Finding and updating users with duplicate UID and GUID - TheJumpCloud/support GitHub Wiki
To use these functions the JumpCloud PowerShell module must be installed.
Find steps to install this module here..
Table of Contents:
- Finding Duplicate UID and GUID values
- Finding Users With Duplicate UID and GUID values
- Finding Users To Update With Duplicate UID and GUID Values
- Finding Available UID and GUID Values To Use To Update Duplicate Users
- Updating Users With Duplicate UID and GUID Values
function Get-DupUIDandGUIDValues
{
$DupValues = Get-JCUser -returnProperties unix_uid, unix_guid | Group-Object unix_guid, unix_uid | ? Count -Gt 1 | Select-Object -ExpandProperty Values | Select-Object -Unique
Return $DupValues
}The function Get-DupUIDandGUIDValues will return all duplicate unix_uid and unix_guid values. To use this function load it into the memory of a PowerShell terminal and then call the function Get-DupUIDandGUIDValues.
function Find-DupUIDandGUIDUsers
{
$DupValues = Get-JCUser -returnProperties unix_uid, unix_guid | Group-Object unix_guid, unix_uid | ? Count -Gt 1 | Select-Object -ExpandProperty Values | Select-Object -Unique
$ResultsArray = @()
ForEach ($Value in $DupValues)
{
$Results = Get-JCUser -unix_uid $Value -unix_guid $Value -returnProperties username, created, unix_uid, unix_guid
$ResultsArray += $Results
}
Return $ResultsArray
}
The function Find-DupUIDandGUIDUsers will return all users with duplicate unix_uid and unix_guid values. To use this function load it into the memory of a PowerShell terminal and then call the function Find-DupUIDandGUIDUsers.
This function can be piped into Format-Table for better readability.
Find-DupUIDandGUIDUsers | Format-Tablefunction Find-DupUIDandGUIDUsersToUpdate
{
$DupValues = Get-JCUser -returnProperties unix_uid, unix_guid | Group-Object unix_guid, unix_uid | ? Count -Gt 1 | Select-Object -ExpandProperty Values | Select-Object -Unique
$ResultsArray = @()
ForEach ($Value in $DupValues)
{
$Results = Get-JCUser -unix_uid $Value -unix_guid $Value -returnProperties username, created, unix_uid, unix_guid | Sort-Object created | Select-Object -Skip 1
$ResultsArray += $Results
}
Return $ResultsArray
}The function Find-DupUIDandGUIDUsersToUpdate is the same as the function Find-DupUIDandGUIDUsers but will skip the oldest user with a duplicate unix_uid and unix_guid value. This function isolates the users that need to be updated to ensure there are no dupliate unix_uid and unix_guid values.
To use this function load it into the memory of a PowerShell terminal and then call the function Find-DupUIDandGUIDUsersToUpdate.
This function can be piped into Format-Table for better readability.
Find-DupUIDandGUIDUsersToUpdate | Format-Tablefunction Find-AvailableUIDandGUIDValues
{
[CmdletBinding()]
param (
[int]$CounterStart = 5000
)
process
{
$UIDValues = Get-JCUser -returnProperties unix_uid | Select-Object -ExpandProperty unix_uid | Sort-Object unix_uid
$GUIDValues = Get-JCUser -returnProperties unix_guid | Select-Object -ExpandProperty unix_guid | Sort-Object unix_guid
$UIDHash = [ordered]@{}
$GUIDHash = [ordered]@{}
$UIDCounterHash = [ordered]@{}
$UIDCounter = $CounterStart
foreach ($Value in $UIDValues)
{
$UIDCounterHash.Add($UIDCounter, $UIDCounter)
$UIDCounter ++
try
{
$UIDHash.Add([int]$Value, [int]$Value)
}
catch
{
Write-Verbose "Duplicate UID $Value found"
}
}
foreach ($Value in $GUIDValues)
{
try
{
$GUIDHash.Add([int]$Value, [int]$Value)
}
catch
{
Write-Verbose "Duplicate GUID $Value found"
}
}
$AvailableValues = [ordered]@{}
foreach ($Value in $UIDCounterHash.GetEnumerator())
{
if ($UIDHash.Contains($Value.Value))
{
Write-Verbose "UID $($Value.Value) in use"
$UIDInUse = $true
}
else
{
$UIDInUse = $false
}
if ($GUIDHash.Contains($Value.Value))
{
Write-Verbose "GUID $($Value.Value) in use"
$GUIDInUse = $true
}
else
{
$GUIDInUse = $false
}
if (($UIDInUse -eq $false) -and ($GUIDInUse -eq $false))
{
$AvailableValues.Add($Value.Value, $Value.Value)
}
}
}
end
{
Return $AvailableValues
}
}
The function Find-AvailableUIDandGUIDValues can be used to find available unix_uid and unix_guid values that are not currently assigned to JumpCloud users. The parameter $CounterStart = 5000 is used to define the bottom range for the unix_uid and unix_guid value to start the search from.
This value is set to a default of 5000 as this is the default value that the first user created within a JumpCloud tenant is assigned. It is recommended to keep the default of 5000.
To use this function load it into the memory of a PowerShell terminal and then call the function Find-AvailableUIDandGUIDValues.
Three functions must be loaded into the memory of a PowerShell terminal to complete this process. Find the three functions to load below.
- Find-DupUIDandGUIDUsersToUpdate
- Find-AvailableUIDandGUIDValues
- Update-DuplicateUIDandGUIDValues
function Update-DuplicateUIDandGUIDValues
{
[CmdletBinding()]
param (
[int]$CounterStart = 5000
)
begin
{
$ResultsArray = @()
}
process
{
$UsersToUpdate = Find-DupUIDandGUIDUsersToUpdate
$AvailableValues = Find-AvailableUIDandGUIDValues -CounterStart $CounterStart
if ($AvailableValues.Values.Count -lt $UsersToUpdate._id.count)
{
Write-Host "Not enough available values given input parameter counter start. Try again with a new -CounterStart value (default 5000)"
Break
}
foreach ($User in $UsersToUpdate)
{
$NewValue = $AvailableValues[0]
$UpdatedUser = Set-JCUser -UserID $User._id -unix_uid $NewValue -unix_guid $NewValue | Select-Object username, unix_uid, unix_guid, _id
$AvailableValues.Remove($NewValue)
$ResultsArray += $UpdatedUser
}
}
end
{
Return $ResultsArray
}
}
Once all functions are loaded into the memory of a PowerShell terminal, call the function Update-DuplicateUIDandGUIDValues.
This function uses the function Find-DupUIDandGUIDUsersToUpdate to find users with duplicate UID and GUID values that need to be updated and then uses the function Find-AvailableUIDandGUIDValues to find open UID and GUID values to update them with.
To validate that there are no more users with dupliate UID and GUID values the command Find-DupUIDandGUIDUsersToUpdate can be run and should return zero results.