MilesLogan
asked on
Script not catching all AD accounts
HI EE
SubSun helped me with the script below and I needed a bit of help on it .. the scrtipt is not outputing any SamAccountNames on the report that are not found in AD .
So lets say I have 10 SAmAccountNames in the TermUsers.txt file and one of those is not a valid AD Accunt . The output file will add a line for the previous sam account name on the list that is valid and it will tag it with Directory object not found .
It should add the Directory object not found with the SamAccountName that was not found in AD.
Import-Module ActiveDirectory
Function De-Provision {
[CmdletBinding()]
param(
[Parameter(Mandatory=$True ,ValueFrom Pipeline=$ True,Value FromPipeli nebyProper tyName=$Tr ue)]
[String]$SAMAccountName,
[Parameter(Mandatory=$True ,ValueFrom Pipelineby PropertyNa me=$True)]
[String]$Disabledby
)
process {
$user = Get-ADUser $SAMAccountName -properties memberof,Enabled
$report = "c:\Powershell\Term\groups _$($user.S AMAccountN ame)_$(Get -date -f dd-MM-yyyy).txt"
"=============== UserName $($user.SAMAccountName)=== ========== ==" >> $report
"$($user.distinguishedName )" >> $report
#Disable User
If ($user.Enabled -eq $true)
{
$user | Disable-ADAccount
"$($user.SAMAccountName) is disabled by script" >> $report
$Dis = "Disabled by script"
}
Elseif ($user.Enabled -eq $False) {
"$($user.SAMAccountName) is already disabled" >> $report
$Dis = "Already disabled"
$user | Set-ADUser -Office "Nightly Term Report $Disabledby $(Get-date)"
}
#Remove Group membership
Try{
$Groups = Get-ADPrincipalGroupMember ship $user
"Group membership $($user.SAMAccountName)" >> $report
$Groups | Select -ExpandProperty Name >> $report
$Groups | ?{$_.Name -ne "Domain Users"} |%{Remove-ADPrincipalGroup Membership $user -MemberOf $_ -Confirm:$False}
"Removed group membership for $($user.SAMAccountName)" >> $report
}
Catch{
"Error in group membership removal for $($user.SAMAccountName) : $($_.Exception.Message)" >> $report
}
#Move user object
Try{
$user | Move-ADObject -TargetPath "OU=My,DC=org" -EA STOP
"Moved user $($user.SAMAccountName) to Disabled Accounts OU" >> $report
$Move = "Moved user"
}
Catch{
"Error in moving user $($user.SAMAccountName) : $($_.Exception.Message)" >> $report
$Move = $_.Exception.Message
}
New-Object PSObject -Property @{
SAMAccountName = $user.SAMAccountName
MoveStat = $Move
Disabled = $Dis
DN = $user.distinguishedName
}
}
}
GC TermUsers.txt | De-Provision -DisabledBy "Name" | Export-csv "c:\Powershell\Term\Nightl yTermRepor t_$(Get-da te -f dd-MM-yyy-hhmmss).csv" -NTI
SubSun helped me with the script below and I needed a bit of help on it .. the scrtipt is not outputing any SamAccountNames on the report that are not found in AD .
So lets say I have 10 SAmAccountNames in the TermUsers.txt file and one of those is not a valid AD Accunt . The output file will add a line for the previous sam account name on the list that is valid and it will tag it with Directory object not found .
It should add the Directory object not found with the SamAccountName that was not found in AD.
Import-Module ActiveDirectory
Function De-Provision {
[CmdletBinding()]
param(
[Parameter(Mandatory=$True
[String]$SAMAccountName,
[Parameter(Mandatory=$True
[String]$Disabledby
)
process {
$user = Get-ADUser $SAMAccountName -properties memberof,Enabled
$report = "c:\Powershell\Term\groups
"=============== UserName $($user.SAMAccountName)===
"$($user.distinguishedName
#Disable User
If ($user.Enabled -eq $true)
{
$user | Disable-ADAccount
"$($user.SAMAccountName) is disabled by script" >> $report
$Dis = "Disabled by script"
}
Elseif ($user.Enabled -eq $False) {
"$($user.SAMAccountName) is already disabled" >> $report
$Dis = "Already disabled"
$user | Set-ADUser -Office "Nightly Term Report $Disabledby $(Get-date)"
}
#Remove Group membership
Try{
$Groups = Get-ADPrincipalGroupMember
"Group membership $($user.SAMAccountName)" >> $report
$Groups | Select -ExpandProperty Name >> $report
$Groups | ?{$_.Name -ne "Domain Users"} |%{Remove-ADPrincipalGroup
"Removed group membership for $($user.SAMAccountName)" >> $report
}
Catch{
"Error in group membership removal for $($user.SAMAccountName) : $($_.Exception.Message)" >> $report
}
#Move user object
Try{
$user | Move-ADObject -TargetPath "OU=My,DC=org" -EA STOP
"Moved user $($user.SAMAccountName) to Disabled Accounts OU" >> $report
$Move = "Moved user"
}
Catch{
"Error in moving user $($user.SAMAccountName) : $($_.Exception.Message)" >> $report
$Move = $_.Exception.Message
}
New-Object PSObject -Property @{
SAMAccountName = $user.SAMAccountName
MoveStat = $Move
Disabled = $Dis
DN = $user.distinguishedName
}
}
}
GC TermUsers.txt | De-Provision -DisabledBy "Name" | Export-csv "c:\Powershell\Term\Nightl
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You just have to insert a Select-Object command before Export-CSV and specify the properties in the order you want.
GC TermUsers.txt | De-Provision -DisabledBy "Name" | Select SAMAccountName,Disabled,MoveStat,DN | Export-csv "c:\Powershell\Term\NightlyTermReport_$(Get-date -f dd-MM-yyy-hhmmss).csv" -NTI
ASKER
Thank you footech !! helped me out alot !
ASKER
The output file is in the order below ..
MoveStat,Disabled,DN, SAMAccountName
Can you help me change it to the order below ??
SAMAccountName,Disabled,Mo