question

MarkLogan-6129 avatar image
0 Votes"
MarkLogan-6129 asked ·

Powershell script to search disabled users in OU from CSV and enable if exist.

Hi Everyone,

I'm not one for asking for assistance but I this one has me puzzled.

Summary

A script which imports a CSV with users, checks this imported list against an OU full of disabled users and enables and moves the users to another OU.

CSV contains the column heading "Username"
OU only contains disabled Users

This will run on a Scheduled Task each referencing a CSV which is updated each day.


Excuse for not doing this on my own.

I can usually scrape past with ugly but functional scripts doing the bare minimum it needs to get by and one of these days everything will come together and they will become things of beauty but until then ugly suits me fine.

I have had a go at pulling this together and it looks like this.

 Import-Module ActiveDirectory
    
 $GetAdminact = Get-Credential
 $searchbase = "OU=DISABLEDUSERS,OU=LAB,DC=labserver,DC=com" 
 $ReferenceUsers = Import-Csv "C:\Folder\ReferenceUsers.csv"
    
 $UserCount = 0
    
 foreach ($Account in $ReferenceUsers) {
 $Account.Username
 Get-ADUser -searchbase $searchbase -Filter * -Identity $Account.Username  -Properties Enabled | where -Property Enabled -eq $false | Enable-ADAccount -PassThru | Move-ADObject -TargetPath "OU=ENABLEDUSERS,OU=LAB,DC=labserver,DC=com"
 $usercount = $usercount +1
 }

This is not working and I suspect it is something to do with the -identity not being compatible with -searchbase.
I may be away down the wrong path with this but if anyone can assist I would be most grateful.

Please excuse me if I have violated any rules posting this here, I will fix any issues if pointed out.



windows-active-directorywindows-server-powershell
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

deniscooper avatar image
1 Vote"
deniscooper answered ·

Hi,

I would look at doing this in a slightly different way.

In your foreach loop I would run something like this.

$username = $account.username
$user = get-aduser $username -properties enabled
If($user.enabled -eq $false){
enable-adaccount
Move-Adobject.....
}

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

deniscooper avatar image
0 Votes"
deniscooper answered ·

Sorry above formatting is a bit messy but I’m on my iPad and not the easiest to type code.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RichMatheisen-8856 avatar image
1 Vote"
RichMatheisen-8856 answered ·

I think one of your problems is trying to combine the Filter and Identity parameters.

I no longer have an AD to verify that this works, but see if this works for you (assuming the 'AccountName' column in your CSV is a samAccountName!):

 $searchbase = "OU=DISABLEDUSERS,OU=LAB,DC=labserver,DC=com" 
    
 $UserCount = 0
 Import-Csv "C:\Folder\ReferenceUsers.csv" |
     ForEach-Object {
         Get-ADUser -searchbase $searchbase -Filter "samAccountName -eq $_.AccountName -and enabled -eq $false" | 
             ForEach-Object{
                 Enable-ADAccount -PassThru | 
                     Move-ADObject -TargetPath "OU=ENABLEDUSERS,OU=LAB,DC=labserver,DC=com"
                 $UserCount++
             }
     }
· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarkLogan-6129 avatar image
0 Votes"
MarkLogan-6129 answered ·

Thanks for the suggestions gents, I will try both out in my lab and get back to you tomorrow.

Rich I never you knew you could run a foreach-object nested (if that's how you even describe it.)

Looking forward to trying these out now, thanks again for getting back so quickly.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

IanXue-MSFT avatar image
1 Vote"
IanXue-MSFT answered ·

Hi,
The parameter -identity accepts type ADUser but the type of $Account.Username is String. Please check if this works for you

 $searchbase = "OU=DISABLEDUSERS,OU=LAB,DC=labserver,DC=com" 
 $ReferenceUsers = Import-Csv "C:\Folder\ReferenceUsers.csv"
 $UserCount = 0
 foreach($Account in $ReferenceUsers) { 
     #Assming Username is the SamAccountName which is unique in a domain
     $nametmp = $Account.Username   
     Get-ADUser -Filter {(SamAccountName -eq $nametmp) -and (Enabled -eq $false)} -SearchBase $searchbase | Enable-ADAccount -PassThru | Move-ADObject -TargetPath "OU=ENABLEDUSERS,OU=LAB,DC=labserver,DC=com"
     $UserCount=$UserCount+1
 }

Best Regards,
Ian

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.