What i found in one of the Change in Production FIM 2010 to fix something leads to break of group membership of the new user. Always advise to have group membership back up of your environment before implementing change that may break group membership of the user.Thank God Nothing was break for the existing user only then realize how important to keep the back up.
Steps:
Take a Group Membership back up.
Back-Up Steps:
Recover the Group Membership from back Up.
Create a backup folder where the entire user in AD will have their Group Membership having its own txt file with samaccountname, In case need to back up -the PowerShell can be point to the each txt to add back the group membership.
How to take Group Membership back-Up.
To search user with all the properties
Get-ADUSer -filter * -properties *
To select attribute we have to pipe it out
Get-ADUSer -filter * -properties * | Select name,samaccountname
OR
Get-ADUSer -filter * -properties * | %{
$x=$_.samaccountname
$x
}
The Output will show the attribute of the user, if you want to make further search you have to capture all the attribute in array.
I have intensely strike Write-Host cmdlet after reading Jeffrey Snover's blog
To search user with all the properties
Get-ADUSer -filter * -properties *
To select attribute we have to pipe it out
Get-ADUSer -filter * -properties * | Select name,samaccountname
OR
Get-ADUSer -filter * -properties * | %{
$x=$_.samaccountname
$x
}
The Output will show the attribute of the user, if you want to make further search you have to capture all the attribute in array.
Function FindGroupmember {
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true,ValueFromPipeline=$true)]
[string[]] $value
)
Begin {}
Process{
foreach($i in $value) {
#Write-Host "=== Finding Group Membership of $i========"
Write-Output "=== Finding Group Membership of $i========"
$y=Get-ADUSer -identity $i -properties *
$z=($y.memberof -split (",") | Select-String -SimpleMatch "CN=") -replace "CN=",""
$z # To display the output.
# The below is the path to backup in csv
$z >>C:\Users\Administrator\Desktop\Backup.csv
$z >>C:\Users\Administrator\Desktop\Test\$i.txt
}
}
End {}
}
Import-Module ActiveDirectory
$a=@( ) # Dynamic array
Get-ADUSer -filter * -properties * | %{
$x=$_.samaccountname
$a+=$x
}
FindGroupmember -value $a
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true,ValueFromPipeline=$true)]
[string[]] $value
)
Begin {}
Process{
foreach($i in $value) {
#
Write-Output "=== Finding Group Membership of $i========"
$y=Get-ADUSer -identity $i -properties *
$z=($y.memberof -split (",") | Select-String -SimpleMatch "CN=") -replace "CN=",""
$z # To display the output.
# The below is the path to backup in csv
$z >>C:\Users\Administrator\Desktop\Backup.csv
$z >>C:\Users\Administrator\Desktop\Test\$i.txt
}
}
End {}
}
Import-Module ActiveDirectory
$a=@( ) # Dynamic array
Get-ADUSer -filter * -properties * | %{
$x=$_.samaccountname
$a+=$x
}
FindGroupmember -value $a
I am closing this topic with the line . Make sure you know what you are doing before you start to make changes you do not understand
No comments:
Post a Comment