How do I input the SamAccountName from get-aduser?

Question

I've been scrambling around looking for examples of how -inputobject is used, and I cannot seem to find any. I've never touched powershell before, but when I recently started this job, and was told that this is a script we used, I couldn't help but start messing around with it! Pipes are fascinating, but I can't seem to get past this latest issue I have.

I have this huge list of data that comes out when looking up users in AD, and I was wondering if I could also snag the SamAccountName from the same code block!

$User = Get-ADUser -Filter "EmployeeID -eq '$NameID' -or SamAccountName -eq '$NameID' -or DisplayName -eq '$NameID' -or UserPrincipalName -eq '$NameID'" -Properties 
Enabled,LockedOut,Mail,Created,passwordlastset,Description,PasswordExpired,LastLogonDate,EmployeeID,DisplayName,"msRTCSIP-UserEnabled",
"msDS-UserPasswordExpiryTimeComputed","extensionAttribute7",telephonenumber,targetaddress,distinguishedName |
                Select-Object @{Expression={$_.Name};Label='User Name';},
                @{Expression={$_.UserPrincipalName};Label='Logon Name';},
                @{Expression={$_.DisplayName};Label='Display Name';},
                @{Expression={$_.Created};Label='Date Created';},
                @{Expression={$_.SamAccountName};Label='SamAccountName';} -InputObject $Name,
                Description,
                Enabled, 
                @{Expression={$_.LockedOut};Label='Locked';}, 
                @{Expression={$_.Mail}; Label='Email Address';}, 
                @{Expression={$_.passwordlastset};Label='PW Last Reset';},
                @{Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")};Label='Password Expiry';},
                @{Expression={$_.LastLogonDate};Label='Last Logon';}, 
                @{Expression={$_.PasswordExpired};Label='Password Expired';}, 
                @{Expression={$_.extensionAttribute7};Label='Contract Expires On';},
                @{Expression={$_.EmployeeID};Label='Employee ID';},
                @{Expression={$_."msRTCSIP-UserEnabled"};Label='Skype Enabled';},
                @{Expression={$_.telephonenumber};Label='Phone Number';},
                @{Expression={$_.targetaddress};Label='Email Forwarded To';},
                @{Expression={$_.distinguishedName};Label='Distinguished Name';} | Select-Object SamAccountName -InputObject $Name | Format-list | Out-String

The above is what I use to get most of the interesting information to display nicely in the script, but going forward, I have to call it again with my limited knowledge to simply input a user's SamAccountName into a $Name var(To gather their managers and the like.) It looks something like this:

$Name = (getad-user -Filter "EmployeeID -eq '$NameID' -or SamAccountName -eq '$NameID' -or DisplayName -eq '$NameID' -or UserPrincipalName -eq '$NameID'").SamAccountName

I was just wondering if I could compress it all down into one Get-ADUser, and what the best practice that would be!

Thanks in advance all

score 0 · Answer 1 · edited Jun 20 '20 at 09:12

0

The best practise would be to turn any piece of code into a resuable function and then combine multiple functions into modules. Since you are beginning with powershell you could start with a simple function like this:

Function Get-ADUserInfo {
   param([string]$NameID)

   Get-ADUser -Filter "SamAccountName -eq '$NameID'" -Properties Enabled,LockedOut,Mail,Created,passwordlastset,Description,PasswordExpired,LastLogonDate,EmployeeID,DisplayName,Manager,"msRTCSIP-UserEnabled","msDS-UserPasswordExpiryTimeComputed","extensionAttribute7",telephonenumber,targetaddress,distinguishedName |
                Select-Object @{Expression={$_.Name};Label='User Name'},
                SamAccountName

    }

# call the function with different nameid values like so
$Name = Get-ADUserInfo -NameID someuser1
$Name = Get-ADUserInfo -NameID someuser2

managers info

Get-ADuser -Identity $Name.Manager

Inputobject as the name suggests is used to pass an object as an input to a function. The property samaccountname is already present in the output so there is no need to do anything else other than to just specify it as shown in the code above.

also why choose to display "Name" as "user name"? wouldn't it be easier to format the headers in excel?

Here are some links that could be helpful:

functions

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_functions?view=powershell-5.1

edited Jun 20 '20 at 09:12

Community

1
1

answered Feb 19 '19 at 04:52

Kiran Reddy

2,836
2
16
20

Our work mostly uses it to get ID, email, see who their manager is, check their groups, and to tell if their passwords expired - we don't actually paste all of it into excel and the like. The script I'm messing around with was the work of others, so it's been a real interesting adventure trudging through it! As for why I use SamAccountName(or need it, rather) is because the initial function takes a lot of various kinds of ways to type in a user, and searches for them via filter. I then use the same info to get their manager later on. Doesnt work too well if they use email, though. – Spook City Feb 19 '19 at 05:11
[Ran out above] So I filter for their SamAccountName after, and use that to run a check in the system for their manager, and their info. I'm mostly just trying to compact line count at this point, haha, and I know I can go further along by compressing it down into functions. I was mostly curious how I'd go about shoving the found SamAccountName into $Name from the same ADUser - I think it's possible, I just don't know the lingo enough to do so. Even with a function, I am not too sure what I'd put for return! I only started messing with powershell a week ago. :p – Spook City Feb 19 '19 at 05:13
you dont need to use return keyword to display output in powershell thats for c#...I will edit the answer to show how to use the $name as output – Kiran Reddy Feb 19 '19 at 05:19
Why would you grab every property if you only show the Name/SamAccountName, did you just include it as an example? – Seth Feb 19 '19 at 07:04
@Seth All of the information inside is important for our work, in fact! I am also working off someone else's work(who has long since quit, actually...) and so I'm doing my best to slowly pick away at it to clean it up, and make it better. Again, the original question was how to rip out the SamAccountName for use in other parts later on in the script(Such as their manager, for example, or to best guess an LA or t-0/3 account!) Powershell has been entirely foreign and I've only started to mess with it a few weeks ago. I'm not even sure what half of the things in it mean still, :X – Spook City Feb 20 '19 at 05:05

score 0 · Accepted Answer · answered Feb 19 '19 at 07:02

You have a pretty convoluted way to get what you want. To minimize the number of Get-ADUser calls just use a variable. You already assign a variable in the beginning but for whatever reason you "trash" the object.

Within your code Select-Object SamAccountName -InputObject $Name doesn't seem to make sense. You never show what you assign to $Name and with what you do before it, it look strange. As such I removed it in the below code.

$user = Get-ADUser -Filter "EmployeeID -eq '$NameID' -or SamAccountName -eq '$NameID' -or DisplayName -eq '$NameID' -or UserPrincipalName -eq '$NameID'" -Properties 
Enabled,LockedOut,Mail,Created,passwordlastset,Description,PasswordExpired,LastLogonDate,EmployeeID,DisplayName,"msRTCSIP-UserEnabled",
"msDS-UserPasswordExpiryTimeComputed","extensionAttribute7",telephonenumber,targetaddress,distinguishedName

$niceDisplay = $user |
                Select-Object @{Expression={$_.Name};Label='User Name';},
                @{Expression={$_.UserPrincipalName};Label='Logon Name';},
                @{Expression={$_.DisplayName};Label='Display Name';},
                @{Expression={$_.Created};Label='Date Created';},
                @{Expression={$_.SamAccountName};Label='SamAccountName';} -InputObject $Name,
                Description,
                Enabled, 
                @{Expression={$_.LockedOut};Label='Locked';}, 
                @{Expression={$_.Mail}; Label='Email Address';}, 
                @{Expression={$_.passwordlastset};Label='PW Last Reset';},
                @{Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")};Label='Password Expiry';},
                @{Expression={$_.LastLogonDate};Label='Last Logon';}, 
                @{Expression={$_.PasswordExpired};Label='Password Expired';}, 
                @{Expression={$_.extensionAttribute7};Label='Contract Expires On';},
                @{Expression={$_.EmployeeID};Label='Employee ID';},
                @{Expression={$_."msRTCSIP-UserEnabled"};Label='Skype Enabled';},
                @{Expression={$_.telephonenumber};Label='Phone Number';},
                @{Expression={$_.targetaddress};Label='Email Forwarded To';},
                @{Expression={$_.distinguishedName};Label='Distinguished Name';} | Format-list | Out-String

$name = $User.SamAccountName

Hey! You answered another question I had in my mind, the ability to predefine filters for pipelines. That's awesome! I'm sure I can go on from here, now, and my intention was never to trash it in the first place! I've been desperately trying to save the information pulled from $User for quite some time. Thank you! — Spook City, Feb 20 '19 at 05:07

How do I input the SamAccountName from get-aduser?

2 Answers2

managers info

functions