Solved

Active Directory users account status

Posted on 2014-04-02
36
320 Views
Last Modified: 2014-06-25
Hi all,

I need your help please.

I have a list of users around 300, I need to find out if their account is enabled or disabled in AD.

I am on windows server 2008 R2
Prefer a script in power shell.
And if possible if they are enable, need to get the expired date.

Thanks
Rabih
0
Comment
Question by:Rabihhaj
  • 18
  • 11
36 Comments
 
LVL 6

Expert Comment

by:smithandandersen
ID: 39971881
this will get disabled account status

Search-ADAccount -AccountDisabled | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass -A

This will find account expiry within 90 days

Search-ADAccount -AccountExpiring -TimeSpan 90.00:00:00 | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass –A
0
 

Author Comment

by:Rabihhaj
ID: 39973366
Thanks for your post,
 I do have my list, and I am only want those users in the list to know if their account is enabled or disabled
I am not sure is the above does that.


Thanks
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39977810
Copy paste below script on the computer where powershell AD module is installed and make sure input.txt file has the user logon names mentioned one per line. You can modify it as per your needs.
__________________________________________________________________________________________________


$ErrorActionPreference = "SilentlyContinue"
      Import-Module ActiveDirectory
            Function Get-UserDetails {
               Process {
                         $Result = Get-ADUser "$_" -properties AccountExpirationDate,Enabled
                              $obj = New-Object psobject
                              $obj | Add-Member NoteProperty UserName $_
                              $obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
                              $obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
                        Write-Output $obj
                  }
            }
Get-Content c:\input.txt | Get-UserDetails | ConvertTo-Csv c:\output.csv
0
 

Author Comment

by:Rabihhaj
ID: 39984745
Hi Pramod,

Is that possible to do a test on OU rather to whole domain, for now only.

Do you know a online lab where I can practising.
I prefer it some Free Lab .
Please advise the script.

Thanks
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39985339
since you mentioned it for 300 users i created the script in this way, you can mention users in  input.txt one per line so that it will not query for all users.

if you want it for a specific OU I can modify it or if you just want to test it on couple of user accounts, you can mention only one or two names in the input.txt

for lab, you can explore Technet Virtual Lab but I am not sure if there is a specific lab for powershell.

http://technet.microsoft.com/en-us/virtuallabs/bb467605.aspx
0
 

Author Comment

by:Rabihhaj
ID: 39985374
Sorry mate,you right.

I will check this link at home and update you.

Thanks for your help.

Regards
Rabih
0
 

Author Comment

by:Rabihhaj
ID: 39997207
I could find a virtual power she'll to practice.

Does any one can help me please?

Thanks Rabih
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40001179
what help do you need, have you tried executing the commands/scripts provided earlier?
0
 

Author Comment

by:Rabihhaj
ID: 40001247
I am still on leave. But will be back tomorrow.
I could not find any power shel to practice referring to your above link.
Is any way i can build a virtual lab on line including Ad,exchange etc
Please advise

Thank you
Rabih
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40001331
Not that I am aware of but you can build it on your computer using VMware workstation.
0
 

Author Comment

by:Rabihhaj
ID: 40005015
Hi pramond,
in the input file can I add full name instead if not email address if possible.
Is the script will change? And which line.

Sorry to bother you a lots

I appropriate your quick response

Thanks
Rabih
0
 

Author Comment

by:Rabihhaj
ID: 40018524
Hi,  
I tried your script, did not give me any error or export a list off user. Even could not find any file call output

I appreciate you help in this matter.

Thanks
Rabih
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40019334
actually i tested it in my test environment. can you just try these two commands for a specific user account or a test account, just replace <username> with actual user's login name -

Import-Module ActiveDirectory
Get-ADUser <username> -properties AccountExpirationDate,Enabled | select Name,AccountExpirationDate,Enabled
0
 

Author Comment

by:Rabihhaj
ID: 40023901
Hi
I have tried the below script "Import-Module ActiveDirectory
Get-ADUser <username> -properties AccountExpirationDate,Enabled | select Name,AccountExpirationDate,Enabled"



It is working, that what I need. How can I get those users(300) all together in one output

Please help

Rabih
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40041791
Create a text file c:\input.txt with all those 300 users mentioned in it one per line and then copy - paste below commands in powershell. it will give you output at c:\output.csv



$ErrorActionPreference = "SilentlyContinue"
      Import-Module ActiveDirectory
            Function Get-UserDetails {
               Process {
                         $Result = Get-ADUser "$_" -properties AccountExpirationDate,Enabled
                              $obj = New-Object psobject
                              $obj | Add-Member NoteProperty UserName $_
                              $obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
                              $obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
                        Write-Output $obj
                  }
            }
Get-Content c:\input.txt | Get-UserDetails | ConvertTo-Csv c:\output.csv
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 

Author Comment

by:Rabihhaj
ID: 40052939
PS H:\> .\finddisable.ps1

when i run the above file , not getting any output or error


file name : finddisable.ps1 and that what i got

$ErrorActionPreference = "SilentlyContinue"
       Import-Module ActiveDirectory
             Function Get-UserDetails {
                Process {
                          $Result = Get-ADUser "$_" -properties AccountExpirationDate,Enabled
                               $obj = New-Object psobject
                               $obj | Add-Member NoteProperty UserName $_
                               $obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
                               $obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
                         Write-Output $obj
                   }
             }
 Get-Content h:\input.txt | Get-UserDetails | ConvertTo-Csv h:\output.csv



Input.txt File  I tried wiht no SamAccountName and with the same

SamAccountName
elhajyo
test2
BBTest2

PS H:\> .\finddisable.ps1

no error  i can run Get-ADUser rabihhaj -properties AccountExpirationDate,Enabled | select Name,AccountExpirationDate,Enabled
with output

please assist i am not sure where i am having mistake

Thank you in advanse and patient

Rabih
0
 
LVL 10

Accepted Solution

by:
Pramod Ubhe earned 500 total points
ID: 40052970
i got it, there is a small error in syntax which i sent you incorrect. sorry for that, please try below -


$ErrorActionPreference = "SilentlyContinue"
       Import-Module ActiveDirectory
             Function Get-UserDetails {
                Process {
                          $Result = Get-ADUser "$_" -properties AccountExpirationDate,Enabled
                               $obj = New-Object psobject
                               $obj | Add-Member NoteProperty UserName $_
                               $obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
                               $obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
                         Write-Output $obj
                   }
             }
 Get-Content h:\input.txt | Get-UserDetails | ConvertTo-Csv | out-file h:\output.csv
0
 

Author Comment

by:Rabihhaj
ID: 40060927
Excellent ...

but i am not getting the expired day
#TYPE System.Management.Automation.PSCustomObject
"UserName","Enabled","AccountExpirationDate"
"SamAccountName",,
"elhajyo","True",
"test2","True",
"BBTest2","True",


Let say if i have an email address instead logon id what i should change in the scripts

please help
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40061463
1.  You are unable to get expired day because those accounts are not set to expire. you can set expiry date on one of the test account to check it (through account properties in ADUC).

 2. for email address, use below script and make sure to mention one email address per line without any spaces in the input.txt file.


$ErrorActionPreference = "SilentlyContinue"
       Import-Module ActiveDirectory
             Function Get-UserDetails {
                Process {
                          $Result = Get-ADUser -Filter 'EmailAddress -eq "$_"' -properties AccountExpirationDate,Enabled
                               $obj = New-Object psobject
                               $obj | Add-Member NoteProperty UserName $_
                               $obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
                               $obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
                         Write-Output $obj
                   }
             }
 Get-Content h:\input.txt | Get-UserDetails | ConvertTo-Csv | out-file h:\output.csv
0
 

Author Comment

by:Rabihhaj
ID: 40097594
I've requested that this question be closed as follows:

Accepted answer: 0 points for Rabihhaj's comment #a40060927

for the following reason:

Good Solution
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40097595
Rabihhaj,

was there nothing helpful you found in my comments as you didn't assigned any points to any of my comments?
0
 

Author Comment

by:Rabihhaj
ID: 40107692
I've requested that this question be closed as follows:

Accepted answer: 0 points for Rabihhaj's comment #a40060927

for the following reason:

I am happy with the solution. Good work
0
 

Author Comment

by:Rabihhaj
ID: 40107858
Sorry mate, still not sure what I did. But I am very happy with your solution


I will read your comments, this site layout is new on me. Not sure what I did
0
 

Author Comment

by:Rabihhaj
ID: 40107894
How about the grade option
A,B,C
0
 

Author Comment

by:Rabihhaj
ID: 40107912
I will read those link when I got home.

Thank you for the links
0
 

Author Closing Comment

by:Rabihhaj
ID: 40108171
Thank you for your help to solve my question.
0
 

Author Comment

by:Rabihhaj
ID: 40151182
Hi Pramod Ubhe,

I tried to  use your above Script because i only have Email Address , i am only getting email address and the rest is Blank

it it not exporting the status account and end of the day , But if i have the user ID it working could you please look at this issue Please

"
$ErrorActionPreference = "SilentlyContinue"
        Import-Module ActiveDirectory
              Function Get-UserDetails {
                 Process {
                           $Result = Get-ADUser -Filter 'EmailAddress -eq "$_"' -properties AccountExpirationDate,Enabled
                                $obj = New-Object psobject
                                $obj | Add-Member NoteProperty UserName $_
                                $obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
                                $obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
                          Write-Output $obj
                    }
              }
  Get-Content h:\input.txt | Get-UserDetails | ConvertTo-Csv | out-file h:\output.csv  
"
Thanks
Rabih
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40151600
i am out for at least 1-2 weeks so if you want, you can post a new question or i'll reply once back.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40154096
Rabihhaj, at this point I can give you below script to get UserIDs from email address. Then you can use the previous commands to get the required output. i haven't checked it since will be unable to do so for next two weeks.


$ErrorActionPreference = "SilentlyContinue"
       Import-Module ActiveDirectory
             Function Get-UserDetails {
                Process {
                          $Result = Get-ADUser -Filter 'EmailAddress -eq "$_"' -properties SamAccountName
                               $obj = New-Object psobject
                               $obj | Add-Member NoteProperty UserName $_
                               $obj | Add-Member NoteProperty "userID" ($Result.SamAccountName)
                         Write-Output $obj
                   }
             }
 Get-Content h:\input.txt | Get-UserDetails | out-file h:\output.txt
0
 

Author Comment

by:Rabihhaj
ID: 40158450
Hi Pramod,

I really like to know how i can get SID when i have email Address ,

I follow your Script   and that what Output I Got

UserName                                userID                                
--------                                ------                                
Blackberry.Test2@Domain.com                                                    
Blackberry.Test1@Domain.com                                                    
Migration4.test@Domain.com  

I have raised  a question  On this site , i am happy to give you a 500Point too
Not Urgent
Thanks
                                                 
                                                                               
                                    ...
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now