When specifying the PowerShell command string, you can include other variables configured in separate actions within the rule, as necessary. In the Enter string field, specify the PowerShell command string you want to use, enclosed in quotation marks. In the Specify value type field, select string. In the Select object field, select Current object.
In the Select mode field, select add to current operation. In the Do field under Define new action below, select add destination attribute value. In the toolbar, click Rule and select Action > Insert Action After. In the Policy Builder, select the location where you want to create the PSExecute attribute. In Designer, right-click the policy in the Outline view and select Edit. 'ou=active,ou=workforce,dc=w2008r2vm,dc=com' Name "Robin Bigby" -AccountPassword (ConvertTo-SecureString -AsPlainText Specifically, the PSExecute attribute must include XDS code similar to the following example, where the tag includes the PowerShell command string: However, if you include a cmdlet in a Modify event, ensure that you use the XDS format for constructing that type of event and including the PSExecute attribute.
You can also create rules to include PowerShell cmdlets in other types of events. Note that the example rule above is used for including a PowerShell cmdlet in an Add event. Īdding PSExecute to Disable New User Account Our next section is similar, except it concerns the account closure date.The following is a sample rule created in an Active Directory driver policy that allows an administrator to disable a newly-created user account in Active Directory using the Disable-ADAccount cmdlet. You can identify an account by its distinguished name, GUID, security identifier (SID), or Security Accounts. The Identity parameter specifies the Active Directory user, computer service account, or other service account that you want to disable. If it is found, we move on if not, we prompt to enter the username again. The Disable-ADAccount cmdlet disables an Active Directory user, computer, or service account. Here we have imported the ActiveDirectory and Exchange PowerShell tools and prompted for the username of the account we wish to close, and then checked for that username in Active Directory. $checkUser = (Get-AdUser $userName).SamAccountName $userName = Read-Host -Prompt "Enter UserName of User Account to Close" Import-Module ActiveDirectory Add-PSSnapin Microsoft.Exchange* Next, we use a series of "do" actions to collect some basic information about the user account. This section of code allows us to specify a filename to save our scheduled leavers in and if the file does not exist, create it along with the correct column headers. $scheduleCSV = "c:\scripts\scheduleLeaver.csv"Īdd-Content $scheduleCSV "UserName,Date,Time,Email"
First off, we need to gather some information about the user who is leaving and store that information for use at our scheduled time.
0 kommentar(er)
