Skeer
Reputation: 173
Problem with LogOnly functions, not counting properly
Ok so.. I've got this script below and it running with the -LogOnly parameter should give a total count like:
DEBUG: ========================[ LogOnly ]===============================
DEBUG: aaqa.www user has fell out of scope, Report group would be removed.
DEBUG: 0 Users who would be added
DEBUG: 0 Groups that would be added
DEBUG: 1 Groups that would be removed
DEBUG: ====[END]=====
So if you see the 0 Users who would be added is incorrect. I removed 2 users from a security group in AD (that's within scope) but they were not counted. I've had the $script:AddUserCount += ($DirectReports | Measure-Object).count in a few different places when working on this so Im confused as to where to put it to make this work. It also doesnt correctly count up the users who are added when invoking the script without the LogOnly parameter, in that instance it counts all users matched by the Get-DirectReports function. If you run it a second time immediately w/o the LogOnly it will still return a full 1600 user count. I feel fixing one will fix both.
Here's the script:
#---------------------------------------------------------[Initializations]--------------------------------------------------------
Param (
[Parameter(Mandatory=$false)]
[Switch]$LogOnly
)
# Dot Source required Function Libraries
#. "\\server\e$\scripts\Logging_Functions.ps1"
. "c:\users\documents\powershell\Functions\Logging_Functions.ps1"
# Error Action
$ErrorActionPreference = 'silentlycontinue'
# Debug preference
$global:DebugPreference = "continue"
# WhatIf Preference, uncomment to run script in a logging only function
#$WhatIfPreference = $true
#----------------------------------------------------------[Declarations]----------------------------------------------------------
# Script Version
$sScriptVersion = "1.0"
Import-Module ActiveDirectory
# Log File Info
$sLogPath = "C:\Users\Documents\powershell\Logs"
#$sLogPath = "\\server\e$\Logs"
$sLogName = "Set-LitmosGroups_$(get-date -f yyyy-MM-dd_HH-mm-ss).log"
$sLogOnlyPath = "C:\Users\Documents\powershell\Logs"
$sLogOnlyName = "\Set-LitmosGroups (Log Only)_$(get-date -f yyyy-MM-dd_HH-mm-ss).log"
$sLogFile = Join-Path -Path $sLogPath -ChildPath $sLogName
$sLogOnlyFile = Join-Path -Path $sLogOnlyPath -ChildPath $sLogOnlyName
$LogLine = $null
#$logonly = $null
# Variable Initializations
# Org Unit where the target groups reside (Litmos)
$OU = "ou=test_litmos, ou=test accounts, ou=domain, dc=net"
# Org unt containing the All Managers security group
$OU2 = "CN=All Managers,OU=Organizational,OU=Groups,OU=domain,DC=net"
# Get member of the 'ALL Managers' security group
$Managers = Get-ADGroupMember -identity $OU2 | Select-Object -expandproperty samaccountname
# Get AD groups with Report to in the name in $ou
$ReportsTo = Get-adgroup -searchbase $ou -filter "Name -like 'Report to *'" |
Select-Object -expandproperty name
$Samecount = 0
$AddGroupCount = 0
$Addusercount = 0
$LOAddUserCount = 0
$LOGroupCount = 0
$GroupsRemoved = 0
$LOGroupsRemoved = 0
#----------------------------------------------------------[Functions]-------------------------------------------------------------
Function Get-DirectReport {
#requires -Module ActiveDirectory
[CmdletBinding()]
param(
[Parameter(
Mandatory = $false,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true
)]
[string] $SamAccountName,
[switch] $NoRecurse
)
BEGIN {}
PROCESS {
$UserAccount = Get-ADUser $SamAccountName -Properties DirectReports, DisplayName
$UserAccount | select -ExpandProperty DirectReports | ForEach-Object {
$User = Get-ADUser $_ -Properties DirectReports, DisplayName, Title, EmployeeID
if ($null -ne $User.EmployeeID) {
if (-not $NoRecurse) {
Get-DirectReport $User.SamAccountName
}
[PSCustomObject]@{
SamAccountName = $User.SamAccountName
UserPrincipalName = $User.UserPrincipalName
DisplayName = $User.DisplayName
Manager = $UserAccount.DisplayName
}
}
}
}
END {}
}
Function New-bhReportToGroup {
[CmdletBinding(SupportsShouldProcess)]
$Log1 = "New group for " + $manager + " has been created."
$Log2 = "Group for " + $manager + " already exists."
#From on when you see the below line $script:<variable> that sets the scope for that variable to the entire script which means other functions can use the value
$script:ReportsTo = $ReportsTo -replace ("Report to ", "")
if ($manager -notin $ReportsTo) {
new-adgroup -name "Report to $manager" -groupscope global -path $ou
$LogLine = $Log1
$Script:AddGroupCount++
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
else {
$LogLine = $Log2
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
}
Function New-bhReportToGroup_logonly {
[CmdletBinding(SupportsShouldProcess)]
$Log1 = "New group for " + $manager + " would have been created in $OU."
$Log2 = "Group for " + $manager + " already exists in $OU."
$script:ReportsTo = $ReportsTo -replace ("Report to ", "")
if ($manager -notin $ReportsTo) {
$Script:LOGroupCount++
$LogLine = $Log1
Log-Write -LogPath $sLogOnlyFile -LineValue $LogLine
}
else {
$LogLine = $Log2
Log-Write -LogPath $sLogOnlyFile -LineValue $LogLine
}
}
Function Get-bhDReports {
[CmdletBinding(SupportsShouldProcess)]
$directreports = Get-Directreport $manager -norecurse | Select-Object samAccountName
if ($null -ne $directreports) {
$LogLine = "Gathering direct reports for $manager"
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
else {
$LogLine = "$manager has no reports."
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
}
Function Set-bhRTGmembers {
[CmdletBinding(SupportsShouldProcess)]
# Get manager's 'report to <manager>' group again to update members
$managerReportToGroup = Get-ADGroup -SearchBase $OU -Filter "Name -like 'Report to $Manager'"
$Directreports = Get-Directreport $manager -norecurse | Select-Object -expand samAccountName
if ($managerReportToGroup) {
Add-ADGroupMember -identity $managerReportToGroup.Name -members $DirectReports
Add-ADGroupMember -identity $managerReportToGroup.name -members $Manager
#$LogLine = "Report to " + $Manager + " updated."
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
else {
$LogLine = "Could not find group for " + $Manager
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
}
Function Set-bhRTGmembers_logonly {
[CmdletBinding(SupportsShouldProcess)]
$DirectReports = Get-Directreport $manager -norecurse | Select-Object -expand samAccountName
# Get manager's 'report to <manager>' group again to update members
$managerReportToGroup = Get-ADGroup -SearchBase $OU -Filter "Name -like 'Report to $Manager'"
if ($managerReportToGroup) {
$LogLine = "Report to $Manager would be updated with $DirectReports"
Log-Write -LogPath $sLogOnlyFile -LineValue $LogLine
}
else {
$LogLine = "Group for $Manager not found, would be updated with $DirectReports"
Log-Write -LogPath $sLogOnlyFile -LineValue $LogLine
}
}
Function Remove-bhOOSGroups {
[CmdletBinding(SupportsShouldProcess)]
$report = $report -replace ("Report to ", "")
if ($Report -notin $managers) {
Remove-ADGroup -Identity "Report to $Report" -confirm:$false
$LogLine = $report + " user has fell out of scope, Report group removed."
$Script:GroupsRemoved++
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
else {
Continue
}
}
Function Remove-bhOOSGroups_logonly {
[CmdletBinding(SupportsShouldProcess)]
$report = $report -replace ("Report to ", "")
if ($Report -notin $managers) {
$LogLine = $report + " user has fell out of scope, Report group would be removed."
$Script:LOGroupsRemoved++
Log-Write -LogPath $sLogOnlyFile -LineValue $LogLine
}
else {
Continue
}
}
#----------------------------------------------[ Execution ]------------------------------------------------
Foreach ($Manager in $Managers) {
if (-not $LogOnly) {
$Directreports = Get-Directreport $manager -norecurse | Select-Object -expand samAccountName
$script:AddUserCount += ($DirectReports | Measure-Object).count
$time = (Get-Date).ToString('T')
New-bhReportToGroup
Get-bhDReports
Set-bhRTGmembers
Log-Write -LogPath $sLogFile -LineValue "Direct reports are: $Directreports"
Log-Write -LogPath $sLogFile -LineValue "========================[$Time ]==============================="
} else {
$script:LOAddUserCount += ($DirectReports | Measure-Object).count
New-bhReportToGroup_logonly
Get-bhDReports
Set-bhRTGmembers_logonly
Log-Write -LogPath $sLogOnlyFile -LineValue "========================[ LogOnly ]==============================="
}
}
Foreach ($Report in $ReportsTo) {
If (-not $LogOnly){
Remove-bhOOSGroups
} else {
Remove-bhOOSGroups_logonly
}
}
#}
if (-not $LogOnly) {
Log-Write -Logpath $sLogPath -Linevalue "$AddUserCount Total users matched"
Log-Write -LogPath $sLogPath -Linevalue "$AddGroupCount New groups added"
Log-Write -LogPath $sLogPath -Linevalue "$GroupsRemoved groups removed"
Log-Write -LogPath $sLogPath -Linevalue "====[END]====="
} else {
Log-Write -Logpath $sLogOnlyPath -Linevalue "$LOAdduserCount Users who would be added"
Log-Write -Logpath $sLogOnlyPath -Linevalue "$LOGroupCount Groups that would be added"
Log-Write -LogPath $sLogOnlyPath -Linevalue "$LOGroupsRemoved Groups that would be removed"
Log-Write -LogPath $sLogOnlyPath -Linevalue "====[END]====="
}
Upvotes: 0
Views: 74
Answers (1)
alexzelaya
Reputation: 255
"$AddUserCount Total users matched" is not the variable that is being output. It's this one: "$LOAdduserCount Users who would be added"
Also, $script:LOAddUserCount += ($DirectReports | Measure-Object).count shouldn't be in the $script: context. It should be $LOAddUserCount += $DirectReports.Count, notice that I've also simplified the count.
Upvotes: 1
Related Questions
- Log Off multiple Idle users
- Return Statement not Working with continue
- Why won't the "Exit" function work in my PowerShell code?
- Powershell .count function not working as expected
- Logoff Disconnected user sessions based on IDLE time
- how to execute powershell script when user logout
- Ending, out of loop function not being called, adding run counts
- Exit not behaving the same as Exit-PSSession
- Powershell - Log off all users?
- Why does piping Get-PSSession to Exit-PSSession not work?