string]::join(“;”, ($_.EmailAddresses))}} for the attribute EmailAddresses as shown, it may throw one of the following in the output – System.String[] or Microsoft.Exchange.Data.ProxyAddressCollection or Microsoft.Exchange.Data.MultiValuedProperty`1[System.String]
So the cmdlet may look like this:
Get-Mailbox -ResultSize Unlimited | Select DisplayName, Alias, PrimarySmtpAddress, Database, Identity, @{Name=’EmailAddresses’;Expression={[string]::join(“;”, ($_.EmailAddresses))}}| Export-CSV “C:\EmailID_Backup_DATE.csv” –noType
I’m a huge fan of Quest AD management tools
ActiveRoles Management Shell for Active Directory: www.quest.com/powershell/activeroles-server.aspx
Let’s find out all Distribution lists in the company with type Security and Members in it.
The best way to achive this is to use Quest AD cmdlets
Get-QADObject -Sizelimit 0 | Where {$_.’GroupType’ -eq ‘Security’ } |Select SAMAccountName, GroupName, groupType, @{Name=’Members’;Expression={[string]::join(“;”, ($_.Members))}}, @{Name=’Memberof’;Expression={[string]::join(“;”, ($_.Memberof))}}| Export-CSV “C:\Security_DLs.csv” -noType
The expression is to avoid dots in output like I mentioned before.
By default, windows can only return a set of attributes on a user. Before you start playing with Quest AD Cmdlets, know these points:
-ResultSize Unlimited in Quest AD cmdlets is “-SizeLimit 0” which will ensure the output won’t have a limit of 1000 objects returned.
-IncludedProperties means you are explicitly calling for one/multiple attributes
-IncludeAllProperties means you are querying all attributes on an AD object (takes more time)
-oa means Object Attribute (used with the Set parameter to Set an attribute on an object)
Let’s look at some of my favorite cmdlets:
If you want all attributes returned on a user account
Get-QADUser USERNAME -IncludeAllProperties |fl
This is extremely helpful while troubleshooting
To get the list of users who are enabled for Office Communications service and Exchange ActiveSync
Get-QADUser -Sizelimit 0 -IncludedProperties msRTCSIP-UserEnabled,msexchOMAAdminWirelessenable | Select Name, msRTCSIP-UserEnabled, msexchOMAAdminWirelessenable
Get-QADUser –Sizelimit 0 -IncludedProperties msRTCSIP-UserEnabled | Where {$_.’msRTCSIP-UserEnabled’ -eq $true } | Select Name, msRTCSIP-UserEnabled
msRTCSIP-UserEnabled – This attribute determines whether the user is currently enabled for Office Communications Server.
To find accounts which are disabled, passwordneverexpires value etc
Get-QADObject -Sizelimit 0 |ft ClassName, Type, objectClass, AccountIsDisabled, LastLogon, LastLogoff, PasswordNeverExpires, PrimarySMTPAddress, DN, ParentContainerDN, EmailAddressPolicyEnabled
To find accounts with Federation enabled
Get-QADUser –Sizelimit 0 -IncludedProperties msRTCSIP-FederationEnabled,msRTCSIP-UserEnabled | Where {$_.’msRTCSIP-UserEnabled’ -eq $true } | WHERE {$_.’msRTCSIP-FederationEnabled’ -ne $true } |select name, msRTCSIP-FederationEnabled
To find Assistant Name, telephone of Assistant and country details on a list of user accounts:
You may add/remove attributes from the cmdlets at will…
Get-Content .\List.txt | Get-QADObject –IncludedProperties,msExchAssistantName,telephoneAssistant,telephonenumber,co |ft DisplayName, Office, StreetAddress, City, StateOrProvince, PostalCode, co, telephonenumber, msExchAssistantName, telephoneAssistant
Get-QADObject -IncludedProperties msExchAssistantName,telephoneAssistant |ft DisplayName, Office, StreetAddress, City, StateOrProvince, PostalCode, Title, Department, HomePhone, mobile, msExchAssistantName, telephoneAssistant
If you need to set an attribute on a user account you may combine it as shown with a ;. If there is a list you need to edit, you may use the For-Each parameter instead.
Set-QADUser -oa @{msexchassistantname=”AlegraRoss”;telephoneassistant=”47457″;co=”Italy’}
Set-QADUser -oa @{employeeID=”$null”}
To find all locked accounts in AD
Get-QADObject -Sizelimit 0 -IncludedProperties AccountIsLockedOut, lockoutTime | where {$_.AccountIsLockedOut -Like “True”} |ft SamAccountName,
AccountIsLockedOut, lockoutTime, City, ParentContainerDN
Get-QADUser -Sizelimit 0 -IncludedProperties AccountIsLockedOut,lockoutTime -searchroot ‘OULocation’,’OULocation’,’OULocation’ -locked |ft SamAccountName, AccountIsLockedOut, lockoutTime, City, ParentContainerDN
Get-QADUser -searchRoot ‘OULocation’ | Select-Object Name, sAMAccountName, LastLogonTimeStamp, AccountIsDisabled, AccountIsExpired, AccountIsLockedOut | Sort-Object LastLogonTimeStamp | format-table -auto
Find an attribute which contains some value in it. In this example, I am querying all user mailboxes which has a forwarder set on their mailbox properties. Basically, the value on mailbox property – “Forward to” is checked and “Deliver messages to both forwarding Address and Mailbox” which corresponds to DeliverandRedirect attribute
Get-QADObject -SizeLimit 0 -IncludeAllProperties -oa @{altrecipient=’*’} | Select-Object Name, altRecipient, DeliverandRedirect | format-table -auto
Get-QADObject -SizeLimit 0 -IncludedProperties altrecipient,DeliverandRedirect -oa @{altrecipient=’*’;DeliverandRedirect=’*’} | Select-Object Name,
altRecipient, DeliverandRedirect | format-table -auto
To find all users with Inheritence or “Include inheritable permissions from this object’s parent” unchecked
Get-Qaduser -sizelimit 0 | where {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected}
Now to set it,
Get-Qaduser “Selected User” | where{$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected} | set-QADObjectSecurity -UnlockInheritance
Note that these are plain examples, you may output any attribute on a given user or list of users using powershell.
Ratish Nair
Microsoft MVP | Exchange Server
Team @MSExchangeGuru.com
