Indie101
asked on
Find enabled users in a OU
Lets just say I need to check for enabled users in an OU where all users should be disabled, trying the below without success
Terminated Users OU is nested inside Disabled Objects OU
Get-ADUser -Filter * -SearchBase "OU=Disabled Objects,OU=Terminated Users,DC=test,DC=com" -Properties Name, sAMAccountName, Enabled | ? {$_Enabled -eq $true} | select Name, sAMAccountName, Enabled | Export-csv "c:\disabledusers.csv" -NoTypeInformation
I get the below error, does this guarantee that no enabled users exist , or should it return something else
Get-ADUser : Directory object not found
At line:1 char:1
+ Get-ADUser -Filter * -SearchBase "OU=Disabled Objects,OU=Terminated U ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-ADUser], ADIdentityNotFoundExceptio n
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Micr osoft.Acti veDirector y.Manageme nt.ADIdent ityNotFoun dException ,Microsoft .ActiveDir ectory.Man agement.Co mmands.Get AD
User
Terminated Users OU is nested inside Disabled Objects OU
Get-ADUser -Filter * -SearchBase "OU=Disabled Objects,OU=Terminated Users,DC=test,DC=com" -Properties Name, sAMAccountName, Enabled | ? {$_Enabled -eq $true} | select Name, sAMAccountName, Enabled | Export-csv "c:\disabledusers.csv" -NoTypeInformation
I get the below error, does this guarantee that no enabled users exist , or should it return something else
Get-ADUser : Directory object not found
At line:1 char:1
+ Get-ADUser -Filter * -SearchBase "OU=Disabled Objects,OU=Terminated U ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-ADUser], ADIdentityNotFoundExceptio
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Micr
User
ASKER
Yes I should have pointed that out, working away for other scripts
RSAT is installed etc
RSAT is installed etc
Check to see if you have the activedirectory module...
get-module -listavailable
import it...
import-module activedirectory
get-module -listavailable
import it...
import-module activedirectory
Ok module is loaded, did you run the script on a DC?
Next, did you check in adsiedit the path is correct?
OU=Disabled Objects,OU=Terminated Users,DC=test,DC=com
Next, did you check in adsiedit the path is correct?
OU=Disabled Objects,OU=Terminated Users,DC=test,DC=com
ASKER
@Lee Yes its imported thanks
@Patrick I will check adsiedit that is the domain (not exactly obviously but same naming convention) and I am running on a DC , RSAT installed
@Patrick I will check adsiedit that is the domain (not exactly obviously but same naming convention) and I am running on a DC , RSAT installed
Ok Thanks for checking. I am hoping your real naming convention do NOT hold spaces in OUs, just as a save and best practise.
ASKER
I haven't tried it without spaces, I tried it before for one word OU's could it be the spaces?
It depends the path indicated by adsiedit.
ASKER
Switched it around as in adsiedit it gives OU=Terminated Users,OU=Disabled Users,DC=test,DC=com as DN for OU=Terminated Users
Get same error
Get-ADUser : Directory object not found
At line:1 char:1
+ Get-ADUser -Filter * -SearchBase "OU=Terminated Users,OU=Disabled Use ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-ADUser], ADIdentityNotFoundExceptio n
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Micr osoft.Acti veDirector y.Manageme nt.ADIdent ityNotFoun dException ,Microsoft .ActiveDir ectory.Man agement.Co mmands.Get AD
User
Get same error
Get-ADUser : Directory object not found
At line:1 char:1
+ Get-ADUser -Filter * -SearchBase "OU=Terminated Users,OU=Disabled Use ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-ADUser], ADIdentityNotFoundExceptio
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Micr
User
Could you, just to be sure, import the active directory module. Line1 char1 is bugging me.
ASKER
Sure Patrick, enclosing screenshot, after using get-module -listavailable (and importing module for AD again)
AD-module.JPG
AD-module.JPG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks footech, I have run the command
Get-ADOrganizationalUnit "OU=Terminated Users,OU=Disabled Users,DC=test,DC=com"
Get-ADOrganizationalUnit : Directory object not found
I will have to check ADSIEDIT or with some of the inhouse guys here
Get-ADOrganizationalUnit "OU=Terminated Users,OU=Disabled Users,DC=test,DC=com"
Get-ADOrganizationalUnit : Directory object not found
I will have to check ADSIEDIT or with some of the inhouse guys here
ASKER
Added identity parameter to it same result, cannot find object
Get-ADOrganizationalUnit -Identity "OU=Terminated Users,OU=Disabled Users,DC=test,DC=com
Get-ADOrganizationalUnit -Identity "OU=Terminated Users,OU=Disabled Users,DC=test,DC=com
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you copying and pasting the DN? Just trying to make sure the error isn't due to a mistype or misread.
ASKER
Apologies (jeez I had disabled users) I used objects instead and received a blank csv and works fine
I'm taking it that the blank csv corresponds to it correctly?
Thanks footech and chris and lee
I'm taking it that the blank csv corresponds to it correctly?
Thanks footech and chris and lee
ASKER
is this 100% certain that no enabled users in Terminated Users?
Yes. This line returns all enabled users in the OU (and all sub-OUs).
Get-ADUser -Filter { Enabled -eq $true } -SearchBase "OU=Terminated Users,OU=Disabled Objects,DC=test,DC=com"
And I guess that's similar to your current script. So if it returns nothing there are none, the comparison is a simple one (in AD terms).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Awesome thanks guys :)
Did you import the active directory module?
Cheers