Remediating extension attributes

From MyWiki
Revision as of 14:51, 4 September 2014 by George2 (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Step 1, generate a list of potential problem accounts
Get a list of users to check for the correct configuration of the ExtensionAtribute1 and ExtensionAtribute2 attributes
We can user serveral commands depending on the desired selection criteria, examples below:
Edit appropriately Optional
List users created on a particular day: Get-QADUser -Enabled -SizeLimit <int> -CreatedOn 2014/07/26 -searchroot "OU=Goldfinger_Users,DC=camping,DC=goldfinger,DC=ac,DC=uk" > user_list.txt
List users created within a date range Get-QADUser -Enabled -SizeLimit <int> -CreatedAfter 2014/07/26 -CreatedBefore 2014/07/30 -searchroot "OU=Goldfinger_Users,DC=camping,DC=goldfinger,DC=ac,DC=uk" > user_list.txt
You will need to open the text file in an editor to remove the column headers and blank lines at the top, and any blank lines at the bottom.

Step 2, run the script below, which reads the file generated above.
The first time the scripts run any remediation, if necessary will be carried out.
By running the script a second time it should be seen that the status of the accounts is now OK.
It is assumed that the Quest cmdlets have been installed and loaded and that we are logged into a Domain Controller with appropriate credentials


## Purpose - to populate the ExtensionAttribute1 and ExtensionAttribute2 attributes from data                                                                                                          
##           in the "mail" and "Office" attributes                                                                                                                                   
## Note - Script does NOT check if the "mail" attribute is populated.                                                                                                                
 
function update_ext_attrs ($ad_username)                                                                                                                                             
{                                                                                                                                                                                    
write-host "The username passed to the function is $roy"                                                                                                                             
write-host "The username passed to the function is $ad_username"                                                                                                                     
 
 
Write-Host " We need to create the attributes for user $ad_username "                                                                                                                
$its_user = $mail_attr.Split('@')[0]                                                                                                                                                 
write-host "The proposed ExtensionAttribute1 is $its_user"                                                                                                                           
write-host "The proposed ExtensionAttribute2 is $office_attr"                                                                                                                        
write-host "Ready to configure the extension attributes for user $roy"                                                                                                               
Get-QADUser "$roy"    | Set-QADUser -objectAttributes @{extensionAttribute1=$its_user}                                                                                               
Get-QADUser "$roy"    | Set-QADUser -objectAttributes @{extensionAttribute2=$office_attr.toLower()}                                                                                  
 
 
}                                                                                                                                                                                    
 
 
$lines=Get-Content user_list.txt                                                                                                                                                     
    $lines |                                                                                                                                                                         
     ForEach-Object{                                                                                                                                                                 
         $rby =   $_                                                                                                                                                                 
         $ray = $rby -Split('     ')                                                                                                                                                 
         $roy = $ray[0]                                                                                                                                                              
 
 
        $ray = get-qaduser $roy -includeallproperties                                                                                                                                
        $the_uid = $ray.uid                                                                                                                                                          
        $mail_attr = $ray.mail                                                                                                                                                       
        $office_attr = $ray.Office                                                                                                                                                   
        $ext_length = $ray.extensionattribute1.length ## We take the length to determine is the ext attrs are populated.                                                             
        $bog = $ray.extensionattribute1                                                                                                                                              
        $nog = $ray.extensionattribute2                                                                                                                                              
        Write-host "Username is $roy : uid is $the_uid :  ext1 length is $ext_length : ext1 attribute is $bog : ext2 is $nog  "                                                      
if ($ray.extensionattribute1.length -lt 2)                                                                                                                                           
{                                                                                                                                                                                    
        update_ext_attrs("$roy") # We call the function to populate the attributes                                                                                                   
}                                                                                                                                                                                    
}
Retrieved from "https://wiki.twig.es/index.php?title=Remediating_extension_attributes&oldid=884"