Ever had the need to random sort an array in PowerShell?
Sorting an array randomly is as easy as that:
1 2 3 4 5 | # Creating a new array $array = @(1..20) # Sorting the array randomly $array | Sort-Object { Get-Random } |
PowerShell Function: make a Parameter dependent of the Value of another Parameter
I had the case where I needed to make sure that one switch parameter of a PowerShell function can only be used, if another parameter had a certain value.
For example: the switch parameter -MYSWITCH can only be used if the value of the parameter -Selection is set to “POSSIBLE”.
The following PowerShell function is written to do exactly that.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | function myFunction() { [cmdletbinding( DefaultParameterSetName='Default' )] Param ( [Parameter()] [String]$Selection, [Parameter(ParameterSetName='Selection')] [ValidateScript({ $Selection -eq 'POSSIBLE' })] [Switch]$MYSWITCH ) # Print out current ParameterSet Selection $PSCmdlet.ParameterSetName } # Selection is POSSIBLE and therefore, the -MYSWITCH switch is allowed myFunction -Selection POSSIBLE -MYSWITCH # Selection is IMPOSSIBLE and therefore, the -MYSWITCH switch is NOT allowed => throws an error myFunction -Selection IMPOSSIBLE -MYSWITCH # Selection is IMPOSSIBLE and therefore, the -MYSWITCH switch is NOT allowed => works well because -MYSWITCH is not used myFunction -Selection IMPOSSIBLE |
If the -Selection is set to anything different then “POSSIBLE”, using the switch -MYSWITCH just throws an error. This is the expected behavior in that case.
How to Backup, Import and Link GPOs using PowerShell
Ever had to import a GPO on a Windows Server Core Domain Controller without any graphical user interface like the Group Policy Management Console?
This easy step-by-step tutorial helps you to master the task of backing up, importing and linking Group Policy Objects (GPOs) using PowerShell on the command line.
Active Directory PowerShell Delegate Permission to Reset User Passwords for a specific Organizational Unit
Is there an easy solution to allow Helpdesk Users to reset passwords for user accounts for a specific Active Directory Organizational Unit (OU) with PowerShell?
Yes, there is! Just use the script/function below to set the necessary Active Directory Delegation.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | function Set-ResetPasswordDelegation(){ param( [string]$OrganizationalUnit, [string]$DelegationGroupName ) # Configuration Parameters $confADRight = "ExtendedRight" $confDelegatedObjectType = "bf967aba-0de6-11d0-a285-00aa003049e2" # User Object Type GUID $confExtendedRight = "00299570-246d-11d0-a768-00aa006e0529" # Extended Right PasswordReset GUID # Collect and prepare Objects $delegationGroup = Get-ADGroup -Identity $DelegationGroupName $delegationGroupSID = [System.Security.Principal.SecurityIdentifier] $delegationGroup.SID $delegationGroupACL = Get-Acl -Path "AD:\$OrganizationalUnit" # Build Access Control Entry (ACE) $aceIdentity = [System.Security.Principal.IdentityReference] $delegationGroupSID $aceADRight = [System.DirectoryServices.ActiveDirectoryRights] $confADRight $aceType = [System.Security.AccessControl.AccessControlType] "Allow" $aceInheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "Descendents" $ace = New-Object System.DirectoryServices.ActiveDirectoryAccessRule($aceIdentity, $aceADRight, $aceType, $confExtendedRight, $aceInheritanceType,$confDelegatedObjectType) # Apply ACL $delegationGroupACL.AddAccessRule($ace) Set-Acl -Path "AD:\$OrganizationalUnit" -AclObject $delegationGroupACL } # Calling the function Set-ResetPasswordDelegation -OrganizationalUnit "OU=Users,DC=pwsh,DC=ch" -DelegationGroupName "ServiceDesk-PasswordReset-Allow" |
Get-ADUser not returning all user attributes [solution]
Using the Active Directory PowerShell command Get-ADUser with the –properties * (asterisk) switch does not return all available user attributes.
Properties like “msDS-UserPasswordExpiryTimeComputed” will not show up like that and have to be explicitly specified to be returned:
1 | Get-ADUser –Properties msDS-UserPasswordExpiryTimeComputed |
The following code returns all values of the user object:
1 2 | $properties = Get-ADObject -SearchBase (Get-ADRootDSE).SchemanamingContext -Filter {name -eq "User"} -Properties MayContain,SystemMayContain | Select-Object @{name="Properties";expression={$_.maycontain+$_.systemmaycontain}} | Select-Object -ExpandProperty Properties Get-ADUser -Identity username -Properties $properties | fl $properties |
In the above example, all available properties of the Active Directory ObjectClass “user” are retrieved and stored in an array, which is then used to specify the wanted properties using the Get-ADUser cmdlet.