Hello Everyone,
So I work as HelpDesk where I created a script that search AD Users and their information. Such as Name, Logon username, Category, Job Title, Department, Email, cellphone, work phone, iphone, Password Expired, Locked Out, Lock Out Time, Account
Enabled, Account Expiration Date, etc.
But the business I am working have 2 Domains, but sometimes give me 2 errors:
1st One:
dsquery failed:The parameter is incorrect.:Incorrect object type specified.
type dsquery /? for help.
This means that the same user was found on both domains but show only 1st Domain Information.
2nd One:
dsquery failed:The parameter is incorrect.:Incorrect object type specified.
type dsquery /? for help.
Get-ADuser : Cannot find an object with identity: 'username' under: 'DC=example,DC=example,DC=example'.
At C:\Users\MyUser\EmployeesInfo.ps1:51 char:14
+ $Employee = Get-ADuser $UserName -Properties *, 'msDS-UserPasswordExpiryTimeCom ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (username:ADUser) [Get-ADUser], ADIdentityNotFoundException
+ FullyQualifiedErrorId : Cannot find an object with identity: 'username' under: 'DC=example,DC=example,DC=example'.,Microsoft.ActiveDirectory.Management.Commands.GetADUser
This means that the user was found on 1st domain but not on 2nd one.
What I wanted is if the user is found on 1st domain will display the information, if not will search on 2nd Domain (example), and if both users are found on both domains will display the information of both domains with a warning that can see where the information
is come from:
Example:
This is from 1st Domain:
*Information*
This is from 2nd Domain:
*Information*
Here's the code I currently have:
Function Get-EmployeeInfo {
[CmdletBinding()]
Param(
[Parameter(Mandatory = $True, Position = 1)]
[string]$UserName
)
Import-Module ActiveDirectory
$Employee = Get-ADuser $UserName -Properties *, 'msDS-UserPasswordExpiryTimeComputed'
$Manager = (Get-ADUser $Employee.samaccountname)
$PasswordExpiry = [datetime]::FromFileTime($Employee.'msDS-UserPasswordExpiryTimeComputed')
if (dsquery Employee -samid $Employee){
$AccountInfo = [PSCustomObject]@{
FirstName = $Employee.givenName
LastName = $Employee.sn
Name = $Employee.DisplayName
UserName = $Employee.sAMAccountName
Category = $Employee.businessCategory
Title = $Employee.Title
Department = $Employee.Department
Email = $Employee.EmailAddress
ipPhone = $Employee.ipPhone
Mobile = $Employee.mobile
HomePhone = $Employee.homePhone
Company = $Employee.company
}
$AccountStatus = [PSCustomObject]@{
PasswordExpired = $Employee.PasswordExpired
AccountLockedOut = $Employee.LockedOut
LockOutTime = $Employee.AccountLockoutTime
AccountEnabled = $Employee.Enabled
AccountExpirationDate = $Employee.AccountExpirationDate
PasswordLastSet = $Employee.PasswordLastSet
PasswordExpireDate = $PasswordExpiry
}
$AccountInfo
$AccountStatus
} else {
$Employee = Get-ADuser $UserName -Properties *, 'msDS-UserPasswordExpiryTimeComputed' -server example
$Manager = (Get-ADUser $Employee.samaccountname)
$PasswordExpiry = [datetime]::FromFileTime($Employee.'msDS-UserPasswordExpiryTimeComputed')
$AccountInfoExample = [PSCustomObject]@{
Name = $Employee.DisplayName
UserName = $Employee.sAMAccountName
Category = $Employee.businessCategory
Title = $Employee.Title
Department = $Employee.Department
Email = $Employee.EmailAddress
ipPhone = $Employee.ipPhone
Mobile = $Employee.mobile
HomePhone = $Employee.homePhone
Company = $Employee.company
}
$AccountStatusExample = [PSCustomObject]@{
PasswordExpired = $Employee.PasswordExpired
AccountLockedOut = $Employee.LockedOut
LockOutTime = $Employee.AccountLockoutTime
AccountEnabled = $Employee.Enabled
AccountExpirationDate = $Employee.AccountExpirationDate
PasswordLastSet = $Employee.PasswordLastSet
PasswordExpireDate = $PasswordExpiry
}
$AccountInfoTin
$AccountStatusTin
}
}
Thank You all.