Solved: Active Directory users account status

this will get disabled account status

Search-ADAccount -AccountDisabled | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass -A

This will find account expiry within 90 days

Search-ADAccount -AccountExpiring -TimeSpan 90.00:00:00 | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass –A

Rabih El Haj youssef

ASKER

Thanks for your post,
I do have my list, and I am only want those users in the list to know if their account is enabled or disabled
I am not sure is the above does that.

Thanks

Pramod Ubhe

Copy paste below script on the computer where powershell AD module is installed and make sure input.txt file has the user logon names mentioned one per line. You can modify it as per your needs.
__________________________________________________________________________________________________

$ErrorActionPreference = "SilentlyContinue"
      Import-Module ActiveDirectory
            Function Get-UserDetails {
       Process {
                 $Result = Get-ADUser "$_" -properties AccountExpirationDate,Enabled
                              $obj = New-Object psobject
                              $obj | Add-Member NoteProperty UserName $_
                              $obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
                              $obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
                        Write-Output $obj
                  }
            }
Get-Content c:\input.txt | Get-UserDetails | ConvertTo-Csv c:\output.csv

Rabih El Haj youssef

ASKER

Hi Pramod,

Is that possible to do a test on OU rather to whole domain, for now only.

Do you know a online lab where I can practising.
I prefer it some Free Lab .
Please advise the script.

Thanks

Pramod Ubhe

since you mentioned it for 300 users i created the script in this way, you can mention users in input.txt one per line so that it will not query for all users.

if you want it for a specific OU I can modify it or if you just want to test it on couple of user accounts, you can mention only one or two names in the input.txt

for lab, you can explore Technet Virtual Lab but I am not sure if there is a specific lab for powershell.

http://technet.microsoft.com/en-us/virtuallabs/bb467605.aspx

Rabih El Haj youssef

ASKER

Sorry mate,you right.

I will check this link at home and update you.

Thanks for your help.

Regards
Rabih

Rabih El Haj youssef

ASKER

I could find a virtual power she'll to practice.

Does any one can help me please?

Thanks Rabih

Pramod Ubhe

what help do you need, have you tried executing the commands/scripts provided earlier?

Rabih El Haj youssef

ASKER

I am still on leave. But will be back tomorrow.
I could not find any power shel to practice referring to your above link.
Is any way i can build a virtual lab on line including Ad,exchange etc
Please advise

Thank you
Rabih

Pramod Ubhe

Not that I am aware of but you can build it on your computer using VMware workstation.

Rabih El Haj youssef

ASKER

Hi pramond,
in the input file can I add full name instead if not email address if possible.
Is the script will change? And which line.

Sorry to bother you a lots

I appropriate your quick response

Thanks
Rabih

Rabih El Haj youssef

ASKER

Hi,
I tried your script, did not give me any error or export a list off user. Even could not find any file call output

I appreciate you help in this matter.

Thanks
Rabih

Pramod Ubhe

actually i tested it in my test environment. can you just try these two commands for a specific user account or a test account, just replace <username> with actual user's login name -

Import-Module ActiveDirectory
Get-ADUser <username> -properties AccountExpirationDate,Enabled | select Name,AccountExpirationDate,Enabled

Rabih El Haj youssef

ASKER

Hi
I have tried the below script "Import-Module ActiveDirectory
Get-ADUser <username> -properties AccountExpirationDate,Enabled | select Name,AccountExpirationDate,Enabled"

It is working, that what I need. How can I get those users(300) all together in one output

Please help

Rabih

Pramod Ubhe

Create a text file c:\input.txt with all those 300 users mentioned in it one per line and then copy - paste below commands in powershell. it will give you output at c:\output.csv

$ErrorActionPreference = "SilentlyContinue"
Import-Module ActiveDirectory
Function Get-UserDetails {
Process {
$Result = Get-ADUser "$_" -properties AccountExpirationDate,Enabled
$obj = New-Object psobject
$obj | Add-Member NoteProperty UserName $_
$obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
$obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
Write-Output $obj
}
}
Get-Content c:\input.txt | Get-UserDetails | ConvertTo-Csv c:\output.csv

Rabih El Haj youssef

ASKER

PS H:\> .\finddisable.ps1

when i run the above file , not getting any output or error

file name : finddisable.ps1 and that what i got

$ErrorActionPreference = "SilentlyContinue"
Import-Module ActiveDirectory
Function Get-UserDetails {
Process {
$Result = Get-ADUser "$_" -properties AccountExpirationDate,Enabled
$obj = New-Object psobject
$obj | Add-Member NoteProperty UserName $_
$obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
$obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
Write-Output $obj
}
}
Get-Content h:\input.txt | Get-UserDetails | ConvertTo-Csv h:\output.csv

Input.txt File I tried wiht no SamAccountName and with the same

SamAccountName
elhajyo
test2
BBTest2

PS H:\> .\finddisable.ps1

no error i can run Get-ADUser rabihhaj -properties AccountExpirationDate,Enabled | select Name,AccountExpirationDate,Enabled
with output

please assist i am not sure where i am having mistake

Thank you in advanse and patient

Rabih

Rabih El Haj youssef

ASKER

Excellent ...

but i am not getting the expired day
#TYPE System.Management.Automation.PSCustomObject
"UserName","Enabled","AccountExpirationDate"
"SamAccountName",,
"elhajyo","True",
"test2","True",
"BBTest2","True",

Let say if i have an email address instead logon id what i should change in the scripts

please help

Pramod Ubhe

1. You are unable to get expired day because those accounts are not set to expire. you can set expiry date on one of the test account to check it (through account properties in ADUC).

2. for email address, use below script and make sure to mention one email address per line without any spaces in the input.txt file.

$ErrorActionPreference = "SilentlyContinue"
Import-Module ActiveDirectory
Function Get-UserDetails {
Process {
$Result = Get-ADUser -Filter 'EmailAddress -eq "$_"' -properties AccountExpirationDate,Enabled
$obj = New-Object psobject
$obj | Add-Member NoteProperty UserName $_
$obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
$obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
Write-Output $obj
}
}
Get-Content h:\input.txt | Get-UserDetails | ConvertTo-Csv | out-file h:\output.csv

Rabih El Haj youssef

ASKER

I've requested that this question be closed as follows:

Accepted answer: 0 points for Rabihhaj's comment #a40060927

for the following reason:

Good Solution

Pramod Ubhe

Rabihhaj,

was there nothing helpful you found in my comments as you didn't assigned any points to any of my comments?

Rabih El Haj youssef

ASKER

I've requested that this question be closed as follows:

Accepted answer: 0 points for Rabihhaj's comment #a40060927

for the following reason:

I am happy with the solution. Good work

Rabih El Haj youssef

ASKER

Sorry mate, still not sure what I did. But I am very happy with your solution

I will read your comments, this site layout is new on me. Not sure what I did

Rabih El Haj youssef

ASKER

How about the grade option
A,B,C

Rabih El Haj youssef

ASKER

I will read those link when I got home.

Thank you for the links

Rabih El Haj youssef

ASKER

Thank you for your help to solve my question.

Rabih El Haj youssef

ASKER

Hi Pramod Ubhe,

I tried to use your above Script because i only have Email Address , i am only getting email address and the rest is Blank

it it not exporting the status account and end of the day , But if i have the user ID it working could you please look at this issue Please

"
$ErrorActionPreference = "SilentlyContinue"
Import-Module ActiveDirectory
Function Get-UserDetails {
Process {
$Result = Get-ADUser -Filter 'EmailAddress -eq "$_"' -properties AccountExpirationDate,Enabled
$obj = New-Object psobject
$obj | Add-Member NoteProperty UserName $_
$obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
$obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
Write-Output $obj
}
}
Get-Content h:\input.txt | Get-UserDetails | ConvertTo-Csv | out-file h:\output.csv
"
Thanks
Rabih

Pramod Ubhe

i am out for at least 1-2 weeks so if you want, you can post a new question or i'll reply once back.

Pramod Ubhe

Rabihhaj, at this point I can give you below script to get UserIDs from email address. Then you can use the previous commands to get the required output. i haven't checked it since will be unable to do so for next two weeks.

$ErrorActionPreference = "SilentlyContinue"
Import-Module ActiveDirectory
Function Get-UserDetails {
Process {
$Result = Get-ADUser -Filter 'EmailAddress -eq "$_"' -properties SamAccountName
$obj = New-Object psobject
$obj | Add-Member NoteProperty UserName $_
$obj | Add-Member NoteProperty "userID" ($Result.SamAccountName)
Write-Output $obj
}
}
Get-Content h:\input.txt | Get-UserDetails | out-file h:\output.txt

Rabih El Haj youssef

ASKER

Hi Pramod,

I really like to know how i can get SID when i have email Address ,

I follow your Script and that what Output I Got

UserName userID
-------- ------
Blackberry.Test2@Domain.com
Blackberry.Test1@Domain.com
Migration4.test@Domain.com

I have raised a question On this site , i am happy to give you a 500Point too
Not Urgent
Thanks

...