Remediating extension attributes

From MyWiki
Revision as of 11:32, 28 August 2014 by George2 (Talk | contribs)

Jump to: navigation, search

Step 1, generate a list of potential problem accounts
Get a list of users to check for the correct configuration of the ExtensionAtribute1 and ExtensionAtribute2 attributes
We can user serveral commands depending on the desired selection criteria, examples below:

List users created on a particular day: Get-QADUser -CreatedOn 2014/07/26 -searchroot "OU=Goldfinger_Users,DC=camping,DC=goldfinger,DC=ac,DC=uk" > user_list.txt
List users created within a date range Get-QADUser -CreatedAfter 2014/07/26 -CreatedBefore 2014/07/30 -searchroot "OU=Goldfinger_Users,DC=camping,DC=goldfinger,DC=ac,DC=uk" > user_list.txt
You will need to open the text file in and editor to remove the column headers and blank lines at the top, and any blank lines at the bottom.
It may also be deemed prudent to delete lines which refer to shared mailboxes

Step 2, run the script below taking the file generated above as its input
The first time the scripts run any remediation, if necessary will be carried out.
By running the script a second time it should be seen that the status of the accounts is now OK.
It is assumed that the Quest cmdlets have been installed and loaded and that we are logged into a Domain Controller with appropriate credentials


## Purpose - to populate the ExtensionAttribute1 and ExtensionAttribute2 attributes from data                                                                                                                  
##           in the "mail" and "Office" attributes                                                                                                                                           
## Note - Script does NOT check if the "mail" attribute is populated.                                                                                                                        
 
function update_ext_attrs ($ad_username)                                                                                                                                                     
{                                                                                                                                                                                            
 
Write-Host " We need to create the attributes for user $ad_username "                                                                                                                        
$its_user = $mail_attr.Split('@')[0]                                                                                                                                                         
write-host "The proposed ExtensionAttribute1 is $its_user"                                                                                                                                   
write-host "The proposed ExtensionAttribute2 is $office_attr"                                                                                                                                
write-host "Ready to configure the extension attributes for user $roy"                                                                                                                       
Get-QADUser $roy | Set-QADUser -objectAttributes @{extensionAttribute1=$its_user}                                                                                                            
Get-QADUser $roy | Set-QADUser -objectAttributes @{extensionAttribute2=$office_attr.toLower()}                                                                                               
 
 
}                                                                                                                                                                                            
 
 
$lines=Get-Content user_list.txt                                                                                                                                                             
    $lines |                                                                                                                                                                                 
     ForEach-Object{                                                                                                                                                                         
         $roy =   $_.Split(' ')[0]                                                                                                                                                           
        $ray = get-qaduser $roy -includeallproperties                                                                                                                                        
        $the_uid = $ray.uid                                                                                                                                                                  
        $mail_attr = $ray.mail                                                                                                                                                               
        $office_attr = $ray.Office                                                                                                                                                           
        $ext_length = $ray.extensionattribute1.length ## We take the length to determine is the ext attrs are populated.                                                                     
        $bog = $ray.extensionattribute1                                                                                                                                                      
        $nog = $ray.extensionattribute2                                                                                                                                                      
        Write-host "Username is $roy : uid is $the_uid :  ext1 length is $ext_length : ext1 attribute is $bog : ext2 is $nog  "                                                              
if ($ray.extensionattribute1.length -lt 2)                                                                                                                                                   
{                                                                                                                                                                                            
        update_ext_attrs($roy) # We call the function to populate the attributes                                                                                                             
}                                                                                                                                                                                            
}
Retrieved from "https://wiki.twig.es/index.php?title=Remediating_extension_attributes&oldid=851"