[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 335
  • Last Modified:

Active Directory users account status

Hi all,

I need your help please.

I have a list of users around 300, I need to find out if their account is enabled or disabled in AD.

I am on windows server 2008 R2
Prefer a script in power shell.
And if possible if they are enable, need to get the expired date.

Thanks
Rabih
0
Rabihhaj
Asked:
Rabihhaj
  • 18
  • 11
1 Solution
 
smithandandersenCommented:
this will get disabled account status

Search-ADAccount -AccountDisabled | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass -A

This will find account expiry within 90 days

Search-ADAccount -AccountExpiring -TimeSpan 90.00:00:00 | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass –A
0
 
RabihhajAuthor Commented:
Thanks for your post,
 I do have my list, and I am only want those users in the list to know if their account is enabled or disabled
I am not sure is the above does that.


Thanks
0
 
Pramod UbheCommented:
Copy paste below script on the computer where powershell AD module is installed and make sure input.txt file has the user logon names mentioned one per line. You can modify it as per your needs.
__________________________________________________________________________________________________


$ErrorActionPreference = "SilentlyContinue"
      Import-Module ActiveDirectory
            Function Get-UserDetails {
               Process {
                         $Result = Get-ADUser "$_" -properties AccountExpirationDate,Enabled
                              $obj = New-Object psobject
                              $obj | Add-Member NoteProperty UserName $_
                              $obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
                              $obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
                        Write-Output $obj
                  }
            }
Get-Content c:\input.txt | Get-UserDetails | ConvertTo-Csv c:\output.csv
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
RabihhajAuthor Commented:
Hi Pramod,

Is that possible to do a test on OU rather to whole domain, for now only.

Do you know a online lab where I can practising.
I prefer it some Free Lab .
Please advise the script.

Thanks
0
 
Pramod UbheCommented:
since you mentioned it for 300 users i created the script in this way, you can mention users in  input.txt one per line so that it will not query for all users.

if you want it for a specific OU I can modify it or if you just want to test it on couple of user accounts, you can mention only one or two names in the input.txt

for lab, you can explore Technet Virtual Lab but I am not sure if there is a specific lab for powershell.

http://technet.microsoft.com/en-us/virtuallabs/bb467605.aspx
0
 
RabihhajAuthor Commented:
Sorry mate,you right.

I will check this link at home and update you.

Thanks for your help.

Regards
Rabih
0
 
RabihhajAuthor Commented:
I could find a virtual power she'll to practice.

Does any one can help me please?

Thanks Rabih
0
 
Pramod UbheCommented:
what help do you need, have you tried executing the commands/scripts provided earlier?
0
 
RabihhajAuthor Commented:
I am still on leave. But will be back tomorrow.
I could not find any power shel to practice referring to your above link.
Is any way i can build a virtual lab on line including Ad,exchange etc
Please advise

Thank you
Rabih
0
 
Pramod UbheCommented:
Not that I am aware of but you can build it on your computer using VMware workstation.
0
 
RabihhajAuthor Commented:
Hi pramond,
in the input file can I add full name instead if not email address if possible.
Is the script will change? And which line.

Sorry to bother you a lots

I appropriate your quick response

Thanks
Rabih
0
 
RabihhajAuthor Commented:
Hi,  
I tried your script, did not give me any error or export a list off user. Even could not find any file call output

I appreciate you help in this matter.

Thanks
Rabih
0
 
Pramod UbheCommented:
actually i tested it in my test environment. can you just try these two commands for a specific user account or a test account, just replace <username> with actual user's login name -

Import-Module ActiveDirectory
Get-ADUser <username> -properties AccountExpirationDate,Enabled | select Name,AccountExpirationDate,Enabled
0
 
RabihhajAuthor Commented:
Hi
I have tried the below script "Import-Module ActiveDirectory
Get-ADUser <username> -properties AccountExpirationDate,Enabled | select Name,AccountExpirationDate,Enabled"



It is working, that what I need. How can I get those users(300) all together in one output

Please help

Rabih
0
 
Pramod UbheCommented:
Create a text file c:\input.txt with all those 300 users mentioned in it one per line and then copy - paste below commands in powershell. it will give you output at c:\output.csv



$ErrorActionPreference = "SilentlyContinue"
      Import-Module ActiveDirectory
            Function Get-UserDetails {
               Process {
                         $Result = Get-ADUser "$_" -properties AccountExpirationDate,Enabled
                              $obj = New-Object psobject
                              $obj | Add-Member NoteProperty UserName $_
                              $obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
                              $obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
                        Write-Output $obj
                  }
            }
Get-Content c:\input.txt | Get-UserDetails | ConvertTo-Csv c:\output.csv
0
 
RabihhajAuthor Commented:
PS H:\> .\finddisable.ps1

when i run the above file , not getting any output or error


file name : finddisable.ps1 and that what i got

$ErrorActionPreference = "SilentlyContinue"
       Import-Module ActiveDirectory
             Function Get-UserDetails {
                Process {
                          $Result = Get-ADUser "$_" -properties AccountExpirationDate,Enabled
                               $obj = New-Object psobject
                               $obj | Add-Member NoteProperty UserName $_
                               $obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
                               $obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
                         Write-Output $obj
                   }
             }
 Get-Content h:\input.txt | Get-UserDetails | ConvertTo-Csv h:\output.csv



Input.txt File  I tried wiht no SamAccountName and with the same

SamAccountName
elhajyo
test2
BBTest2

PS H:\> .\finddisable.ps1

no error  i can run Get-ADUser rabihhaj -properties AccountExpirationDate,Enabled | select Name,AccountExpirationDate,Enabled
with output

please assist i am not sure where i am having mistake

Thank you in advanse and patient

Rabih
0
 
Pramod UbheCommented:
i got it, there is a small error in syntax which i sent you incorrect. sorry for that, please try below -


$ErrorActionPreference = "SilentlyContinue"
       Import-Module ActiveDirectory
             Function Get-UserDetails {
                Process {
                          $Result = Get-ADUser "$_" -properties AccountExpirationDate,Enabled
                               $obj = New-Object psobject
                               $obj | Add-Member NoteProperty UserName $_
                               $obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
                               $obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
                         Write-Output $obj
                   }
             }
 Get-Content h:\input.txt | Get-UserDetails | ConvertTo-Csv | out-file h:\output.csv
0
 
RabihhajAuthor Commented:
Excellent ...

but i am not getting the expired day
#TYPE System.Management.Automation.PSCustomObject
"UserName","Enabled","AccountExpirationDate"
"SamAccountName",,
"elhajyo","True",
"test2","True",
"BBTest2","True",


Let say if i have an email address instead logon id what i should change in the scripts

please help
0
 
Pramod UbheCommented:
1.  You are unable to get expired day because those accounts are not set to expire. you can set expiry date on one of the test account to check it (through account properties in ADUC).

 2. for email address, use below script and make sure to mention one email address per line without any spaces in the input.txt file.


$ErrorActionPreference = "SilentlyContinue"
       Import-Module ActiveDirectory
             Function Get-UserDetails {
                Process {
                          $Result = Get-ADUser -Filter 'EmailAddress -eq "$_"' -properties AccountExpirationDate,Enabled
                               $obj = New-Object psobject
                               $obj | Add-Member NoteProperty UserName $_
                               $obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
                               $obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
                         Write-Output $obj
                   }
             }
 Get-Content h:\input.txt | Get-UserDetails | ConvertTo-Csv | out-file h:\output.csv
0
 
RabihhajAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for Rabihhaj's comment #a40060927

for the following reason:

Good Solution
0
 
Pramod UbheCommented:
Rabihhaj,

was there nothing helpful you found in my comments as you didn't assigned any points to any of my comments?
0
 
RabihhajAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for Rabihhaj's comment #a40060927

for the following reason:

I am happy with the solution. Good work
0
 
RabihhajAuthor Commented:
Sorry mate, still not sure what I did. But I am very happy with your solution


I will read your comments, this site layout is new on me. Not sure what I did
0
 
RabihhajAuthor Commented:
How about the grade option
A,B,C
0
 
RabihhajAuthor Commented:
I will read those link when I got home.

Thank you for the links
0
 
RabihhajAuthor Commented:
Thank you for your help to solve my question.
0
 
RabihhajAuthor Commented:
Hi Pramod Ubhe,

I tried to  use your above Script because i only have Email Address , i am only getting email address and the rest is Blank

it it not exporting the status account and end of the day , But if i have the user ID it working could you please look at this issue Please

"
$ErrorActionPreference = "SilentlyContinue"
        Import-Module ActiveDirectory
              Function Get-UserDetails {
                 Process {
                           $Result = Get-ADUser -Filter 'EmailAddress -eq "$_"' -properties AccountExpirationDate,Enabled
                                $obj = New-Object psobject
                                $obj | Add-Member NoteProperty UserName $_
                                $obj | Add-Member NoteProperty "Enabled" ($Result.Enabled)
                                $obj | Add-Member NoteProperty "AccountExpirationDate" ($Result.AccountExpirationDate)
                          Write-Output $obj
                    }
              }
  Get-Content h:\input.txt | Get-UserDetails | ConvertTo-Csv | out-file h:\output.csv  
"
Thanks
Rabih
0
 
Pramod UbheCommented:
i am out for at least 1-2 weeks so if you want, you can post a new question or i'll reply once back.
0
 
Pramod UbheCommented:
Rabihhaj, at this point I can give you below script to get UserIDs from email address. Then you can use the previous commands to get the required output. i haven't checked it since will be unable to do so for next two weeks.


$ErrorActionPreference = "SilentlyContinue"
       Import-Module ActiveDirectory
             Function Get-UserDetails {
                Process {
                          $Result = Get-ADUser -Filter 'EmailAddress -eq "$_"' -properties SamAccountName
                               $obj = New-Object psobject
                               $obj | Add-Member NoteProperty UserName $_
                               $obj | Add-Member NoteProperty "userID" ($Result.SamAccountName)
                         Write-Output $obj
                   }
             }
 Get-Content h:\input.txt | Get-UserDetails | out-file h:\output.txt
0
 
RabihhajAuthor Commented:
Hi Pramod,

I really like to know how i can get SID when i have email Address ,

I follow your Script   and that what Output I Got

UserName                                userID                                
--------                                ------                                
Blackberry.Test2@Domain.com                                                    
Blackberry.Test1@Domain.com                                                    
Migration4.test@Domain.com  

I have raised  a question  On this site , i am happy to give you a 500Point too
Not Urgent
Thanks
                                                 
                                                                               
                                    ...
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 18
  • 11
Tackle projects and never again get stuck behind a technical roadblock.
Join Now