Announcement

Collapse
No announcement yet.

Script to pull samaccount name then query cross-forest

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Script to pull samaccount name then query cross-forest

    Doing a cross-forest exchange/ad migration. Try to figure out a script to help determine SAMAccount names for linked mailboxes from the domain being migrated from. Basically all the users in the old domain were recreated in the target domain in a disabled state. So what i'm try to accomplish is this

    Stage 1

    Pull the samaccountname for all the mailboxes in the Source OUs in the AFSv domain. Then query the COM domain and export a list of the samaccountnames and DNs of the matching COM account

    Source OUs
    afsv.org/IS/Migration/COM/Users
    afsv.org/IS/Migration/COM/Terminated
    afsv.org/IS/Migration/COM/Disabled Accounts

    Expected Result: Exported listed of COM usernames and DNs for AFSV linked user mailboxes

    Stage 2
    Based upon the list returned in stage 1, find the accounts that are under the terminated parent OU (there are children) AND ALSO have a lastLoginTimestamp over 60 days.

    Terminated OU: OU=accounts to be removed,OU=IS,DC=com,DC=com,DC=net

    Expected Result: Exported list of usernames and DNs for AFSV user mailboxes that have a linked COM account that is in the terminated OU and has not been used in over 60 days


    Scripting is something I've not done much at all of, but I want to use this as an opportunity to learn as well. Thanks in advance

  • #2
    Re: Script to pull samaccount name then query cross-forest

    Not sure where you are looking for, but with powershell I think you can get it done easily.
    Personally I like the Quest AD tools for powershell which you can find here:
    http://www.quest.com/powershell/activeroles-server.aspx

    for example: getting user information from AD:
    get-qaduser | select displayName,sAMAccountName | export-csv c:\temp\users.csv

    There's even a complete wiki for get-qaduser
    http://wiki.powergui.org/index.php/Get-QADUser
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Script to pull samaccount name then query cross-forest

      thanks for that, yeah i see it can pull the samaccount name, but i want to also pull the DN for the linked mailbox accounts in a specific OU in the target domain then query the source domain with that list to create a new list with that info

      Comment


      • #4
        Re: Script to pull samaccount name then query cross-forest

        Get-Mailbox should do the trick.
        I've no exchange over here, but you might try this, or something like this
        If you use a csv file as import file, you can create if statements and such to add them to an array if you need to.

        Code:
        get-mailbox -organizationalunit "OU=OrgUnit,DC=Domain,dc=local" -resultsize unlimited | select displayname, alias, distinguishedname, islinked
        note, because I don't have exchange, i haven't tested it.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Script to pull samaccount name then query cross-forest

          ok, that makes sense, like i said i am very very new at scripting and i'm try to learn from this. So how would i import the csv file i get from the first part and then use to query the second?

          Comment


          • #6
            Re: Script to pull samaccount name then query cross-forest

            something like this might work... Again you gonna need to test it yourself of course


            Code:
            #New empty array
            $DN = @()
            #counter
            $i=0
            Import-csv -path c:\temp\blah.csv|  foreach-object
            { 
                get-mailbox -organizationalunit "OU=OrgUnit,DC=Domain,dc=local" -resultsize unlimited | Where-Object  {$_.islinked -eq $true}
                    If ( {$_.islinked -eq $true})
                        {
                              $DN[$i] += $_. distinguishedname
                              $i++
                        }
            }
            #show me the data.
            $DN
            Last edited by Dumber; 30th November 2012, 18:54.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment

            Working...
            X