Solved

Check accounts in Group and if Disabled , change to Enable

Posted on 2016-08-29
4
33 Views
Last Modified: 2016-08-30
Hi EE

Should this be done differently ? I need to check an AD group and if an account is disabled , I need it to be enabled .
The group will have more than 5000 users and disabled users will vary from 1 - 10 at most .

The script below will work on a small group but on a large group how would you all do it ?

import-module ActiveDirectiry
Get-ADGroupMember -Identity MyGroup | select -expandproperty SamAccountName  | % {Enable-ADAccount  -Identity $_ }

Open in new window

0
Comment
Question by:MilesLogan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 41775779
No need to pull 5000 accounts from AD, just to filter out nearly all of them. Filter right at the source:
Import-Module ActiveDirectory
$Group = Get-ADGroup -Identity MyGroup
Get-ADUser -Filter {(Enabled -eq $False) -and (MemberOf -eq $Group.DistinguishedName)} | Enable-ADAccount -Verbose

Open in new window


Edit: added -Verbose to Enable-ADAccount
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 41776470
Thank you oBdA .. works perfect but can you explain to me what -verbose does ? or where I can read about it ?
0
 
LVL 84

Expert Comment

by:oBdA
ID: 41776485
-Verbose is one of the common parameters (like WarningAction, ErrorAction, Whatif, ...); if the cmdlet supports it, it sends verbose output to the verbose stream.
Get-Help -Name about_CommonParameters -ShowWindow

Open in new window

0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 41776506
Thank you oBdA ! your are always there to help .
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question