iamtheky

Ps CLI

10 posts in this topic

#1 ·  Posted (edited)

You must have the ActiveDirectory module available for import (usually done by installing RSAT). 

In reply to a question posed on the AD UDF thread.   How to dump an array of users from AD with a partial Last Name:

#include <AutoItConstants.au3>
#include <Array.au3>


$sName = inputbox("Get AD User Info" , "AD Lastname (or partial)")
$sName = "*" & $sName & "*"
$sCommands = "powershell -Command import-module ActiveDirectory; Get-ADUser -LDAPfilter '(name=" & $sName & ")'"
$iPID = Run(@ComSpec & " /c " & $sCommands, "", @SW_SHOW , $stdout_child)

$sOutput = ""

 While 1
        $sOutput &= StdoutRead($iPID)
        If @error Then 
            ExitLoop
        EndIf
 WEnd


$aOut = stringsplit($sOutput, @LF , 2)

for $i = ubound($aOut) - 1 to 0 step -1
    $aOut[$i] = StringStripWS($aOut[$i] , 8)
    If stringinstr($aOut[$i] , "GivenName") And Stringright($aOut[$i] , 1) <> ":" Then
        $aOut[$i] = stringtrimleft($aOut[$i] , 10)
    ElseIf stringinstr($aOut[$i] , "Surname") And Stringright($aOut[$i] , 1) <> ":" Then
        $aOut[$i] = stringtrimleft($aOut[$i] , 8)
    Else
        _ArrayDelete($aOut , $i)
    EndIf
next

;~ _ArrayDisplay($aOut)
Local $aFullName[0]

For $i = 0 to ubound($aOut) - 1 step 2
    _ArrayAdd ($aFullName , $aOut[$i] & " " & $aOut[$i + 1])
Next

$aFullNameUnique = _ArrayUnique($aFullName, 0 ,0 ,0 ,0)
_ArrayDisplay($aFullNameUnique)
Edited by iamtheky
1 person likes this

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

User - Full Properties to Log

#include <AutoItConstants.au3>

$sName = inputbox("Get AD User Info" , "AD Name")
$sCommands = 'powershell -Command "import-module ActiveDirectory; get-aduser ' & $sName & ' -properties *"'
$iPID = Run(@ComSpec & " /c " & $sCommands, "", @SW_SHOW , $stdout_child)

$sOutput = ""

 While 1
        $sOutput &= StdoutRead($iPID)
        If @error Then
            ExitLoop
        EndIf
    WEnd

 $fOut = @ScriptDir & "\AD_LOGS\ADuser_" & $sName & "_" & @MON & @MDAY & @Year & "_" & @HOUR & @MIN & ".txt"

$fLog = FileOpen($fOut , 10)
FileWrite($fLog , $sOutput)
FileClose($fLog)

shellexecute($fOut)
Edited by boththose

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

Log the last boot time for all Computers listed in AD.  Should probably be executed with DA rights if you hope to run the WMI query on all computers.

#include <AutoItConstants.au3>
#include <Array.au3>
#include <File.au3>


$sCommands = 'powershell -Command import-module ActiveDirectory; "Get-ADComputer -Filter * | Select -Expand Name"'
$iPID = Run(@ComSpec & " /c " & $sCommands, "", @SW_SHOW , $stdout_child)

$sOutput = ""

 While 1
        $sOutput &= StdoutRead($iPID)
        If @error Then
            ExitLoop
        EndIf
 WEnd

$aOut = stringsplit($sOutput, @LF , 2)


For $i = 0 to ubound($aOut) - 1

$strComputer = StringStripWS($aOut[$i], 8)  

$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20

$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
If @Error Then
    $sUptime = "UNREACHABLE"
Else
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_OperatingSystem", "WQL", _
                                          $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

If IsObj($colItems) then
   For $objItem In $colItems
      $sUptime = "LastBootTime= " & WMIDateStringToDate($objItem.LastBootUpTime) & @CRLF
   Next
Endif
EndIf

      $aOut[$i] = $aOut[$i] & ":  " & $sUptime

Next

_FileWriteFromArray(@ScriptDir & "\LastBoot_LOG.txt" , $aOut , 0)
_ArrayDisplay($aOut)

Func WMIDateStringToDate($dtmDate)

    Return (StringMid($dtmDate, 5, 2) & "/" & _
    StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _
    & " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2))
EndFunc

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Using -Property to output wmi returned arrays from the Network Adapter Configuration class

#include <AutoItConstants.au3>
#include <Array.au3>

$sCommands = "powershell -Command Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -Property IPAddress,Description,IPSubnet,DHCPServer,DefaultIPGateway,DNSServerSearchOrder,WinsPrimaryServer,WinsSecondaryServer"
$iPID = Run(@ComSpec & " /c " & $sCommands, "", @SW_SHOW , $stdout_child)

$sOutput = ""

 While 1
        $sOutput &= StdoutRead($iPID)
        If @error Then ; Exit the loop if the process closes or StderrRead returns an error.
            ExitLoop
        EndIf
    WEnd

$aOutput = stringsplit($sOutput , @CR , 3)

For $i = ubound($aOutput) - 1 to 0 step - 1
If stringleft(stringstripws($aOutput[$i], 1) , 1) = "" OR stringleft(stringstripws($aOutput[$i], 1) , 1) = "_" Then _ArrayDelete($aOutput, $i)
Next


_ArrayDisplay($aOutput)
Edited by boththose

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

Importing a custom module and using it in your script:   Download or Copy Get-LoggedOnUsers.ps1

https://gallery.technet.microsoft.com/scriptcenter/d46b1f3b-36a4-4a56-951b-e37815a2df0c

Get-LoggedOnUsers.ps1

function Get-LoggedOnUser { 
#Requires -Version 2.0             
[CmdletBinding()]             
 Param              
   (                        
    [Parameter(Mandatory=$true, 
               Position=0,                           
               ValueFromPipeline=$true,             
               ValueFromPipelineByPropertyName=$true)]             
    [String[]]$ComputerName 
   )#End Param 
 
Begin             
{             
 Write-Host "`n Checking Users . . . " 
 $i = 0             
}#Begin           
Process             
{ 
    $ComputerName | Foreach-object { 
    $Computer = $_ 
    try 
        { 
            $processinfo = @(Get-WmiObject -class win32_process -ComputerName $Computer -EA "Stop") 
                if ($processinfo) 
                {     
                    $processinfo | Foreach-Object {$_.GetOwner().User} |  
                    Where-Object {$_ -ne "NETWORK SERVICE" -and $_ -ne "LOCAL SERVICE" -and $_ -ne "SYSTEM"} | 
                    Sort-Object -Unique | 
                    ForEach-Object { New-Object psobject -Property @{Computer=$Computer;LoggedOn=$_} } |  
                    Select-Object Computer,LoggedOn 
                }#If 
        } 
    catch 
        { 
            "Cannot find any processes running on $computer" | Out-Host 
        } 
     }#Forech-object(Comptuters)        
             
}#Process 
End 
{ 
 
}#End 
 
}#Get-LoggedOnUser

 

save that as a ps1 relative to this autoit script:

 

#include <AutoItConstants.au3>
#RequireAdmin

$sInput = inputbox("GetLoggedOnUsers" , "Computer Name or IP" , "localhost")

$sCommands = 'powershell -ExecutionPolicy ByPass import-module ' & @ScriptDir & '\Get-LoggedOnUser.Ps1 ; Get-LoggedOnUser -ComputerName ' & $sInput
$iPID = Run("cmd /k " & $sCommands, "", @SW_SHOW , $stdout_child)

$sOutput = ""

 While 1
        $sOutput &= StdoutRead($iPID)
        If @error Then
            ExitLoop
        EndIf
    WEnd


msgbox(0, '' , $sOutput)

 


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

Hi boththose, when running  Get-LoggedOnUsers I got the Message "Cannot find any processes running on 192.168.00.00 "

I tested with several computers which have users logged on and got the same message.

Any suggestion?

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

and the account you are running the au3 script as, is a local admin on the target machine?  Honestly, I only tested this on my box and was excited that i figured out the syntax and that the -Command parameter blows it up,  I will do further exploration tomorrow at work.

Edited by boththose
terrible grammar

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

I'm using a Domain Admin account. I also tested the other scripts and only got some valid output with the Network Adapter Properties.

Thanks a lot and regards.

Share this post


Link to post
Share on other sites

I have confirmed that the script functions across the network with appropriate credentials.  I can only replicate your issue when ran with an account that does not have rights.


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

#10 ·  Posted

boththose , OK, It make me think in an antivirus policy blocking issue thought, I´ll test it from another machine.

thanks a lot and regards.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now