Disable-QADComputer script

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 15 years and 1 month old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
scharique
Posts: 131
Last visit: Wed Dec 03, 2014 11:02 am

Disable-QADComputer script

Post by scharique »

I have a script that I use to import the computer accounts from CSV and disable them, I am trying to add the set-qadobject cmdlet to it so that I can add description.filter Disable-QADComputer{ if($PSVersionTable) { $_.psbase.directoryEntry.accountDisabled=$true $_.psbase.directoryEntry.commitChanges() $_ } else { $c = [ADSI]("LDAP://"+$_.distinguishedName) $c.psbase.invokeSet("accountDisabled",$true) $c.psbase.commitChanges() $c }}import-csv c:pscfi_computers.csv | foreach { Get-QADComputer -name $_.name | Disable-QADComputer } While above works fine, I am unable to turn it into this,filter Disable-QADComputer{

if($PSVersionTable)
{
$_.psbase.directoryEntry.accountDisabled=$true
$_.psbase.directoryEntry.commitChanges()
$_
}
else
{
$c = [ADSI]("LDAP://"+$_.distinguishedName)
$c.psbase.invokeSet("accountDisabled",$true)
$c.psbase.commitChanges()
$c
}
}

import-csv c:pscfi_computers.csv | foreach { Get-QADComputer -name $_.name | Set-QADObject -Description "Migrated to NA on $(Get-Date)"| Disable-QADComputer } This is the error I am getting while I run this.Exception calling "InvokeSet" with "2" argument(s): "Unknown error (0x80005000)"At C:PSdisable_computer_accounts_cfi.ps1:12 char:22+ $c.psbase.invokeSet( <<<< "accountDisabled",$true)out-lineoutput : Exception retrieving member "ClassId2e4f51ef21dd47e99d3c952918aff9cd": "Unknown error (0x80005000)"

scharique2009-01-30 13:10:57
User avatar
jhicks
Posts: 1789
Last visit: Mon Oct 19, 2015 9:21 am

Disable-QADComputer script

Post by jhicks »

You are confusing me here. The naming convention you are using for the filter matches the Quest AD cmdlets? Are you using them? They would make this much easier. Otherwise change the filter name to something like Disable-MyDomainComputer so there's no confusion, especially if you decide to start using the Quest cmdlets.

As for your problem, I expect Set-QADObject is writing an object to the pipeline that your filter isn't expecting. your filter is looking for a string. If your filter writes a distinguished name string to the pipeline, try switching things around. In the foreach pipe get-qadcomputer to your filter then to set-qadobject.

But again, if you are using the Quest cmdlets you should be able to disable and set the description with Set-QADobject.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Disable-QADComputer script

Post by jvierra »

Try this one:

Code: Select all

	
function disable-ADSIAccount( [string]$ldap_path ){
    $entry=[adsi]$ldap_path
    $flags=$entry.psbase.Properties[useraccountcontrol].Value
    $flags = $flags -bor 2
    $entry.psbase.Properties[useraccountcontrol].Value = $flags
    $entry.psbase.CommitChanges()
}
	
User avatar
scharique
Posts: 131
Last visit: Wed Dec 03, 2014 11:02 am

Disable-QADComputer script

Post by scharique »

I am not sure how to turn these new functions into filters. For now, can't I take the original filters I have on this thread, and define the set-qadobject to set the description, I can't figure out where it would go. Those filters and script works fine for me and disables the computer account. I just need to able to define the description.Thanks,
scharique2009-02-02 08:40:29
User avatar
jhicks
Posts: 1789
Last visit: Mon Oct 19, 2015 9:21 am

Disable-QADComputer script

Post by jhicks »

My last example was missing a closing }. This should work for you:

Code: Select all

$UF_ACCOUNTDISABLE=0X2 

Import-Csv c:pscfi_computers.csv | foreach { 
Get-QADComputer -name $_.name | 
Set-QADObject -Description "Migrated to NA on $(Get-Date)" `
-objectattributes @{"useraccountcontrol"=($_.useraccountcontrol -bor $UF_ACCOUNTDISABLE )}
}
You shouldn't need your filter functions at all. If the computer is already disabled nothing will really happen other than the description being updated. I tested the code within the ForEach construct and it works for me.
User avatar
jhicks
Posts: 1789
Last visit: Mon Oct 19, 2015 9:21 am

Disable-QADComputer script

Post by jhicks »

I don't know if it is really a matter of which is more advanced, but rather which is easier for you to use and understand. In this case, we could use cmdlets and their parameters in a pipelined expression go get everything done in a single line. Sometimes you can't. Or what you have to accomplish can get hard to follow in a one-liner so using some sort of function or script makes it easier.
This topic is 15 years and 1 month old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked