Link to home
Start Free TrialLog in
Avatar of rebeljedi
rebeljedi

asked on

PowerShell extensionAttribute1 help (comparing users older than 30 days)

I am trying to write a new logical script that will look though AD and find all users who are disabled for more than 30 days. If it finds users disabled and not touched for over 30 days it will send an email to the IT manager responsible for that user. I have a working script but it is pointing at specific OUs and is pretty much the worst thing ever made. All our users have a 3 letters in extensionAttribute1 that determines a few things. I am new to scripting and need some advice/help.  

I figured first I would pull the users who match all but the extension criteria
$users=Get-ADUser -SearchBase "DC=Company,DC=com" -Filter * -Properties Modified | Where {$_.Modified -le $(Get-Date).AddDays(-30) -and $_.Enabled -eq $false } | select SamAccountName,Modified
If I save that out to a csv it looks fine. I guess I don't know how to proceed. should I do a "foreach" and have 32 If statment for eat 3 letter attribute?
My end result is each IT manager is responsible for about 7 different 3 lettered attributes. So I am looking to get  AAA, BBB, CCC.... all in one csv and sent to that manager. HHH, III, JJJ...... saved to a csv and sent to that manager........
Avatar of yo_bee
yo_bee
Flag of United States of America image
I am a bit confused what you are actually asking about the AAA,BBB,CCC part.

Are you looking to see if User1 that is returned in the Get-ADuser part returns values for extensionAttribute1 and if they are in one of the first three groups (AAA,BBB,CCC) you want it to build a report then e-mail of the  7 IT managers?

If I am interpreting your questions correctly I think the code below is and idea how to handle the data with a foreach plus switch statement

option 1:
Get-ADUser  -Filter *  -Properties Modified,extensionAttribute1 | 
? {$_.Modified -le $(Get-Date).AddDays(-30) -and $_.Enabled -eq $false }| 
%{Switch($_.extensionAttribute1) 
        {
        AAA{<Do something>}
        BBB{<Do something>}
        CCC{<Do something>}
        etc.................

        }    
                
            
          }

Open in new window


Option 2:

Get-ADUser  -Filter *  -Properties Modified,extensionAttribute1 | 
? {$_.Modified -le $(Get-Date).AddDays(-30) -and $_.Enabled -eq $false }| 
%{Switch -Regex ($_.extensionAttribute1) 
        {
        [A-C][A-C][A-C] {<Do something>}
        [D-F][D-F][D-F] {<Do something>} 
        [H-L][H-L][H-L]{<Do something>}
        }    
                
            
          }

Open in new window

Avatar of rebeljedi
rebeljedi

ASKER

I think you have the right idea.  Lets say Sam is responsible for AAA, BBB and CCC. Roy is responsible for MMM, NNN, OOO.

John Doe (extensionAttribute1 = AAA)
Isaac Lawson (extensionAttribute1 = OOO)  
Jane Doe (extensionAttribute1 = AAA)
Harry Lloyed (extensionAttribute1 = BBB)
Fred Flounder (extensionAttribute1 = NNN)  
Erick Burger (extensionAttribute1 = CCC)  
Mike Lander (extensionAttribute1 = MMM)

I want to be able to run the script and have users that are disabled and not touched within 30 days saved to a CSV for either Sam or Roy depending on which one they are responsible for. So at the end I would have a CSV file for Sam and one for Roy. I would then have something like this for each Sam and Roy  
$PSEmailServer = "internal exchange"
Get-ChildItem C:\Temp\Sam.cvs Send-MailMessage -to "sam@mail.com" -from "PowerShell <me@mail.com>" -Subject "90day+ users" -body "Users that have not been touched in 90 days or more"

Let me know If I can be more specific in anyway. I will give it a go now with your option 2 and see what I can come up with.
Avatar of yo_bee
yo_bee
Flag of United States of America image
You answered my questions and it was what I though your final goal is.

I would work something up and see if it works.
Avatar of rebeljedi
rebeljedi

ASKER

Hmm I looked into switches and -regex. My AAA, BBB, and CCC were examples and our real environment uses ones such as STK or NFM... It looks like the first example you gave will be the best for my situation. I have used foreach in the past with variables so I can just call on the contents of the variable. In this case how would I go about showing or saving the current user that is being compared?
Avatar of yo_bee
yo_bee
Flag of United States of America image
Is there any real pattern to these three letters and what is the attribute being used for?

Here is a preliminary snippet of code that should get your the files.  The next part is the e-mail.
I will get to that when I get home in a bit.

I did modify the code a bit to get the desired results.  You will see that I assigned a variable to the Get-ADuser part and did a ForEach loop against that collection.
$users = Get-ADUser  -Filter *  -Properties Modified,extensionAttribute1 | 
? {$_.Modified -lt $(Get-Date).AddDays(-30) -and $_.Enabled -eq $false} 
Foreach ($user in $users)
{Switch -Regex ($user.extensionAttribute1) 
        {
        [A-C][A-C][A-C]{$user.name | Out-File -FilePath $env:USERPROFILE\manager1.txt -Append}
        [D-F][D-F][D-F]{$user.Name | Out-File -FilePath $env:USERPROFILE\Manager2.txt -append}
        [H-L][H-L][H-L]{$user.Name | Out-File -FilePath $env:USERPROFILE\Manager3.txt -append}
        }    
                
            
          }

Open in new window

Avatar of rebeljedi
rebeljedi

ASKER

So the 3 letters have no pattern. Each geographic location has 3 letters assigned to it and they don't necessarily correlate to anything. TIR, NGA, QDH.......  The attribute assigns the default email address in exchange. It could have done more years ago, but for now that is what it is used for.

With
 [A-C][A-C][A-C] {<Do something>}
I tried to use [TIR][NGA] and [TIR], [NGA] and quite a few variations but only got it to work to make a single comparison per line....  can you explain  the "[A-C][A-C][A-C]"  

Thanks alot for your help, I really appreciate it!
Avatar of yo_bee
yo_bee
Flag of United States of America image
[A-C] will look at the first character and if it is an A, B or C then the second one should look at the second character and see if it contains one of those three and so on.

This is regular expressions and there is a plethora of information about it on the Internet. In short Regex are just patterns and if the call matches the pattern then it true else false.

So if you had a pattern of ABC or AAC or CAC all these are true, But if your had ADC this would not meet any of the patterns listed.

This is used a lot to variety email address patterns.

The goal is to limit the number of comparison pattern and try to cover the range of items you are trying to compare.

In your case it does not look like that will work.
Avatar of rebeljedi
rebeljedi

ASKER

Ah yes. I looked it up briefly and that was why I had switched to the 1st example you gave. I will play around with what you have given me and wait until you get a chance to look into the rest.
Avatar of yo_bee
yo_bee
Flag of United States of America image
Can you export all the extensionAttribute1 and along with the pseudo name of the managers.
I would like to see the content.

Get-ADUser  -Filter *  -Properties Modified,extensionAttribute1 | Group-object $_.extensionAttribute1
ASKER CERTIFIED SOLUTION
Avatar of yo_bee
yo_bee
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of rebeljedi
rebeljedi

ASKER

I think exporting that information would likely get me into some trouble... I used your 3rd example and and finished the script. It works as is, but maybe there is a better way?

$PSEmailServer = "server.domain.com"
$Variable1 = "C:\Scripts\UsersOver30days\Variable1.txt"
$VARIABLE2 = "C:\Scripts\UsersOver30days\VARIABLE2.txt"
$Variable3 = "C:\Scripts\UsersOver30days\Variable3.txt"
$Variable4 = "C:\Scripts\UsersOver30days\Variable4.txt"
$VARIABLE5 = "C:\Scripts\UsersOver30days\VARIABLE5.txt"
$default = "C:\Scripts\UsersOver30days\default.txt"


if (Test-Path $Variable1) {
  Remove-Item $Variable1
}
if (Test-Path $VARIABLE2) {
  Remove-Item $VARIABLE2
}
if (Test-Path $Variable3) {
  Remove-Item $Variable3
}
if (Test-Path $Variable4) {
  Remove-Item $Variable4
}
if (Test-Path $VARIABLE5) {
  Remove-Item $VARIABLE5
}
if (Test-Path $default) {
  Remove-Item $default
}


$users = Get-ADUser  -Filter *  -Properties Modified,extensionAttribute1 | 
? {$_.Modified -lt $(Get-Date).AddDays(-30) -and $_.Enabled -eq $false} 
Foreach ($user in $users)
{Switch ($user.extensionAttribute1) 
        {

        #Variable1
        DDC{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        DJL{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        DER{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        PLK{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        JKY{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        WRT{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        GTY{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        POL{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        SAD{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        ASD{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        DSA{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        SCC{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        HUJ{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        CJI{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        OIP{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}
        THJ{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable1.txt -Append}


        #Variable2
        KNW{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE2.txt -Append}
        FHP{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE2.txt -Append}
        PJT{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE2.txt -Append}
        OHR{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE2.txt -Append}


        #Variable3
        HTD{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable3.txt -Append}
        STF{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable3.txt -Append}
        HDI{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable3.txt -Append}
        PLM{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable3.txt -Append}

        #Variable4
        ZXN{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable4.txt -Append}
        MNH{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable4.txt -Append}
        JHG{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable4.txt -Append}
        ASK{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\Variable4.txt -Append}

        #VARIABLE5
        AWR{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE5.txt -Append}
        UHG{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE5.txt -Append}
        AJK{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE5.txt -Append}
        AUS{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\VARIABLE5.txt -Append}

        #default
        default{$user.Name | Out-File -FilePath C:\Scripts\UsersOver30Days\MissingAttribute1.txt -Append}


        
        }    
                
            
          }


Send-MailMesvariable5ge -to "itmanager1@mail.com" -from "PowerShell <me@email.com>" -Subject "Inactive user report" -body "These users have been divariable5bled and have not modified within 30 days " -Attachments C:\Scripts\UsersOver30days\VARIABLE2.txt
Send-MailMesvariable5ge -to "itmanager2@mail.com" -from "PowerShell <me@email.com>" -Subject "Inactive user report" -body "These users have been divariable5bled and have not modified within 30 days " -Attachments C:\Scripts\UsersOver30days\Variable1.txt
Send-MailMesvariable5ge -to "itmanager3@mail.com" -from "PowerShell <me@email.com>" -Subject "Inactive user report" -body "These users have been divariable5bled and have not modified within 30 days " -Attachments C:\Scripts\UsersOver30days\Variable3.txt
Send-MailMesvariable5ge -to "itmanager4@mail.com" -from "PowerShell <me@email.com>" -Subject "Inactive user report" -body "These users have been divariable5bled and have not modified within 30 days " -Attachments C:\Scripts\UsersOver30days\Variable4.txt
Send-MailMesvariable5ge -to "itmanager@mail.com" -from "PowerShell <me@email.com>" -Subject "Inactive user report" -body "These users have been divariable5bled and have not modified within 30 days " -Attachments C:\Scripts\UsersOver30days\VARIABLE5.txt
Send-MailMesvariable5ge -to "me@email.com" -from "PowerShell <me@email.com>" -Subject "Inactive user report" -body "These users have been divariable5bled and have not modified within 30 days " -Attachments C:\Scripts\UsersOver30days\default.txt

Open in new window

Avatar of rebeljedi
rebeljedi

ASKER

Oh woops! I just now saw your last post. I did not refresh my browser. I will take a look.
Avatar of Seth Simmons
Seth Simmons
Flag of United States of America image
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.