Solved

I would like powershell script to give me list of users that are disabled in AD by using a csv file.

Posted on 2014-01-08
14
741 Views
Last Modified: 2014-03-28
I have a csv file with list of samaccountname in it. I would like to import this csv file into a powershell script that queries AD to see if the users in the csv are accounts that are disable or enabled. I need to have the answer sent to another csv file.
0
Comment
Question by:mrsnetops
  • 7
  • 5
14 Comments
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39766613
Use below liner to get details of all users.
Get-ADUser -ResultSetSize $null -Filter * -Properties * | Select DisplayName, SAMAccountName, Enabled | sort Enabled | FT -AutoSize

Open in new window

0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39766635
Your csv file should have a header as "username" or else change the $user.<username> to whatever header you have got.

$userlist = Import-Csv D:\userlist.csv
foreach($user in $userlist){
    Get-ADUser -Identity $user.username -Properties * | Select DisplayName, SAMAccountName, Enabled
    }

Open in new window

0
 

Author Comment

by:mrsnetops
ID: 39766661
I have a CSV file  that I have list of samaccountname. I need to know of this list which are disabled and which are not in Active directory. This one liner looks like it  queries AD and gives me all the disabled acounts in AD. I only want to know about the ones in the CSV that I am importing. I am trying to narrow down this list of users in the csv file.

Thanks
Jeff
0
 

Author Comment

by:mrsnetops
ID: 39766671
Sorry, you must have posted again while I was typing last set.  I would like the results sent to another csv file so that I can delete all the diabled accouints from the list.
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39766685
You can save the csv as xlsx and use filter to get required results

OR

Below script will display the results in PS console as well as output it to a csv file.

$report = @()
$userlist = Import-Csv D:\userlist.csv
foreach($user in $userlist){
    $userdata = Get-ADUser -Identity $user.username -Properties * | Select DisplayName, SAMAccountName, Enabled
    if($userdata.Enabled -eq "False"){
    $status = "Disabled"
    $objA = new-object psobject
    $objA | Add-Member NoteProperty -Name "Display Name" -Value $userdata.DisplayName
    $objA | Add-Member NoteProperty -Name "User Name" -Value $userdata.SAMAccountName
    $objA | Add-Member NoteProperty -Name "Status" -Value $status

    $report = $report += $objA
    }
 }
$report | FT -AutoSize

$report | Export-Csv -Path d:\Disabled-Accounts-Report.csv -NoTypeInformation

Open in new window

0
 

Author Comment

by:mrsnetops
ID: 39766743
I ran this and it worked well. But I probably didn't communitcate this in the best way.  csv results gave me all the users that are disabled which is fine but it only gave me the disable ones in the report. I guess I am really more interested in the ones from the my original list that are active enable accounts.  I am trying to narrow down this list and I know most of them are disabled but dont know which ones. So once I get the results I was going to delete the disabled users and I would only have the ones I was really interested in.  

I guess I should be able to change the  the "false" to "True" and then "disabled" to "enabled" but will it put only the enabled users in the result and dump all the disabled users.

sorry it was my mistake.

Thanks
Jeff McCormick
0
 

Author Comment

by:mrsnetops
ID: 39768131
I thought this script was working. But I was wrong. I checked the ones that came up as disabled in the csv file and they are atually active working accounts. The are not disabled.
0
 

Author Comment

by:mrsnetops
ID: 39768145
I am not trying to remove them or even change the status of these accounts I just wanted to know from the file that I am importing which ones are disabled accounts and which ones are enabled.

The list i have contain 900 accounts I would rather not have to manually go through them all to see if they are active or not.
0
 

Author Comment

by:mrsnetops
ID: 39768234
Actually upon further investigation.  This script  that eported Csv file actually contained only active accounts although the report showed them status disabled. I found all the accounts that were disabled were left out of the exported csv file.  Which in the end is what i wanted but just letting you know that the report is displaying incorrectly. I don't think this is what you intended. I am not sure how it worked like it did.

Thanks
Jeff
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39768790
Try the following code ad see if you get the expected result..
Import-Module Activedirectory
GC C:\user.txt | % {
$User = $_
	Try {
	Get-ADUser $User -Properties Enabled | Select Samaccountname,Enabled
	}
	catch{
	"" | Select @{n="Samaccountname";e={$User}},@{n="Enabled";e={"Not in AD"}}
	}
} | Export-Csv C:\report.csv -nti

Open in new window

Input file C:\user.txt format..
UserA
UserB
UserC

Open in new window

0
 
LVL 12

Accepted Solution

by:
Vaseem Mohammed earned 500 total points
ID: 39769405
Ok, found out where it went wrong.
just replace
if($userdata.Enabled -eq "False")

Open in new window

with
if($userdata.Enabled -match "False")

Open in new window

UserListuserlistDisabled AccountsdisabledAcctAlso Note on Line 4:Get-ADUser -Identity $user.username "username" is the header of column which contains SAMAccountName, if your csv file is having something else, please use that heading by replacing the word "username"
0
 

Author Comment

by:mrsnetops
ID: 39769515
Will the output report only have disabled accounts or will it show both but the ones that are disable will show status of disabled?
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39769538
I have provided the results in screenshot above, 1st one is the list of all users and second screenshot is the report generated by running script which gives those accounts that are disabled (Enabled = False)
0

Join & Write a Comment

Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now