Link to home
Start Free TrialLog in
Avatar of amendala
amendala

asked on

Need a PowerShell script to list the CNs of all users in a specific OU that are enabled.

Folks -

I need some PowerShell code wipped up to list the CNs of all users within a specific OU that are ENABLED.  Simple, straightforward, but I'd like it without the use of the Quest cmdlets.  I realize this is easier with them but security restrictions require me to use the built-in PowerShell functionality.

The OU can be embedded int he code as a variable, it's easy enough to change.

Thanks in advance.
Avatar of Neil Russell
Neil Russell
Flag of United Kingdom of Great Britain and Northern Ireland image

Search-ADAccount -SearchBase "OU=YourOU,DC=yourdomain, DC=com" | Where{$_.enabled -eq $true} | %{Get-ADUser $_.ObjectGuid} | select name, givenname, surname | export-csv c:\users\username\desktop\unusedaccounts.csv -NoTypeInformation

Or some simular variation.
Avatar of amendala
amendala

ASKER

To the best of my knowledge, there is no built-in Cmdlet named Search-ADAccount...
http://technet.microsoft.com/en-us/library/ee617195
It is part of the Activedirectory Cmdlets
There are NO Built-in commandlets. A commandlet by its very nature is not builtin.
When you install eith RSAT or the AD Role on a server then the powershell commandlets for AD are installed.
Ah my bad, you are 2008 Server not 2008 R2 ?
The Active Directory Web Services must be installed/enabled in order to use the Active Directory Cmdlet(s) listed above.
No, for the most part you got it right... I'm on 2008 R2 and I was within the AD module, however, I mistyped Search-ADAccount.  That said, I'm still having an issue with the code complaining about being unable to resolve the name using the parameters specified.  I'm working that out.

Technically, and I'm not trying to push buttons, there are built-in commands, thousands of them.  :)  Get-Help being one...
What I get is "Parameter set cannot be resolved using the specified named parameters."

Hmm...
So you have that whole statement on a single line?
Search-ADAccount -SearchBase "OU=YourOU,DC=yourdomain, DC=com" | Where{$_.enabled -eq $true} | %{Get-ADUser $_.ObjectGuid} | select name, givenname, surname | export-csv c:\users\username\desktop\unusedaccounts.csv -NoTypeInformation

Open in new window

Yup, still fails.

I've tried dropping it all the way back to just "Search-ADAccount -SearchBase "OU=MyOU,DC=MyDomain,DC=lcl" and it fails there.  The DN I'm using is valid and I've tried running the AD module with and without elevated privs.
Ok break it down and see whats failing for you...

$Temp = Search-ADAccount -SearchBase "OU=YourOU,DC=yourdomain, DC=com" | Where{$_.enabled -eq $true}

$Temp2 = $Temp | %{Get-ADUser $_.ObjectGuid} | select name, givenname, surname

$Temp2 | export-csv c:\users\username\desktop\unusedaccounts.csv -NoTypeInformation
First line fails.

"Search-ADAccount : Parameter set cannot be resolved using the specified named parameters."
ASKER CERTIFIED SOLUTION
Avatar of Neil Russell
Neil Russell
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial