Powershell script to search disabled users in OU from CSV and enable if exist.

asked 2020-09-24T20:42:44.947+00:00
Mark Logan 1 Reputation point

Hi Everyone,

I'm not one for asking for assistance but I this one has me puzzled.

Summary

A script which imports a CSV with users, checks this imported list against an OU full of disabled users and enables and moves the users to another OU.

CSV contains the column heading "Username"
OU only contains disabled Users

This will run on a Scheduled Task each referencing a CSV which is updated each day.

Excuse for not doing this on my own.

I can usually scrape past with ugly but functional scripts doing the bare minimum it needs to get by and one of these days everything will come together and they will become things of beauty but until then ugly suits me fine.

I have had a go at pulling this together and it looks like this.

Import-Module ActiveDirectory

$GetAdminact = Get-Credential
$searchbase = "OU=DISABLEDUSERS,OU=LAB,DC=labserver,DC=com" 
$ReferenceUsers = Import-Csv "C:\Folder\ReferenceUsers.csv"

$UserCount = 0

foreach ($Account in $ReferenceUsers) {
$Account.Username
Get-ADUser -searchbase $searchbase -Filter * -Identity $Account.Username  -Properties Enabled | where -Property Enabled -eq $false | Enable-ADAccount -PassThru | Move-ADObject -TargetPath "OU=ENABLEDUSERS,OU=LAB,DC=labserver,DC=com"
$usercount = $usercount +1
}

This is not working and I suspect it is something to do with the -identity not being compatible with -searchbase.
I may be away down the wrong path with this but if anyone can assist I would be most grateful.

Please excuse me if I have violated any rules posting this here, I will fix any issues if pointed out.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,594 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
4,612 questions
No comments
{count} votes

5 answers

Sort by: Most helpful
  1. answered 2020-09-24T20:59:52.617+00:00
    Denis Cooper 26 Reputation points

    Hi,

    I would look at doing this in a slightly different way.

    In your foreach loop I would run something like this.

    $username = $account.username
    $user = get-aduser $username -properties enabled
    If($user.enabled -eq $false){
    enable-adaccount
    Move-Adobject.....
    }

    No comments

  2. answered 2020-09-24T21:30:53.307+00:00
    Rich Matheisen 34,791 Reputation points

    I think one of your problems is trying to combine the Filter and Identity parameters.

    I no longer have an AD to verify that this works, but see if this works for you (assuming the 'AccountName' column in your CSV is a samAccountName!):

    $searchbase = "OU=DISABLEDUSERS,OU=LAB,DC=labserver,DC=com" 
    
    $UserCount = 0
    Import-Csv "C:\Folder\ReferenceUsers.csv" |
        ForEach-Object {
            Get-ADUser -searchbase $searchbase -Filter "samAccountName -eq $_.AccountName -and enabled -eq $false" | 
                ForEach-Object{
                    Enable-ADAccount -PassThru | 
                        Move-ADObject -TargetPath "OU=ENABLEDUSERS,OU=LAB,DC=labserver,DC=com"
                    $UserCount++
                }
        }
    
    No comments

  3. answered 2020-09-25T09:38:17.423+00:00
    Ian Xue (Shanghai Wicresoft Co., Ltd.) 18,351 Reputation points Microsoft Employee

    Hi,
    The parameter -identity accepts type ADUser but the type of $Account.Username is String. Please check if this works for you

    $searchbase = "OU=DISABLEDUSERS,OU=LAB,DC=labserver,DC=com"   
    $ReferenceUsers = Import-Csv "C:\Folder\ReferenceUsers.csv"  
    $UserCount = 0  
    foreach($Account in $ReferenceUsers) {   
        #Assming Username is the SamAccountName which is unique in a domain  
        $nametmp = $Account.Username     
        Get-ADUser -Filter {(SamAccountName -eq $nametmp) -and (Enabled -eq $false)} -SearchBase $searchbase | Enable-ADAccount -PassThru | Move-ADObject -TargetPath "OU=ENABLEDUSERS,OU=LAB,DC=labserver,DC=com"  
        $UserCount=$UserCount+1  
    }  
    

    Best Regards,
    Ian

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    No comments

  4. answered 2020-09-24T21:00:29.05+00:00
    Denis Cooper 26 Reputation points

    Sorry above formatting is a bit messy but I’m on my iPad and not the easiest to type code.

    No comments

  5. answered 2020-09-24T21:41:37.96+00:00
    Mark Logan 1 Reputation point

    Thanks for the suggestions gents, I will try both out in my lab and get back to you tomorrow.

    Rich I never you knew you could run a foreach-object nested (if that's how you even describe it.)

    Looking forward to trying these out now, thanks again for getting back so quickly.

    No comments