Powershell ActiveDirectory Logging and import for easy rollback

Question

Im writing a custom script from start to finish to search for users ,so i can disable and move them. (script is done and working)

What im trying to do now is to create a easy readable log which also has to be used as an easy rollback.

I.ex.:

Get-Aduser -Identity test -properties SamAccountName,MemberOf,GivenName,Surname

This will return something in line of:

DistinguishedName : CN=test,OU=OUy,OU=Lab Accounts,DC=domain,DC=org
Enabled           : True
GivenName         : test
Name              : test
SamAccountName    : test
Surname           : test
Memberof          : {CN=OU,OU=Norway,OU=Lab Accounts,DC=Domain,DC=org, CN=Domain Admins,CN=Users,DC=Domain,DC=org}

If i use:

$test2 = Get-ADUser -Identity test | 
Select-Object -Property SamAccountName,GivenName,Surname,Memberof

which gives me:

SamAccountName GivenName Surname Memberof
-------------- --------- ------- --------
test           test      test      {}

What my issue now is how to log this to either a csv/text file which can be easily imported back for rollback.

Im currently using clixml which preserves the export ive done with a hashtable within a hashtable.

like:

$user=@{
            @{
             Username=$user.samaccountname
             Memberof=$user.memberOf
             }
       }

This allows me to more or less use dot notation to access the information stored for easy rollback, but viewing the file is not that easy readable

Which method do you propose me to use to log the info i need when alot of the info is some kind of collection of items?

I've tried to explore with PSobject but i havent gotten the hang of that yet. Are there any logging method which will output to a easy to read log and easy use for rollback?

If anyone is able to supply an example and also point me to a page to further explore this i will appreciate it very much.

By readerfriendly im thinking of something like this:

Username,Givenname,Surname,Memberof
Test,test2,test3,Admins;somegroup;somegroup

or

Username,Givenname,Surname,Memberof
Test,test2,test3,Admins somegroup somegroup

EDIT 1 Here is the code that gets the info:

Get-ADUser -Identity test -Properties SamAccountName,GivenName,Surname,Memberof | 
Select-Object -Property SamAccountName,GivenName,Surname,Memberof | export-csv C:\test.txt

This is what is in the file as output:

#TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser
"SamAccountName","GivenName","Surname","Memberof"
"test","Mari","Hopkins","Microsoft.ActiveDirectory.Management.ADPropertyValueCollection"

score 0 · Answer 1 · answered Oct 27 '14 at 20:25

0

Depends on what you mean by easy to read, but how about using Export-Clixml to store the object and Import-Clixml to import it?

answered Oct 27 '14 at 20:25

briantist

45,546
6
82
127

Clixml isnt readerfriendly as a CSV is. Ive comfortable with using nested hashtables and exporting it to clixml. that works like a charm – vya Oct 27 '14 at 20:26
I would like something reader friendly (se edit in question) but with the ease of import like clixml provides – vya Oct 27 '14 at 20:36
@vya Could you not just use `Export-CSV` and `Import-CSV` for this? – Matt Oct 27 '14 at 20:37
I would but what gives me trouble is either System.Collections.CollectionBase , adpropertyvaluecollection etc. – vya Oct 27 '14 at 20:40

Matt · Accepted Answer · 2014-10-27T20:55:44.180

0

You already have this information primed for a CSV. Why not just use Export-CSV and the opposite Import-CSV

$test2 | Export-CSV -Path c:\temp\backup.csv -Append

Append will add the item to the file and not overwrite the current contents. Then, if you need to, you can import it back with Import-CSV. Likely with multiple objects

$deprecatedAccounts = Import-CSV -Path c:\temp\backup.csv

To create the output you could collect the users with an array.

$users = @()
$users += $test2
$users | Export-CSV -Path c:\temp\backup.csv -Append

Edit from comments

Sorry, I didnt understand the issue at first. What you need to do is expand MemberOf from an array to a string.

Get-ADUser test -Properties SamAccountName,GivenName,Surname,Memberof | 
    Select-Object SamAccountName,GivenName,Surname,@{Label="MemberOf";Expression = {$_.Memberof -join ";"}} |
    Export-Csv -Path c:\temp\backup.csv -Append -NoTypeInformation

Create a calculated property in the select-object that expands the memberof into a semicolon delimeted string. -NoTypeInformation removes the #TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser line if you do not like that.

If you ever needed to process this back into an array you could do so with a simple split

Import-CSV c:\temp\backup.csv | ForEach-Object{$_.MemberOf -split ";"}

edited Oct 27 '14 at 20:55

answered Oct 27 '14 at 20:40

Matt

45,022
8
78
119

here is the output from : Get-ADUser -Identity test -Properties SamAccountName,GivenName,Surname,Memberof | Select-Object -Property SamAccountName,GivenName,Surname,Memberof `#TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser "SamAccountName","GivenName","Surname","Memberof" "test","Mari","Hopkins","Microsoft.ActiveDirectory.Management.ADPropertyValueCollection" – vya Oct 27 '14 at 20:42
Please update your question as code in comments is not easily readable. Are you saying that is what the output in file looks like? @vya – Matt Oct 27 '14 at 20:44
I see now what the issue is... Hold on. – Matt Oct 27 '14 at 20:50
@vya Have a look at the section under the bold text. – Matt Oct 27 '14 at 20:57
Absolutely perfect :D I thank you so much and the solution was basicly right in front of me. I tried to explore with something like the solution you gave but never got it to work as wanted. Very greatful for the help. Sorry that the question wasnt that clear from the beginning – vya Oct 27 '14 at 21:18

Powershell ActiveDirectory Logging and import for easy rollback

2 Answers2