Solved

Powershell command to list non-existent users in new domain

Posted on 2013-11-25
5
584 Views
Last Modified: 2014-01-09
To keep it simple.....We are in the process of migrating from two legacy domains to one new domain.  I am trying to compare the list of user accounts (DisabledAccts.txt) that exist in the old domain (The SamAccountNames from the legacy domains are listed in a text file.) with the new domain to see which accounts exist in both domains.  I'm using Powershell.  My commands are this (all one line if it doesn't appear that way):

get-content C:\Results\DisabledAccts.txt | Get-ADUser -Filter * -Properties * -SearchBase "OU=Domain Users,DC=company,DC=local" -SearchScope Subtree| Select-Object Name,Samaccountname,Enabled,distinguishedname |export-csv C:\Results\DisabledBothDomains.CSV

However, If an account in the DisabledAccts.txt file is not found in the new domain, I'd like a separate list created that at least outputs the SamAccountName from the DisabledAccts.Txt list to a different text file, so that accounts not in the new domain can be identified.

Is there an easy way to do this in Powershell?  When an account isn't found, when I output to the console, I see something like this "Get-ADUser : Cannot find an object with identity: " followed by the username.
0
Comment
Question by:Darthyw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39675535
Since i am not powershell Expert, but You can do it with AD saved queries and excel Vlookup

You can create saved query in each domain to list down all existing user accounts with "pre windows 2000 account name" or logonName and then export those query results to csv files

Open both csv file with excel and run vlookup against them to identify \ compare similar and dissimilar object

Dissimilar object are not migrated from source

Optionally you can use "highlight duplicate cells" feature in Excel.

Mahesh
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39675764
Try..
$logfile = "C:\temp\log.txt"
Set-Content $logfile $null
	Get-content C:\Results\DisabledAccts.txt | % {
	$User = $_
	Try {
	Get-ADUser $User -Properties * -SearchBase "OU=Domain Users,DC=company,DC=local" -SearchScope Subtree -EA STOP | Select-Object Name,Samaccountname,Enabled,distinguishedname
	}
	Catch{
	Add-Content $logfile $User
	}
} | Export-Csv C:\Results\DisabledBothDomains.CSV -nti

Open in new window

C:\temp\log.txt will have all accounts which are not there in AD..
0
 

Author Comment

by:Darthyw
ID: 39681430
Thanks Subsun.  I see what you're aiming to do with the Try and Catch.  Something is still not quite right.  The script creates the LOG.TXT, and catches the user accounts not found in the Domain Users....but it catches all the user accounts from the original DisabledAccts.txt as if the Get-ADUser part of the script is not working correctly.
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39681447
Did you update correct SearchBase in script?

Change line 9 to following and rerun the script. This will help you to capture the errors in log file..
Add-Content $logfile "$User - Error $($_.Exception.Message)"

Open in new window

0
 

Author Comment

by:Darthyw
ID: 39768508
Thanks Subsun.  I got tied up and moved onto other work, but I'll give you the points for the effort.  I'm just not sure where the issue in the script was, and am no longer there to look at it.  Thanks.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question