Solved

Powershell command to list non-existent users in new domain

Posted on 2013-11-25
5
598 Views
Last Modified: 2014-01-09
To keep it simple.....We are in the process of migrating from two legacy domains to one new domain.  I am trying to compare the list of user accounts (DisabledAccts.txt) that exist in the old domain (The SamAccountNames from the legacy domains are listed in a text file.) with the new domain to see which accounts exist in both domains.  I'm using Powershell.  My commands are this (all one line if it doesn't appear that way):

get-content C:\Results\DisabledAccts.txt | Get-ADUser -Filter * -Properties * -SearchBase "OU=Domain Users,DC=company,DC=local" -SearchScope Subtree| Select-Object Name,Samaccountname,Enabled,distinguishedname |export-csv C:\Results\DisabledBothDomains.CSV

However, If an account in the DisabledAccts.txt file is not found in the new domain, I'd like a separate list created that at least outputs the SamAccountName from the DisabledAccts.Txt list to a different text file, so that accounts not in the new domain can be identified.

Is there an easy way to do this in Powershell?  When an account isn't found, when I output to the console, I see something like this "Get-ADUser : Cannot find an object with identity: " followed by the username.
0
Comment
Question by:Darthyw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39675535
Since i am not powershell Expert, but You can do it with AD saved queries and excel Vlookup

You can create saved query in each domain to list down all existing user accounts with "pre windows 2000 account name" or logonName and then export those query results to csv files

Open both csv file with excel and run vlookup against them to identify \ compare similar and dissimilar object

Dissimilar object are not migrated from source

Optionally you can use "highlight duplicate cells" feature in Excel.

Mahesh
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39675764
Try..
$logfile = "C:\temp\log.txt"
Set-Content $logfile $null
	Get-content C:\Results\DisabledAccts.txt | % {
	$User = $_
	Try {
	Get-ADUser $User -Properties * -SearchBase "OU=Domain Users,DC=company,DC=local" -SearchScope Subtree -EA STOP | Select-Object Name,Samaccountname,Enabled,distinguishedname
	}
	Catch{
	Add-Content $logfile $User
	}
} | Export-Csv C:\Results\DisabledBothDomains.CSV -nti

Open in new window

C:\temp\log.txt will have all accounts which are not there in AD..
0
 

Author Comment

by:Darthyw
ID: 39681430
Thanks Subsun.  I see what you're aiming to do with the Try and Catch.  Something is still not quite right.  The script creates the LOG.TXT, and catches the user accounts not found in the Domain Users....but it catches all the user accounts from the original DisabledAccts.txt as if the Get-ADUser part of the script is not working correctly.
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39681447
Did you update correct SearchBase in script?

Change line 9 to following and rerun the script. This will help you to capture the errors in log file..
Add-Content $logfile "$User - Error $($_.Exception.Message)"

Open in new window

0
 

Author Comment

by:Darthyw
ID: 39768508
Thanks Subsun.  I got tied up and moved onto other work, but I'll give you the points for the effort.  I'm just not sure where the issue in the script was, and am no longer there to look at it.  Thanks.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question