Category Archives: PowerShell

Using Powershell to get a list of user IDs from AD

PowerShell,

One of my network admin friends needed an easy way to provide some users with a list of names vs AD account names.

In many organizations, this is easy to guess, for example if my name is  Jack Basement, my id might be jbasement, but in this case, it wasn’t that easy so we needed to go to AD.

There are AD cmdlets, but they are not in powershell by default.

If you have the Remote Server Administration Tools for Windows 7 installed, then you’ll find a link to “Active Directory Module for Windows PowerShell” in your administrator tools menu.

 

Using that we can easily get a list of the users needed and select just the columns we want

for example

Get-ADUser -identity domainuser #gets info on that user

Get-ADUser -filter {name - like "jack*"} #returns all the people named Jack

We can combine that with the select statement such as this:

Get-ADUser -filter {name - like "jack*"} | Select name, SamAccountname

Which gives us a nice list

and

Get-ADUser -filter {name - like "jack*"} | Select name, SamAccountname | convertto-csv

which will out put it as a comma separated CSV (Perfect for importing into Excel)

and

Get-ADUser -filter {name - like "jack*"} | Select name, SamAccountname | convertto-csv | out-file userlist.txt

which outputs the same thing, but to a file.

 

Now one neat trick, is that often you want to output all the users of a group in AD (technically this is called an Organizational Unit, or OU)

There is an LDAP filter type we can use for this

Whats cool here is that LDAP filters are sometimes a pain to get “just right” so we can cheat:

We can use the distinguished name of a known user in that group and grab the group from that

so for example

Get-ADUser -identity domainbJack

results in a bunch of output, the first field is the distingished name and we can copy and paste that for our next command

Get-ADUser -filter * -SearchBase = "OU=mygroup,DC=basementjack,DC=com"

this outputs all the users in that OU

again we can chain for flexibility

Get-ADUser -filter * -SearchBase = "OU=mygroup,DC=basementjack,DC=com" select name, SamAccountName | sort-object name

 

Lastly don’t forget get-help

Get-Help Get-ADUser -examples

shows a few good examples.
 

Cleaning up Newsgator controls from SharePoint

PowerShell, SharePoint

On our farm, we have multiple URLS, multiple site collections etc.

One of them has a social add in called newsgator social sites.

I kept seeing errors in the ULS logs of other sites saying things like:

Failed to create a custom control from assembly ‘NewsGator.NewsManager.Web’ .. The type is not registered as safe.

I know from experience that this means the control isn’t listed in the web.config for the given site, nor should it be – I don’t have, nor want newsgator to have anything to do with the site in question.

I also know that the errors aren’t really hurting anything, but if nothing else they are making the ULS logs a little bigger and honestly, I don’t want a farm that has known errors in it.

So I set out to understand where they were coming from and how to safely get rid of them.

Finding these in the ULS logs

They are all over our ULS logs, but it’s nice to have  a quick way to validate if they are still there so I did a search with the windows Findstr command:

findstr /C:"is not allowed for web" *.log

 

The first thing I wanted to do was see if there was an obvious, easy fix – ie from site settings, site features, or site collection features, is there a newsgator feature that’s enabled that I can just turn off?

I tried this and no, there wasn’t

The solution turned out to be painfully simple.

In the ULS logs, there were entries like this:

Failed to create a custom control 'CustomMenu_NewsStreamAdmin', feature 'NewsGator.NewsManager_Actions' (id:16c89384-881d-44aa-a6f5-f66301596851) using attributes (ControlSrc='', ControlAssembly='NewsGator.NewsManager.Web, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a1b9791f4e4509c7', ControlClass='NewsGator.NewsManager.Web.NewsStreamAdminActions': System.ArgumentException: The control with assembly name 'NewsGator.NewsManager.Web, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a1b9791f4e4509c7' class name 'NewsGator.NewsManager.Web.NewsStreamAdminActions' is not allowed for web
at URL 'https://nonnewsgatorsite.mydomain.com'. The type is not registered as safe.

The error above is always paired with another less descriptive error – but the error above turns out to have all the information we need – the id. (In this case id 16c89384-881d-44aa-a6f5-f66301596851)

In powershell, Get-SPFeature will list all the features on the farm – in my case it showed the above ID.

Now, given that newsgator is legitimately installed on our farm and on ONE web application (URL) I didn’t want to remove it from the farm!

What was helpful was the command:

get-spfeature  -webapplication https://myurl.mydomain.com

This showed that the feature was associated with that web application and it also showed that it was webapplication scoped.

So next I used the command

Disable-SPFeature -Identity 16c89384-881d-44aa-a6f5-f66301596851 -URL https://myurl.mydomain.com

I had to do this for a few different features – pulling the ID from the ULS logs and running the disable command- While I’m sure it potentially could be automated, I preferred handling it “Hands On” doing them one at a time and confirming my SharePoint sites still worked as expected.

After that, the errors in the ULS log stopped for that site, and get-spfeature -webapplication https://myurl.mydomain.com no longer showed that feature.

It was a great feeling to get these nagging recurring ULS entries to stop!

Update: This post from Phil Childs’ excellent Get-SPScripts site has a more robust script for finding a feature in a farm and removing it everywhere if that is needed. (note that is a different use case than the one above so be sure to understand what the script does before running it!)

 

Simple Powershell script connect to servers as a different user

PowerShell

A common practice in IT is to have a separate admin account to connect to servers.

Often in day to day administration of SharePoint servers, it’s necessary to connect to the c$ or d$ share to look at a log file, copy an installer, etc…

You can do this from windows, and it will usually prompt you for credentials, but that can be a pain if you regularly connect to a bunch of machines that need different credentials.

This script will prompt you for a password, then use that password along with a pre-defined user account and server list to connect you to each server in advance.

function mapdrives
{
   #Update these variables for your environment:
   $account = "domainuseraccout"
   $serverlist = @("Server1", "Server2", "Server3", "Etc...")

   $SecurePwd = read-host -assecurestring "Enter password for $account"
   $pwd = ConvertTo-PlainText($SecurePwd)

   foreach ($Server in $ServerList)
     {
        net use \$server /d
        net use \$Server /user:$account $pwd
     }
   write-host "Done mapping drives"  
}

# This function came from Oisin Grehan, MVP 
# via:  http://www.vistax64.com/powershell/159190-read-host-assecurestring-problem.html
Function ConvertTo-PlainText( [security.securestring]$secure ) 
{
   $marshal = [Runtime.InteropServices.Marshal]
   $marshal::PtrToStringAuto( $marshal::SecureStringToBSTR($secure) )
}

mapdrives