Help with powershell script

Skip Hofmann 341 Reputation points

Hello all

Hello all

This is what i am trying to accomplish.

  1. csv file contains a list of users UPN (header in csv = upn)
  2. script reads all users from csv import file (step1.) does a compare or hash table against users in three specific OU's in AD using (upn).
  3. If a match is found, extend account expiration + 90 days from the day the script is run
  4. if a match is not found write the non matched accounts to a separate .csv file

I cant get the differences between the import .csv file and what is found in the OU's written to the output file

$OUNames = "OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=test-tech,DC=com", "OU=BPO and RPA,OU=Cognizant,OU=Consultants,OU=Users,OU=Corp,DC=test-tech,DC=com"
 Import-Csv C:\temp\test2.csv |
          $u = get-aduser -Filter "userPrincipalName -eq '$($_.upn)'"
             if ($u){
             $OU = $u.DistinguishedName.Substring($u.DistinguishedName.IndexOf('OU=',[System.StringComparison]::CurrentCultureIgnoreCase))
             if ($OUNames -contains $OU){
                 Set-ADAccountExpiration -Identity $u.distinguishedName -TimeSpan 90.0:0
         else {
     } | Export-Csv C:\temp\WhoAreThesePeople.csv -NoTypeInformation
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,381 questions
0 comments No comments
{count} votes

Accepted answer
  1. Rich Matheisen 45,091 Reputation points

    Try this one:

    $OUNames = "OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=test-tech,DC=com", "OU=BPO and RPA,OU=Cognizant,OU=Consultants,OU=Users,OU=Corp,DC=test-tech,DC=com"
    # Load hash with UPNs
    $UPNs = @{}
    $OUNames |
            Get-ADUser -Filter * -SearchBase $_ -SearchScope OneLevel |
                    $UPNs[$_.UserPrincipalName] = $false
    Import-Csv C:\temp\test2.csv |
        ForEach-Object {
            $u = get-aduser -Filter "userPrincipalName -eq '$($_.upn)'"
            if ($u) {
                        Set-ADAccountExpiration -Identity $u.distinguishedName -TimeSpan 90.0:0
                        $UPNs.($_.UPN) = $true
            }  else {
                    UPN = $_.UPN
                    Reason = "UPN not found in AD"
        } | Export-CSV C:Temp\NotInAD.csv -NoTypeInformation
            if (-not $_.Value){
                    UPN = $_.Key
                    Reason = "UPN not in CSV, or UPN in different OU"
        } | Export-Csv C:\Temp\NotInCSV.csv -NoTypeInformation

5 additional answers

Sort by: Oldest
  1. MotoX80 31,656 Reputation points

    What error do you get? Examine the data before you try to write it to the csv.

    $WhoAreThesePeople = @() 
     $OUNames = "OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=test-tech,DC=com", "OU=BPO and RPA,OU=Cognizant,OU=Consultants,OU=Users,OU=Corp,DC=test-tech,DC=com"
      Import-Csv C:\temp\test2.csv |
               $u = get-aduser -Filter "userPrincipalName -eq '$($_.upn)'"
                  if ($u){
                  $OU = $u.DistinguishedName.Substring($u.DistinguishedName.IndexOf('OU=',[System.StringComparison]::CurrentCultureIgnoreCase))
                  if ($OUNames -contains $OU){
                      Set-ADAccountExpiration -Identity $u.distinguishedName -TimeSpan 90.0:0
                      $WhoAreThesePeople+= $_
              else {
                  $WhoAreThesePeople+= $_
    "Here are the people we can't find"
    $WhoAreThesePeople | Export-Csv C:\temp\WhoAreThesePeople.csv -NoTypeInformation

  2. Rich Matheisen 45,091 Reputation points

    The exported CSV's contents will only include the same information found in your imported CSV.

  3. MotoX80 31,656 Reputation points

    Keep count of where in your processing you might have an error.

     $WhoAreThesePeople = @() 
     $FoundUser = 0
     $UserInOU = 0
     $GotOne = 0
     $NotInOU = 0  
     $UnknowUser = 0 
     $OUNames = "OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=test-tech,DC=com", "OU=BPO and RPA,OU=Cognizant,OU=Consultants,OU=Users,OU=Corp,DC=test-tech,DC=com"
      Import-Csv C:\temp\test2.csv |
          ForEach-Object {
               $u = get-aduser -Filter "userPrincipalName -eq '$($_.upn)'"
               if ($u) {
                    $OU = $u.DistinguishedName.Substring($u.DistinguishedName.IndexOf('OU=',[System.StringComparison]::CurrentCultureIgnoreCase))
                    if ($OUNames -contains $OU) {
                        $GotOne++                                    # fixed per Rich 
                        Set-ADAccountExpiration -Identity $u.distinguishedName -TimeSpan 90.0:0
                    } else {
                        $WhoAreThesePeople+= $_
               }  else {
                    $WhoAreThesePeople+= $_
     "We found {0} users." -f $FoundUser 
     "Of the users that we found, {0} were NOT in the OU." -f $NotInOU   
     "Expiration was set on {0} users." -f $GotOne
     "Count of users NOT found in AD: {0}" -f $UnknowUser  
     $WhoAreThesePeople | Export-Csv C:\temp\WhoAreThesePeople.csv -NoTypeInformation

  4. Skip Hofmann 341 Reputation points

    To make things easier. I am testing against one OU. If i run $OU and $o2 the OU matches exactly what is found in $OUNames
