Difference between revisions of "Quest Active Directory and O365"

From MyWiki
Jump to: navigation, search
 
(28 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
'''In Powershell load the Quest snapin'''<br>
 
'''In Powershell load the Quest snapin'''<br>
 
Add-PSSnapin Quest.ActiveRoles.ADManagement<br>
 
Add-PSSnapin Quest.ActiveRoles.ADManagement<br>
To disconnect at the end of session : Disconnect-QADService<br>
 
 
$pw = read-host "Enter password" -AsSecureString<br>
 
$pw = read-host "Enter password" -AsSecureString<br>
connect-QADService -service 'SECRET'-ConnectionAccount 'SECRET'-ConnectionPassword $pw<br>
+
connect-QADService -service 'dc02.example.com'-ConnectionAccount 'DOMAIN\useracc'-ConnectionPassword $pw<br>
The following are examples of configuring the ProxyAddresses atribute :
+
To disconnect at the end of session : Disconnect-QADService<br><br>
$roy = get-qaduser gthom009
+
'''The following are examples of configuring the ProxyAddresses atribute :'''<br>
$roy | set-qaduser -objectAttributes @{ProxyAddresses=@{Update=@("SMTP:roy@globomantics.com")}}
+
$roy = get-qaduser abcde001<br>
$roy | set-qaduser -objectAttributes @{ProxyAddresses=@{Delete=@("SMTP:roy@globomantics.com")}
+
$roy | set-qaduser -objectAttributes @{ProxyAddresses=@{Update=@("SMTP:roy@globomantics.com")}}<br>
$roy | set-qaduser -objectAttributes @{ProxyAddresses=@{Append=@("smtp:george2@bold.ac.uk")}}  
+
$roy | set-qaduser -objectAttributes @{ProxyAddresses=@{Delete=@("SMTP:roy@globomantics.com")}<br>
The following sets the users password. <br>
+
$roy | set-qaduser -objectAttributes @{ProxyAddresses=@{Append=@("smtp:george2@bold.ac.uk")}} <br><br>
Set-QADUser <user> -UserPassword “Password”<br>
+
'''The following sets the users password.''' <br>
'''Unlocking a user''' unlock-QADUser 'MyDomain\JSmith'<br>
+
Set-QADUser <user> -UserPassword “Password”<br><br>
 +
'''Unlocking a user'''<br>
 +
unlock-QADUser 'MyDomain\JSmith'<br>
 +
Unlock-QADUser DSotnikov<br><br>
 +
'''Setting Extensionattributes'''<br>
 +
Get-QADUser user1 | Set-QADUser -objectAttributes @{extensionAttribute1="your value"}<br><br>
 +
'''Change account expiry dates'''<br>
 +
get-qaduser -AccountExpiresafter  2014/07/26 -AccountExpiresbefore 2014/08/02 | set-qaduser -accountexpires 2030/07/26<br><br>
 +
'''Get all disabled accounts'''<br>
 +
Get-QADUser -Disabled<br><br>
 +
'''Get all locked accounts in the accounting department'''<br>
 +
Get-QADUser -Locked -Department Accounting<br><br>
 +
'''Examples of get-QADGroup'''<br>
 +
Display the description of the 'SuperAdmins' group in domain ss64Dom<br>
 +
PS C:>(get-QADGroup 'ss64Dom\SuperAdmins').DirectoryEntry.description<br>
 +
Using an LDAP search filter, display all the groups whose description starts with an 's'<br>
 +
PS C:> get-QADGroup -SearchRoot 'ss64.com/sampleOU' -LdapFilter '(description=s*)'<br>
 +
List all distribution groups in a specific OU container:<br>
 +
PS C:> get-QADGroup -SearchRoot 'ss64.com/sampleOU' -GroupType 'Distribution' ( Security ??? ) <br>
 +
Retrieve groups from a particular container that have the user usr1021 as a direct or indirect member:<br>
 +
PS C:> get-QADGroup -SearchRoot '<DN of container>' -ContainsIndirectMember 'ss64Dom\usr1021'<br><br>
 +
 
 +
----
  
 
'''To connect to Office365'''<br>
 
'''To connect to Office365'''<br>
Line 18: Line 39:
 
Import-PSSession $O365Session<br>
 
Import-PSSession $O365Session<br>
 
Connect-MsolService -Credential $O365Cred<br>
 
Connect-MsolService -Credential $O365Cred<br>
'''Unlock a specific user account'''<br>
 
Unlock-QADUser DSotnikov<br>
 
'''Extensionattributes'''<br>
 
Get-QADUser user1 | Set-QADUser -objectAttributes @{extensionAttribute1="your value"}<br>
 
  
'''Get all disabled accounts'''<br>
 
Get-QADUser -Disabled<br>
 
'''Get all locked accounts in the accounting department'''<br>
 
Get-QADUser -Locked -Department Accounting<br>
 
'''Examples of get-QADGroup'''<br>
 
Display the description of the 'SuperAdmins' group in domain ss64Dom
 
PS C:>(get-QADGroup 'ss64Dom\SuperAdmins').DirectoryEntry.description
 
Using an LDAP search filter, display all the groups whose description starts with an 's'
 
PS C:> get-QADGroup -SearchRoot 'ss64.com/sampleOU' -LdapFilter '(description=s*)'
 
List all distribution groups in a specific OU container:
 
PS C:> get-QADGroup -SearchRoot 'ss64.com/sampleOU' -GroupType 'Distribution' ( Security ??? )
 
Retrieve groups from a particular container that have the user usr1021 as a direct or indirect member:
 
PS C:> get-QADGroup -SearchRoot '<DN of container>' -ContainsIndirectMember 'ss64Dom\usr1021'
 
  
'''Mailboxes with forwarders'''<br>
+
'''To find mailboxes with forwarders'''<br>
 
Get-Mailbox -ResultSize Unlimited | select UserPrincipalName,ForwardingSmtpAddress,DeliverToMailboxAndForward | Export-csv .\users.csv -NoTypeInformation
 
Get-Mailbox -ResultSize Unlimited | select UserPrincipalName,ForwardingSmtpAddress,DeliverToMailboxAndForward | Export-csv .\users.csv -NoTypeInformation
'''Change account expiry dates'''
 
get-qaduser -AccountExpiresafter  2014/07/26 -AccountExpiresbefore 2014/08/02 | set-qaduser -accountexpires 2030/07/26
 

Latest revision as of 10:06, 27 April 2015

In Powershell load the Quest snapin
Add-PSSnapin Quest.ActiveRoles.ADManagement
$pw = read-host "Enter password" -AsSecureString
connect-QADService -service 'dc02.example.com'-ConnectionAccount 'DOMAIN\useracc'-ConnectionPassword $pw
To disconnect at the end of session : Disconnect-QADService

The following are examples of configuring the ProxyAddresses atribute :
$roy = get-qaduser abcde001
$roy | set-qaduser -objectAttributes @{ProxyAddresses=@{Update=@("SMTP:roy@globomantics.com")}}
$roy | set-qaduser -objectAttributes @{ProxyAddresses=@{Delete=@("SMTP:roy@globomantics.com")}
$roy | set-qaduser -objectAttributes @{ProxyAddresses=@{Append=@("smtp:george2@bold.ac.uk")}}

The following sets the users password.
Set-QADUser <user> -UserPassword “Password”

Unlocking a user
unlock-QADUser 'MyDomain\JSmith'
Unlock-QADUser DSotnikov

Setting Extensionattributes
Get-QADUser user1 | Set-QADUser -objectAttributes @{extensionAttribute1="your value"}

Change account expiry dates
get-qaduser -AccountExpiresafter 2014/07/26 -AccountExpiresbefore 2014/08/02 | set-qaduser -accountexpires 2030/07/26

Get all disabled accounts
Get-QADUser -Disabled

Get all locked accounts in the accounting department
Get-QADUser -Locked -Department Accounting

Examples of get-QADGroup
Display the description of the 'SuperAdmins' group in domain ss64Dom
PS C:>(get-QADGroup 'ss64Dom\SuperAdmins').DirectoryEntry.description
Using an LDAP search filter, display all the groups whose description starts with an 's'
PS C:> get-QADGroup -SearchRoot 'ss64.com/sampleOU' -LdapFilter '(description=s*)'
List all distribution groups in a specific OU container:
PS C:> get-QADGroup -SearchRoot 'ss64.com/sampleOU' -GroupType 'Distribution' ( Security ??? )
Retrieve groups from a particular container that have the user usr1021 as a direct or indirect member:
PS C:> get-QADGroup -SearchRoot '<DN of container>' -ContainsIndirectMember 'ss64Dom\usr1021'

To connect to Office365
$O365Cred = Get-Credential
$O365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
Import-PSSession $O365Session
Connect-MsolService -Credential $O365Cred


To find mailboxes with forwarders
Get-Mailbox -ResultSize Unlimited | select UserPrincipalName,ForwardingSmtpAddress,DeliverToMailboxAndForward | Export-csv .\users.csv -NoTypeInformation

Retrieved from "https://wiki.twig.es/index.php?title=Quest_Active_Directory_and_O365&oldid=1943"