# check-upn.ps1 # # Simple reportin Skript reading the UPN and MAIL address # if not matching -> generate an alert # its more PowerShell sample # # Version 1.0 # first version function write-dbg {param( $dbgmessage,$level) # generic output function. dbglevel is global if ($level -le $dbglevel) { switch ($level) { 0 {Write-Host "INF: $dbgmessage"} 1 {Write-Host "ERR: $dbgmessage"} 2 {Write-Host "WRN: $dbgmessage"} default {Write-Host "DBG($level): $dbgmessage" ; write-verbose -Message "$dbgmessage"} } } } # setting default debug level [int]$dbglevel = 5 # Initialize Eventlog für reporting and Debugging $evt=new-object System.Diagnostics.EventLog("Application") $evt.Source="Check-UPN" $infoevent=[System.Diagnostics.EventLogEntryType]::Information $warnevent=[System.Diagnostics.EventLogEntryType]::Warning $errorevent=[System.Diagnostics.EventLogEntryType]::Error $evt.WriteEntry("Check-UPN gestartet",$infoevent,0) Write-Host "Check-UPN ---------------- startet -----------------------" # Search für all NEW objects in active directory Write-Dbg " Preparing AD-Search" 3 $root = [system.directoryservices.activedirectory.forest]::getcurrentforest().rootdomain.name $objSearcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]"GC://$root") $objSearcher.PageSize = 1000 $objSearcher.Filter = "(&(mail=*)(objectclass=User))" Write-Dbg " Loading required Properties in Search request START" 5 $objSearcher.PropertiesToLoad.Add("mail") | Out-Null $objSearcher.PropertiesToLoad.Add("UserPrincipalName") | Out-Null $objSearcher.PropertiesToLoad.Add("UserAccountControl") | Out-Null write-dbg " Loading required Properties in Search request DONE" 5 Write-dbg " Searching ...." 0 $colResults = $objSearcher.FindAll() [int64]$total = $colResults.count Write-dbg " Searching DONE: Total Objects $total" 3 $evt.WriteEntry("Search done. Objects found $total",$infoevent,103) [int64]$count = 0 foreach ($objResult in $colResults) { $count = $count + 1 $status = "NA" $mail = $objResult.properties.mail[0].tolower() if ($objResult.properties.contains("UserPrincipalName")) { $upn = $objResult.properties.UserPrincipalName[0].tolower() } else {$upn = ""} if (($objResult.properties.Useraccountcontrol[0] -band 0x200) -eq 0x0200) { if ($mail -ne $upn ) { $evt.WriteEntry("UPN/MAIL not equal UPN:$upn MAIL:$mail",$warnevent,103) Write-Warning "UPN/MAIL not equal `r`n UPN:$upn `r`n MAIL:$mail" $status = "Warning" } else {$status = "OK"} # Generate Output $OutPipe = New-Object -TypeName System.Management.Automation.PSObject #$OutPipe.PSObject.TypeNames[0] = "$($OutPipe.PSObject.TypeNames[0])#ExtendedTypeSuffix" $OutPipe ` | Add-Member -Name upn -MemberType NoteProperty -Value $upn -PassThru ` | Add-Member -Name mail -MemberType NoteProperty -Value $mail -PassThru ` | Add-Member -Name status -MemberType NoteProperty -Value $status -PassThru } } write-dbg 'DONE Processing' 0 $evt.WriteEntry("Check-UPN beendet",$infoevent,1) Write-dbg "Check-UPN -------------- finished --------------------" 0