Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Check accounts in Group and if Disabled , change to Enable

Posted on 2016-08-29
4
Medium Priority
?
36 Views
Last Modified: 2016-08-30
Hi EE

Should this be done differently ? I need to check an AD group and if an account is disabled , I need it to be enabled .
The group will have more than 5000 users and disabled users will vary from 1 - 10 at most .

The script below will work on a small group but on a large group how would you all do it ?

import-module ActiveDirectiry
Get-ADGroupMember -Identity MyGroup | select -expandproperty SamAccountName  | % {Enable-ADAccount  -Identity $_ }

Open in new window

0
Comment
Question by:MilesLogan
  • 2
  • 2
4 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 41775779
No need to pull 5000 accounts from AD, just to filter out nearly all of them. Filter right at the source:
Import-Module ActiveDirectory
$Group = Get-ADGroup -Identity MyGroup
Get-ADUser -Filter {(Enabled -eq $False) -and (MemberOf -eq $Group.DistinguishedName)} | Enable-ADAccount -Verbose

Open in new window


Edit: added -Verbose to Enable-ADAccount
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 41776470
Thank you oBdA .. works perfect but can you explain to me what -verbose does ? or where I can read about it ?
0
 
LVL 85

Expert Comment

by:oBdA
ID: 41776485
-Verbose is one of the common parameters (like WarningAction, ErrorAction, Whatif, ...); if the cmdlet supports it, it sends verbose output to the verbose stream.
Get-Help -Name about_CommonParameters -ShowWindow

Open in new window

0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 41776506
Thank you oBdA ! your are always there to help .
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question