Powershell command til at finde bruger som er oprettet efter en givende dato, i eksemplet 1 maj 2017

 

Get-ADUser -Filter {SamAccountName -like "*"}  -Properties UserPrincipalName,displayname,EmailAddress,division,department,Company,streetAddress,City,postalCode,DistinguishedName,whencreated -SearchBase "OU=Users,DC=prod,DC=name,DC=localnet"  -Server Domaincontroler.name.localnet | ? { $_.whenCreated -ge (get-date "May 1, 2017")}| Select UserPrincipalName,displayname,division,department,Company,streetAddress,City,postalCode | Export-Csv $csvname 

Et par linjer kode til at teste for om et script er startet op med admin credenitials, scriptet er fundet på denne MS blog

 

If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
    [Security.Principal.WindowsBuiltInRole] “Administrator”))
{
    Write-Warning “You do not have Administrator rights to run this script!`nPlease re-run this script as an Administrator!”
    Break
}

Jeg har skulle skrive til windows evenloggen for at data kunne samles op af eventforward, her er hvordan man får oprettet en ny event source på den pæne måde og derefter skriver til denne. 



$EventlogSourceName = “MyJob”

if ([System.Diagnostics.EventLog]::SourceExists($EventlogSourceName) -eq $false) {

    New-EventLog –LogName Application –Source $EventlogSourceName

 }

   Write-EventLog –LogName Application –Source $EventlogSourceName –EntryType Information –EventID 1 –Message “My Event Message ” 

                

 

Lidt Powershell til at ryde op i mapper som ikke har haft file ændringer i x antal dage.
med mulighed hvor at definere antallet af dage via Registry value

 

#Days where nochanges have been in the folder.
$Days = (get-date).AddDays(-7)

# Time is used for Script test
$Time = (get-date).AddMinutes(-10)

$key = 'HKLM:\SOFTWARE\Policies\nethelp\Outlook'
$key = 'HKLM:\SOFTWARE\nethelp\Outlook'
$key = 'HKCU:\SOFTWARE\nethelp\Outlook'
if(test-path $key)
{
    $DaysTemp = (Get-ItemProperty -Path $key -Name DirAge).DirAge

    if ($DaysTemp)
    {
        $Days = (get-date).AddDays($DaysTemp)
         Write-host "Using Registry Value Calculated time"
        Write-Host "Compair date : " $Days
    }
    else
    {
        Write-host "Using deault Calculated time"
        Write-Host "Compair date : " $Days
    }
}



#Get-ChildItem C:\outlook | where-object {$_.lastwritetime -le $Days}  

$CleanupFolders = Get-ChildItem C:\outlook

foreach($Userdir in $CleanupFolders)
{
    Write-Host "Looking for changed Files in " $Userdir.FullName

   #$obj = Get-ChildItem $Userdir.FullName -Recurse | where-object {$_.lastwritetime -ge $Time}  
   $obj = Get-ChildItem $Userdir.FullName -Recurse | where-object {$_.lastwritetime -ge $days} 


   if ($obj)
   {
   Write-Host " Any File changed since " $time
   $obj
   }
   else
   {
   $obj
   Write-Host "Dir has not been used within defined time periode" $Days 
   Write-Host "Removing Dir : "  $Userdir.FullName
  # Remove-Item  $Userdir.FullName -Recurse -Force

   }

}

Et lille stykke powershell kode, da jeg havde behov for at holde en "offline" caching dir på C:\ i sync med brugere der have en profile på en maskine.

Såfremt at der ikke er en mappe af samme navn under CompairSource slettes denne på CompairTarget

 

$CompairSource = Get-ChildItem -path C:\users
$CompairTarget = Get-ChildItem -path C:\outlook
 
$DirConpair = Compare-Object -ReferenceObject $CompairSource -DifferenceObject $CompairTarget
 
#$DirConpair | Where-Object {$_.SideIndicator -eq "=>"} 
 
$DirConpair | foreach {
     if($_.SideIndicator -eq "=>") 
            { 
                Write-host "=>"
                    #$_.InputObject | gm
                   remove-item $_.InputObject.FullName -Force -Recurse
                   # $_ | GM
            } 
}