Solved

I would like powershell script to give me list of users that are disabled in AD by using a csv file.

Posted on 2014-01-08
14
755 Views
Last Modified: 2014-03-28
I have a csv file with list of samaccountname in it. I would like to import this csv file into a powershell script that queries AD to see if the users in the csv are accounts that are disable or enabled. I need to have the answer sent to another csv file.
0
Comment
Question by:mrsnetops
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
14 Comments
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39766613
Use below liner to get details of all users.
Get-ADUser -ResultSetSize $null -Filter * -Properties * | Select DisplayName, SAMAccountName, Enabled | sort Enabled | FT -AutoSize

Open in new window

0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39766635
Your csv file should have a header as "username" or else change the $user.<username> to whatever header you have got.

$userlist = Import-Csv D:\userlist.csv
foreach($user in $userlist){
    Get-ADUser -Identity $user.username -Properties * | Select DisplayName, SAMAccountName, Enabled
    }

Open in new window

0
 

Author Comment

by:mrsnetops
ID: 39766661
I have a CSV file  that I have list of samaccountname. I need to know of this list which are disabled and which are not in Active directory. This one liner looks like it  queries AD and gives me all the disabled acounts in AD. I only want to know about the ones in the CSV that I am importing. I am trying to narrow down this list of users in the csv file.

Thanks
Jeff
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:mrsnetops
ID: 39766671
Sorry, you must have posted again while I was typing last set.  I would like the results sent to another csv file so that I can delete all the diabled accouints from the list.
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39766685
You can save the csv as xlsx and use filter to get required results

OR

Below script will display the results in PS console as well as output it to a csv file.

$report = @()
$userlist = Import-Csv D:\userlist.csv
foreach($user in $userlist){
    $userdata = Get-ADUser -Identity $user.username -Properties * | Select DisplayName, SAMAccountName, Enabled
    if($userdata.Enabled -eq "False"){
    $status = "Disabled"
    $objA = new-object psobject
    $objA | Add-Member NoteProperty -Name "Display Name" -Value $userdata.DisplayName
    $objA | Add-Member NoteProperty -Name "User Name" -Value $userdata.SAMAccountName
    $objA | Add-Member NoteProperty -Name "Status" -Value $status

    $report = $report += $objA
    }
 }
$report | FT -AutoSize

$report | Export-Csv -Path d:\Disabled-Accounts-Report.csv -NoTypeInformation

Open in new window

0
 

Author Comment

by:mrsnetops
ID: 39766743
I ran this and it worked well. But I probably didn't communitcate this in the best way.  csv results gave me all the users that are disabled which is fine but it only gave me the disable ones in the report. I guess I am really more interested in the ones from the my original list that are active enable accounts.  I am trying to narrow down this list and I know most of them are disabled but dont know which ones. So once I get the results I was going to delete the disabled users and I would only have the ones I was really interested in.  

I guess I should be able to change the  the "false" to "True" and then "disabled" to "enabled" but will it put only the enabled users in the result and dump all the disabled users.

sorry it was my mistake.

Thanks
Jeff McCormick
0
 

Author Comment

by:mrsnetops
ID: 39768131
I thought this script was working. But I was wrong. I checked the ones that came up as disabled in the csv file and they are atually active working accounts. The are not disabled.
0
 

Author Comment

by:mrsnetops
ID: 39768145
I am not trying to remove them or even change the status of these accounts I just wanted to know from the file that I am importing which ones are disabled accounts and which ones are enabled.

The list i have contain 900 accounts I would rather not have to manually go through them all to see if they are active or not.
0
 

Author Comment

by:mrsnetops
ID: 39768234
Actually upon further investigation.  This script  that eported Csv file actually contained only active accounts although the report showed them status disabled. I found all the accounts that were disabled were left out of the exported csv file.  Which in the end is what i wanted but just letting you know that the report is displaying incorrectly. I don't think this is what you intended. I am not sure how it worked like it did.

Thanks
Jeff
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39768790
Try the following code ad see if you get the expected result..
Import-Module Activedirectory
GC C:\user.txt | % {
$User = $_
	Try {
	Get-ADUser $User -Properties Enabled | Select Samaccountname,Enabled
	}
	catch{
	"" | Select @{n="Samaccountname";e={$User}},@{n="Enabled";e={"Not in AD"}}
	}
} | Export-Csv C:\report.csv -nti

Open in new window

Input file C:\user.txt format..
UserA
UserB
UserC

Open in new window

0
 
LVL 12

Accepted Solution

by:
Vaseem Mohammed earned 500 total points
ID: 39769405
Ok, found out where it went wrong.
just replace
if($userdata.Enabled -eq "False")

Open in new window

with
if($userdata.Enabled -match "False")

Open in new window

UserListuserlistDisabled AccountsdisabledAcctAlso Note on Line 4:Get-ADUser -Identity $user.username "username" is the header of column which contains SAMAccountName, if your csv file is having something else, please use that heading by replacing the word "username"
0
 

Author Comment

by:mrsnetops
ID: 39769515
Will the output report only have disabled accounts or will it show both but the ones that are disable will show status of disabled?
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39769538
I have provided the results in screenshot above, 1st one is the list of all users and second screenshot is the report generated by running script which gives those accounts that are disabled (Enabled = False)
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question