Advice on Active Directory / Powershell?

smitty-werbenjagermanjensen · 2019-02-27T20:55:45.000Z

Hi Spiceworks,

First time poster, and aspiring IT project lead. I was tasked with migrating our wonky user-network drive solution to OneDrive, one of the steps will involve a task sequence of moving users and their computers to a different OU. In Active Directory computers are labelled with their appropriate users in the “description” field, I want to update the “managed by” field with the “description” field’s current contents. Here is my preliminary efforts, I’ve tried a few different options but this seems to be the most concise.

$OU = "OU=Test,OU=Example,DC=Domain,DC=local"
$ComputerNames = Get-ADComputer -Filter * -SearchBase "$OU" | Select

FOREACH ($Computer in $ComputerNames) {

$asdf = Get-ADComputer -Identity $Computer -Properties Description | Select Description

Set-ADComputer $Computer -ManagedBy ($asdf)

Any and all insight is very much appreciated, thank you much!

Neally · 2019-02-27T20:56:57.000Z

Welcome!

What exactly is not working or the error you are getting with the code you have?

If you post code, please use the ‘Insert Code’ button. Please and thank you!

PLEASE READ BEFORE POSTING! Read if you're new to the PowerShell forum! Programming & Development

Hi, and welcome to the PowerShell forum! Don’t apologize for being a “noob” or “newbie” or “n00b.” There’s just no need – nobody will think you’re stupid, and the forums are all about asking questions. Just ask! Use a descriptive subject. Don’t say “Need help” or “PowerShell Help”, actually summarize what the problem is. It helps the rest of us keep track of which problem is which. Don’t post massive scripts. We’re all volunteers and we don’t have time to read all that, nor will we copy…

edwineekelaers2 · 2019-02-27T21:02:17.000Z

Have you forgotten a bit here? What are you trying to select as you don’t specify it.

$ComputerNames = Get-ADComputer -Filter * -SearchBase "$OU" | Select

Neally · 2019-02-27T21:06:22.000Z

summat like so?

$OU = "OU=Test,OU=Example,DC=Domain,DC=local"
$ComputerNames = Get-ADComputer -Filter * -SearchBase $OU -Properties description

FOREACH ($Computer in $ComputerNames) {
    # add possible a check if that username is in AD?
    Set-ADComputer $Computer -ManagedBy $computer.description
}

jitensh · 2019-02-28T07:49:35.000Z

to set managed by you need samaaccount or distinguished name of users besides that managed by should only be name not any other info if you have in as description try this


```
$ou='OU=xx,DC=domain,DC=com'
$computernames=Get-ADComputer -Filter "Description -like '*'" -SearchBase $ou -Prop Description
ForEach($computer in $computernames){
$des=Get-ADUser -Filter "name -like '$($computer.Description)'"|Foreach{$_.samaccountname}
Set-ADComputer $computer.Name -ManagedBy $des
}
```

if samaaccountname

$ou='OU=xx,DC=domain,DC=com'
$computernames=Get-ADComputer -Filter "Description -like '*'" -SearchBase $ou -Prop Description
ForEach($computer in $computernames){

Set-ADComputer $computer.Name -ManagedBy $computer.description
}

smitty-werbenjagermanjensen · 2019-02-28T12:53:22.000Z

Set-ADComputer : Identity info provided in the extended attribute: 'ManagedBy' could not be resolved. Reason: 'Cannot find an object 
with identity: 'John Doe' under: 'DC=Domain,DC=local'.'.
At line:5 char:1
+ Set-ADComputer $computer.Name -ManagedBy $computer.description
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (1KV2L12:ADComputer) [Set-ADComputer], ADIdentityResolutionException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityResolutionException,Microsoft.Act 
   iveDirectory.Management.Commands.SetADComputer

I tried a number of your guys’ suggestions - and I appreciate them all very much! I was still running into issues though… This is the red-text was receiving from some of the previously mentioned ideas. What I don’t understand though is why it’s not recognizing John Doe, when he’s in the same OU as the computer I’m currently attempting to adjust ManagedBy on. Any ideas, gentlemen?

Thank you all once again, for your expertise!

jykaellabbe-morin · 2019-02-28T13:54:09.000Z

Hello there!

I tried this script and it was working.

$OU = "OU=Test,OU=Example,DC=Domain,DC=local"
$Computers = Get-ADComputer -Properties * -Filter * -SearchBase $OU 

ForEach($Computer in $Computers)
{
	Set-ADCComputer -Identity $Computer.Name -ManagedBy $Computer.Description
}

However, your problem seems to be about your description.

From what I understood, you have, in the description field, the FullName of a user.

The only way I was able to make it work was when the description field was the Username instead of the FullName.

If it is the case, here’s an example of a script to change the description field to the wanted username.

$Computers = Get-ADComputer -Properties * -Filter * -SearchBase $OU 

ForEach($Computer in $Computers)
{
	if($Computer.Description -eq 'John Doe')
	{
		Set-ADComputer -Identity $Computer.Name -Description 'DoeJoh01'
	}
}

iananthony · 2019-02-28T18:24:03.000Z

Here’s what I would do -

$OU = "OU=Test,OU=Example,DC=Domain,DC=local"

$Computers = Get-ADComputer -Filter * -SearchBase $OU -Properties Description

FOREACH ($C in $Computers) {

    $matchProperty = 'DisplayName' # change if want to match Description to a different user attribute

    try
    {
        $filter = "$matchProperty -like '$($c | Select -ExpandProperty Description)'" # filters work best if you pass the whole filter as a string
        $User= @() # clear the variable
        $User= Get-ADUser -Filter $filter
    }
    catch
    {
        # do nothing, because an error on Get-ADUser is acceptable, and the -ErrorAction parameter on AD cmdlets is ignored.
    }

    if ($User) 
    {
        Write-Output -InputObject "Setting $($C.Name) to '$($User.DistinguishedName)'"
        Set-ADComputer -Identity $C -ManagedBy $User.DistinguishedName 
    }
    else
    {
        Write-Warning -Message "Could not match description for $($c.name) '$($c.description)' to a user account"
    }
}

You might want to run this script multiple times, so to ensure you’re not updating all the Computer objects that are already set correctly you could do this -

$OU = "OU=Test,OU=Example,DC=Domain,DC=local"

$Computers = Get-ADComputer -Filter * -SearchBase $OU -Properties Description, ManagedBy

FOREACH ($C in $Computers) {

    $matchProperty = 'DisplayName' # change if want to match Description to a different user attribute 

    try
    {
        $filter = "$matchProperty -like '$($c | Select -ExpandProperty Description)'" 
        $User= @()
        $User= Get-ADUser -Filter $filter
    }
    catch
    {
        # do nothing, because an error on Get-ADUser is acceptable, and the -ErrorAction parameter on AD cmdlets is ignored.
    }

    if ($User) 
    {
        If ($user.DistinguishedName -eq $C.ManagedBy)
        {
            Write-Verbose -Message "Skipped $($c.name). Already set correctly." -Verbose # remove the -verbose to hide this output
        }
        else
        {
            Write-Output -InputObject "Setting $($C.Name) to '$($User.DistinguishedName)'"
            Set-ADComputer -Identity $C -ManagedBy $User.DistinguishedName 
        }
    }
    else
    {
        Write-Warning -Message "Could not match description for $($c.name) '$($c.description)' to a user account"
    }
}

And remember to put the “-WhatIf” flag on the Set-ADComputer command on the first run to see what impact it would have, and logic check what it would do.