среда, 4 апреля 2018 г.

powershell script for write info for user by gpo

when user logon, script will associate user and site where user
 initiated logon by ip of user host and set some information about host (write it for AD fields USER.physicalDeliveryOfficeName and USER.info)

use with gpo:
logon script - powershell scenario with parameters "-Nologo -WindowStyle Hidden -Noninteractive -Noprofile -ExecutionPolicy Unrestricted"

script:
#by alex

#script for assotiate user for site by ip

$LOGFILE=$env:Temp+'\ololo-set-physicalDeliveryOfficeName.log'

#в массиве из массивов должно быть минимум 2 элемента, не убирать @("0.0.0.0","0.0.0.0")
$global:networks = @{}
$networks.add('Main',@(@("100.70.0.1","100.70.0.254"),@("100.70.1.1","100.70.1.254")))
$networks.add('Site2',@(@("192.168.3.1","192.168.3.254"),@("0.0.0.0","0.0.0.0")))
$networks.add('Site3',@(@("192.168.99.1","192.168.99.254"),@("192.168.100.1","192.168.100.254")))

$global:sites = @{}
$sites.add('Main','Главный офис компании ООО "ОЛОЛО"')
$sites.add('Site2','Офис в городе Майами')
$sites.add('Site3','Офис в городе Сызрань')

$global:mysitename=''
$global:myips = @((gwmi Win32_NetworkAdapterConfiguration|?{$_.IPAddress})|%{$_.IPAddress -notlike "*::*"})
$global:myip = ''

function log([string]$txt)
{
 add-content $LOGFILE $txt 
}

function getmynetworkname{
global:networks.Keys=$([string]::Join(',',@($global:networks.Keys)))")
  foreach($ip in $global:myips){
   foreach($key in $global:networks.Keys){
     $netbymyip=$ip.split('.')[0]+'.'+$ip.split('.')[1]+'.'+$ip.split('.')[2]
      foreach($arr in $global:networks[$key]){
       $netbyarrip=$arr[0].split('.')[0]+'.'+$arr[0].split('.')[1]+'.'+$arr[0].split('.')[2]
       if($netbyarrip -eq $netbymyip){
        if(([int]$ip.split('.')[3] -ge [int]$arr[0].split('.')[3]) -and ([int]$ip.split('.')[3] -le [int]$arr[1].split('.')[3])){
         $global:myip = $ip
         return $key}
       }
     }
    }
   }#top foreach
 return ""
}

function mainproc
{
 $now = Get-Date -UFormat "%d-%m-%Y %T"
 $retcode = 1
#выход если это терминальный сервер
#exit when terminal session
 if((gwmi -namespace root\cimv2\terminalservices -class win32_terminalservicesetting).TerminalServerMode -eq 1){
  return $retcode 
 }
 $mynetname = getmynetworkname
 if($mynetname -eq ""){
  $message = "Error! No name for network"
  throw $message
  retun -1
 }

 $global:mysitename = $global:sites[$mynetname]
 $searcher = [adsisearcher]"(samaccountname=$env:USERNAME)"
 $user = [adsi]$searcher.FindAll()[0].Properties.adspath[0]
 $objUser = [adsi]("LDAP://"+$env:LOGONSERVER.trim('\')+":389/"+$user.distinguishedName)
 $operatingsysteminfo = Get-WmiObject Win32_OperatingSystem
 $os = (($operatingsysteminfo).Name).Split('|')[0]
 $arch = $operatingsysteminfo.OSArchitecture
 $comp = Get-WmiObject Win32_Computersystem
 $ram = [string]([math]::Round([int64](($comp).TotalPhysicalMemory/1Gb)))+"Gb"
 $CompName = $comp.Name
 $CompManufacturer = 'Unknown'
 $CompModel = 'Unknown'
 if($comp.Manufacturer -ne "System manufacturer"){
 $CompManufacturer = $comp.Manufacturer}
 if($comp.Model -ne "System manufacturer"){
 $CompModel = $comp.Model}
 $objUser.Put("Info","Last logon info:`r`n$now`r`n$CompName`r`n$CompManufacturer   $CompModel`r`nRAM:$ram`r`nOS:$arch $os")
 if($global:mysitename -ne $user.physicalDeliveryOfficeName)
 {
  $objUser.Put("physicalDeliveryOfficeName", $global:mysitename)
  $retcode = 0
 }
 $objUser.SetInfo()
 return $retcode
}#end of mainproc



try{
 $retvalue = mainproc
}
catch{
   $ErrorMessage = $_.Exception.Message
   $invocation = $PSItem.InvocationInfo
   log("Exception detected!`nError message:$ErrorMessage")
   log("invocation:`n$invocation")
   return -1
}
finally{
 if($retvalue -eq 0){
  log("AD attribute physicalDeliveryOfficeName set to $global:mysitename for host $global:myip for user $env:USERNAME at $(Get-Date)")
  }
}
===================================================
another example
$root = [adsi]""
$rootdn = $root.distinguishedName

$userinput = $args[0]
$groupobj = get-group $userinput
$groupdn = $groupobj.DistinguishedName

# Bind to Group object

$group = [adsi]"LDAP://$groupdn"

$group.put("hideDLMembership", "TRUE" )

$group.setinfo()

Комментариев нет:

Отправить комментарий