PowerShell extensionAttribute1 help (comparing users older than 30 days)

I am trying to write a new logical script that will look though AD and find all users who are disabled for more than 30 days. If it finds users disabled and not touched for over 30 days it will send an email to the IT manager responsible for that user. I have a working script but it is pointing at specific OUs and is pretty much the worst thing ever made. All our users have a 3 letters in extensionAttribute1 that determines a few things. I am new to scripting and need some advice/help.  

I figured first I would pull the users who match all but the extension criteria
$users=Get-ADUser -SearchBase "DC=Company,DC=com" -Filter * -Properties Modified | Where {$_.Modified -le $(Get-Date).AddDays(-30) -and $_.Enabled -eq $false } | select SamAccountName,Modified
If I save that out to a csv it looks fine. I guess I don't know how to proceed. should I do a "foreach" and have 32 If statment for eat 3 letter attribute?
My end result is each IT manager is responsible for about 7 different 3 lettered attributes. So I am looking to get  AAA, BBB, CCC.... all in one csv and sent to that manager. HHH, III, JJJ...... saved to a csv and sent to that manager........
rebeljediAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

yo_beeDirector of Information TechnologyCommented:
I am a bit confused what you are actually asking about the AAA,BBB,CCC part.

Are you looking to see if User1 that is returned in the Get-ADuser part returns values for extensionAttribute1 and if they are in one of the first three groups (AAA,BBB,CCC) you want it to build a report then e-mail of the  7 IT managers?

If I am interpreting your questions correctly I think the code below is and idea how to handle the data with a foreach plus switch statement

option 1:
Get-ADUser  -Filter *  -Properties Modified,extensionAttribute1 | 
? {$_.Modified -le $(Get-Date).AddDays(-30) -and $_.Enabled -eq $false }| 
%{Switch($_.extensionAttribute1) 
        {
        AAA{<Do something>}
        BBB{<Do something>}
        CCC{<Do something>}
        etc.................

        }    
                
            
          }

Open in new window


Option 2:

Get-ADUser  -Filter *  -Properties Modified,extensionAttribute1 | 
? {$_.Modified -le $(Get-Date).AddDays(-30) -and $_.Enabled -eq $false }| 
%{Switch -Regex ($_.extensionAttribute1) 
        {
        [A-C][A-C][A-C] {<Do something>}
        [D-F][D-F][D-F] {<Do something>} 
        [H-L][H-L][H-L]{<Do something>}
        }    
                
            
          }

Open in new window

0
rebeljediAuthor Commented:
I think you have the right idea.  Lets say Sam is responsible for AAA, BBB and CCC. Roy is responsible for MMM, NNN, OOO.

John Doe (extensionAttribute1 = AAA)
Isaac Lawson (extensionAttribute1 = OOO)  
Jane Doe (extensionAttribute1 = AAA)
Harry Lloyed (extensionAttribute1 = BBB)
Fred Flounder (extensionAttribute1 = NNN)  
Erick Burger (extensionAttribute1 = CCC)  
Mike Lander (extensionAttribute1 = MMM)

I want to be able to run the script and have users that are disabled and not touched within 30 days saved to a CSV for either Sam or Roy depending on which one they are responsible for. So at the end I would have a CSV file for Sam and one for Roy. I would then have something like this for each Sam and Roy  
$PSEmailServer = "internal exchange"
Get-ChildItem C:\Temp\Sam.cvs Send-MailMessage -to "sam@mail.com" -from "PowerShell <me@mail.com>" -Subject "90day+ users" -body "Users that have not been touched in 90 days or more"

Let me know If I can be more specific in anyway. I will give it a go now with your option 2 and see what I can come up with.
0
yo_beeDirector of Information TechnologyCommented:
You answered my questions and it was what I though your final goal is.

I would work something up and see if it works.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

rebeljediAuthor Commented:
Hmm I looked into switches and -regex. My AAA, BBB, and CCC were examples and our real environment uses ones such as STK or NFM... It looks like the first example you gave will be the best for my situation. I have used foreach in the past with variables so I can just call on the contents of the variable. In this case how would I go about showing or saving the current user that is being compared?
0
yo_beeDirector of Information TechnologyCommented:
Is there any real pattern to these three letters and what is the attribute being used for?

Here is a preliminary snippet of code that should get your the files.  The next part is the e-mail.
I will get to that when I get home in a bit.

I did modify the code a bit to get the desired results.  You will see that I assigned a variable to the Get-ADuser part and did a ForEach loop against that collection.
$users = Get-ADUser  -Filter *  -Properties Modified,extensionAttribute1 | 
? {$_.Modified -lt $(Get-Date).AddDays(-30) -and $_.Enabled -eq $false} 
Foreach ($user in $users)
{Switch -Regex ($user.extensionAttribute1) 
        {
        [A-C][A-C][A-C]{$user.name | Out-File -FilePath $env:USERPROFILE\manager1.txt -Append}
        [D-F][D-F][D-F]{$user.Name | Out-File -FilePath $env:USERPROFILE\Manager2.txt -append}
        [H-L][H-L][H-L]{$user.Name | Out-File -FilePath $env:USERPROFILE\Manager3.txt -append}
        }    
                
            
          }

Open in new window

0
rebeljediAuthor Commented:
So the 3 letters have no pattern. Each geographic location has 3 letters assigned to it and they don't necessarily correlate to anything. TIR, NGA, QDH.......  The attribute assigns the default email address in exchange. It could have done more years ago, but for now that is what it is used for.

With
 [A-C][A-C][A-C] {<Do something>}
I tried to use [TIR][NGA] and [TIR], [NGA] and quite a few variations but only got it to work to make a single comparison per line....  can you explain  the "[A-C][A-C][A-C]"  

Thanks alot for your help, I really appreciate it!
0
yo_beeDirector of Information TechnologyCommented:
[A-C] will look at the first character and if it is an A, B or C then the second one should look at the second character and see if it contains one of those three and so on.

This is regular expressions and there is a plethora of information about it on the Internet. In short Regex are just patterns and if the call matches the pattern then it true else false.

So if you had a pattern of ABC or AAC or CAC all these are true, But if your had ADC this would not meet any of the patterns listed.

This is used a lot to variety email address patterns.

The goal is to limit the number of comparison pattern and try to cover the range of items you are trying to compare.

In your case it does not look like that will work.
0
rebeljediAuthor Commented:
Ah yes. I looked it up briefly and that was why I had switched to the 1st example you gave. I will play around with what you have given me and wait until you get a chance to look into the rest.
0
yo_beeDirector of Information TechnologyCommented:
Can you export all the extensionAttribute1 and along with the pseudo name of the managers.
I would like to see the content.

Get-ADUser  -Filter *  -Properties Modified,extensionAttribute1 | Group-object $_.extensionAttribute1
0
yo_beeDirector of Information TechnologyCommented:
So for the mean time I put together a script that works, but I think it needs a bit more logic.

$arrayList1 = @()
$arrayList2 = @()
$arrayList3 = @()
$bob = 'TEST','DTY','TPE'
$Sam = $null
$Kim = 'GRE','FRA','ESP'

$users = Get-ADUser  -Filter *  -Properties Modified,extensionAttribute1 | 
? {$_.Modified -lt $(Get-Date).AddDays(-30) -and $_.Enabled -eq $false} 
Foreach ($user in $users)
{Switch ($user.extensionAttribute1) 
        {
         #{$bob -contains $_}{$user.name}
        {$bob -contains $_}{$arrayList1 = $arrayList1 +  $user.name}
        {$Sam -contains $_}{$arrayList2= $arrayList2 +  $user.name}
        {$Kim -contains $_}{$arrayList3= $arrayList3 +  $user.name}
        }    
                

        
          }



        Foreach ($X in ($arrayList1,$arrayList2,$arrayList3))
      
             
            {
                $i = $i + 1
                If ($x -ne $null)
                     
            {
               
                Switch ($i)
                {
                1{Send-MailMessage -SmtpServer flhexcas01.flhlaw.local -to $Y -From 'bob@contoso.com'  -subject "Sending the Report" -body ($x|Out-String)}
                2{Send-MailMessage -SmtpServer flhexcas01.flhlaw.local -to $Y -From 'sam@contoso.com'  -subject "Sending the Report" -body ($x|Out-String)}
                3{Send-MailMessage -SmtpServer flhexcas01.flhlaw.local -to $Y -From 'kim@contoso.com'  -subject "Sending the Report" -body ($x|Out-String)}
                }
            }
                else
            {
                 Switch ($i)
                {
                1 {Send-MailMessage -SmtpServer flhexcas01.flhlaw.local -to $Y -From 'bob@contoso.com'  -subject "Sending the Report" -body 'Nothing for you'}
                2 {Send-MailMessage -SmtpServer flhexcas01.flhlaw.local -to $Y -From 'sam@contoso.com'  -subject "Sending the Report" -body 'Nothing for you'}
                3 {Send-MailMessage -SmtpServer flhexcas01.flhlaw.local -to $Y -From 'kim@contoso.com'  -subject "Sending the Report" -body 'Nothing for you'}
                }
            }
 }

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rebeljediAuthor Commented:
I think exporting that information would likely get me into some trouble... I used your 3rd example and and finished the script. It works as is, but maybe there is a better way?

$PSEmailServer = "server.domain.com"
$Variable1 = "C:\Scripts\UsersOver30days\Variable1.txt"
$VARIABLE2 = "C:\Scripts\UsersOver30days\VARIABLE2.txt"
$Variable3 = "C:\Scripts\UsersOver30days\Variable3.txt"
$Variable4 = "C:\Scripts\UsersOver30days\Variable4.txt"
$VARIABLE5 = "C:\Scripts\UsersOver30days\VARIABLE5.txt"
$default = "C:\Scripts\UsersOver30days\default.txt"


if (Test-Path $Variable1) {
  Remove-Item $Variable1
}
if (Test-Path $VARIABLE2) {
  Remove-Item $VARIABLE2
}
if (Test-Path $Variable3) {
  Remove-Item $Variable3
}
if (Test-Path $Variable4) {
  Remove-Item $Variable4
}
if (Test-Path $VARIABLE5) {
  Remove-Item $VARIABLE5
}
if (Test-Path $default) {
  Remove-Item $default
}


$users = Get-ADUser  -Filter *  -Properties Modified,extensionAttribute1 | 
? {$_.Modified -lt $(Get-Date).AddDays(-30) -and $_.Enabled -eq $false} 
Foreach ($user in $users)
{Switch ($user.extensionAttribute1) 
        {

        #Variable1
        DDC{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        DJL{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        DER{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        PLK{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        JKY{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        WRT{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        GTY{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        POL{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        SAD{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        ASD{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        DSA{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        SCC{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        HUJ{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        CJI{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        OIP{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        THJ{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}


        #Variable2
        KNW{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE2.txt -Append}
        FHP{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE2.txt -Append}
        PJT{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE2.txt -Append}
        OHR{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE2.txt -Append}


        #Variable3
        HTD{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable3.txt -Append}
        STF{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable3.txt -Append}
        HDI{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable3.txt -Append}
        PLM{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable3.txt -Append}

        #Variable4
        ZXN{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable4.txt -Append}
        MNH{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable4.txt -Append}
        JHG{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable4.txt -Append}
        ASK{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable4.txt -Append}

        #VARIABLE5
        AWR{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE5.txt -Append}
        UHG{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE5.txt -Append}
        AJK{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE5.txt -Append}
        AUS{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE5.txt -Append}

        #default
        default{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\MissingAttribute1.txt -Append}


        
        }    
                
            
          }


Send-MailMesvariable5ge -to "itmanager1@mail.com" -from "PowerShell <me@email.com>" -Subject "Inactive user report" -body "These users have been divariable5bled and have not modified within 30 days " -Attachments C:\Scripts\UsersOver30days\VARIABLE2.txt
Send-MailMesvariable5ge -to "itmanager2@mail.com" -from "PowerShell <me@email.com>" -Subject "Inactive user report" -body "These users have been divariable5bled and have not modified within 30 days " -Attachments C:\Scripts\UsersOver30days\Variable1.txt
Send-MailMesvariable5ge -to "itmanager3@mail.com" -from "PowerShell <me@email.com>" -Subject "Inactive user report" -body "These users have been divariable5bled and have not modified within 30 days " -Attachments C:\Scripts\UsersOver30days\Variable3.txt
Send-MailMesvariable5ge -to "itmanager4@mail.com" -from "PowerShell <me@email.com>" -Subject "Inactive user report" -body "These users have been divariable5bled and have not modified within 30 days " -Attachments C:\Scripts\UsersOver30days\Variable4.txt
Send-MailMesvariable5ge -to "itmanager@mail.com" -from "PowerShell <me@email.com>" -Subject "Inactive user report" -body "These users have been divariable5bled and have not modified within 30 days " -Attachments C:\Scripts\UsersOver30days\VARIABLE5.txt
Send-MailMesvariable5ge -to "me@email.com" -from "PowerShell <me@email.com>" -Subject "Inactive user report" -body "These users have been divariable5bled and have not modified within 30 days " -Attachments C:\Scripts\UsersOver30days\default.txt 

Open in new window

0
rebeljediAuthor Commented:
Oh woops! I just now saw your last post. I did not refresh my browser. I will take a look.
0
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.