Powershell hits an error finding output file

Post Reply
SamOrlando
Posts: 23
Joined: Wed May 01, 2019 2:55 pm
4

Powershell hits an error finding output file

Post by SamOrlando »

Testing this on our AD before setting it up for clients. First hurdle, we have spaces in our Users OU so I added escaped spaces just in case. However, with or without them, this is what I get:

Script: S6319 - Starting at Server Time: Tuesday, May 07, 2019 8:56:23 PM
IF F1 T: 1.1687781
L1 F129 Jump (P1): :WEARESERVER T: 1.1687781
L3 F139 Note (P1): :WEARESERVER T: 1.1687781
L4 F109 Delimiter (P2): Variable (P3): PoShVersion T: 1.1687781
L5 F70 Value (P1): PoShVersion Comparer (P2): 6 To (P3): 2 Jump (P4): :EXECUTE T: 9.2015075
L8 F139 Note (P1): :EXECUTE T: 9.2015075
L9 F172 SqlStatement (P1): Select LDAPRoot FROM plugin_sw_expiry_configure WHERE ClientID = 1 T: 9.2015075
L10 F20 SetType(P1):1 Parameter(P2):'CN=20-UMS - Users,DC=umbrellam...' VariableName(P3):LDAPRoot T: 9.2015075
L11 F90 File (P1): c:\windows\ltsvc\expiryAD.ps1 T: 9.2015075
L12 F109 Delimiter (P2): Variable (P3): PoShCMD T: 65.4296152
L13 F114 File (P1): C:\windows\ltsvc\expiryAD.sql Check (P2): 1 Jump (P3): :LDAPFAILED T: 71.4481732
L46 F139 Note (P1): :LDAPFAILED T: 73.4735228
L47 F29 Message (P1): Expiry found no LDAP output file after running PoSh cmds. T: 73.4735228
L48 F129 Jump (P1): T: 73.4735228

I'm guessing the powershell is suppose to spit out an output file somewhere to parse and get the user information.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Powershell hits an error finding output file

Post by Cubert »

Correct,

Look in your LTagent folder on agent to see an expiry folder. Is there a PS1 file at c:\windows\ltsvc\expiryAD.ps1 ?

If so open it an inspect it. It should be able "as admin" to create C:\windows\ltsvc\expiryAD.sql when executed. If it is not what error do you get when you run it manually? You may have to pass it variables, same you saved in the plugin.

If you find there is a script issue in ps1 let me know so I can have a look at code base that creates that script.

SamOrlando
Posts: 23
Joined: Wed May 01, 2019 2:55 pm
4

Re: Powershell hits an error finding output file

Post by SamOrlando »

Cubert wrote: Wed May 08, 2019 8:21 pm Correct,

Look in your LTagent folder on agent to see an expiry folder. Is there a PS1 file at c:\windows\ltsvc\expiryAD.ps1 ?

If so open it an inspect it. It should be able "as admin" to create C:\windows\ltsvc\expiryAD.sql when executed. If it is not what error do you get when you run it manually? You may have to pass it variables, same you saved in the plugin.

If you find there is a script issue in ps1 let me know so I can have a look at code base that creates that script.
Do not see an Expiry folder anywhere.

There is an expiryAD.ps1 file in C:\Windows\LTSvc\.

Ran it manually in a Powershell window and it completed without errors or output.

There still is no expiryAD.sql file in C:\Windows\LTSvc\.

Code: Select all

#Squidworks.net
#Author Shannon Anderson
#Date 10/20/2015
#Version 1.0.1.21

function Get-Domain-MaxPassword-Age{
    $ThisDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    $DirectoryRoot = $ThisDomain.GetDirectoryEntry()
    $DirectorySearcher = [System.DirectoryServices.DirectorySearcher]$DirectoryRoot
    $DirectorySearcher.Filter = "(objectClass=domainDNS)"
    $DirectorySearchResult = $DirectorySearcher.FindOne()
    $MaxPasswordAge = New-Object System.TimeSpan([System.Math]::ABS($DirectorySearchResult.properties["maxpwdage"][0]))
    return $MaxPasswordAge}
Try{

$MaxPasswordAge = Get-Domain-MaxPassword-Age
$MaxPasswordAgeDays = $MaxPasswordAge.Days
}
Catch{

$MaxPasswordAgeDays = 0

}
Finally{

}

$file="C:\windows\ltsvc\expiryAD.sql"
$ErrorActionPreference = 'SilentlyContinue'
#write-host $data.count total lines read from file
$Users = Get-ADUser -SearchBase "CN=20-UMS - Users,DC=umbrellamedical,DC=local" -properties mail, useraccountcontrol, CannotChangePassword, passwordlastset, passwordneverexpires -filter * | select *, `
          @{label="passwordage";expression={(new-timespan -end  (Get-Date) -start $_.PasswordlastSet).Days}}, `
          @{label="daysleft";expression={($MaxPasswordAgeDays - ((new-timespan -end  (Get-Date) -start $_.PasswordlastSet).Days)) }} `
        | where {($_.CannotChangePassword -ne $True) `
            -and ($_.passwordneverexpires -ne $True) `
            -and ($_.UserAccountControl -ne 514) `
            -and ($_.mail -ne $null) `
            }
$i = 0
foreach ($user in $Users) {
	$Name = $user.name
	$Name = $Name -replace "\W"," "
	$UPN = $user.mail
	$DaysLeft = $user.daysleft
    if($i -eq 0){
		Out-File -FilePath $File -InputObject "(1, '$UPN', '$Name', '$DaysLeft')"
    }else{
		Out-File -FilePath $File -InputObject ",(1, '$UPN', '$Name', '$DaysLeft')" -append
    }
	$i ++
}

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Powershell hits an error finding output file

Post by Cubert »

Here is what its trying to run

Code: Select all

Get-ADUser -SearchBase "CN=20-UMS - Users,DC=umbrellamedical,DC=local" -properties mail, useraccountcontrol, CannotChangePassword, passwordlastset, passwordneverexpires -filter * | select *, `
          @{label="passwordage";expression={(new-timespan -end  (Get-Date) -start $_.PasswordlastSet).Days}}, `
          @{label="daysleft";expression={($MaxPasswordAgeDays - ((new-timespan -end  (Get-Date) -start $_.PasswordlastSet).Days)) }} `
        | where {($_.CannotChangePassword -ne $True) `
            -and ($_.passwordneverexpires -ne $True) `
            -and ($_.UserAccountControl -ne 514) `
            -and ($_.mail -ne $null) `
            }
Lets run this in Powershell ISE as administrator again just the get-adusers command and lets adjust the OU some to see if there is a means it will accept.

Code: Select all

Get-ADUser -SearchBase "CN='20-UMS - Users',DC=umbrellamedical,DC=local" -properties mail, useraccountcontrol, CannotChangePassword, passwordlastset, passwordneverexpires -filter * | select *, `
          @{label="passwordage";expression={(new-timespan -end  (Get-Date) -start $_.PasswordlastSet).Days}}, `
          @{label="daysleft";expression={($MaxPasswordAgeDays - ((new-timespan -end  (Get-Date) -start $_.PasswordlastSet).Days)) }} `
        | where {($_.CannotChangePassword -ne $True) `
            -and ($_.passwordneverexpires -ne $True) `
            -and ($_.UserAccountControl -ne 514) `
            -and ($_.mail -ne $null) `
            }
or this way

Code: Select all

Get-ADUser -SearchBase 'CN="20-UMS - Users",DC=umbrellamedical,DC=local' -properties mail, useraccountcontrol, CannotChangePassword, passwordlastset, passwordneverexpires -filter * | select *, `
          @{label="passwordage";expression={(new-timespan -end  (Get-Date) -start $_.PasswordlastSet).Days}}, `
          @{label="daysleft";expression={($MaxPasswordAgeDays - ((new-timespan -end  (Get-Date) -start $_.PasswordlastSet).Days)) }} `
        | where {($_.CannotChangePassword -ne $True) `
            -and ($_.passwordneverexpires -ne $True) `
            -and ($_.UserAccountControl -ne 514) `
            -and ($_.mail -ne $null) `
            }

Do you get any users listed from any of these code segments?

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Powershell hits an error finding output file

Post by Cubert »

Also, have you tried stepping back 1 OU or creating a grouping OU to hold all the OU's that house people or email accounts as a work around?


so if your domain has //Users/20-UMS - Users then try using a CN of Users...

SamOrlando
Posts: 23
Joined: Wed May 01, 2019 2:55 pm
4

Re: Powershell hits an error finding output file

Post by SamOrlando »

I think I figured it out. I should have caught it sooner.

Instead of CN I should be using OU. Plugging in OU instead of CN and running the Get-ADUSer portion of the script, it worked fine.

Updated the plugin configuration and it worked.

Resolved!

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Powershell hits an error finding output file

Post by Cubert »

Awesome!

Post Reply

Return to “Expiry Domain Password Expiration Plugin”