Powershell script to search disabled users in OU from CSV and enable if exist.

Question

Hi Everyone,

I'm not one for asking for assistance but I this one has me puzzled.

Summary

A script which imports a CSV with users, checks this imported list against an OU full of disabled users and enables and moves the users to another OU.

CSV contains the column heading "Username"
OU only contains disabled Users

This will run on a Scheduled Task each referencing a CSV which is updated each day.

Excuse for not doing this on my own.

I can usually scrape past with ugly but functional scripts doing the bare minimum it needs to get by and one of these days everything will come together and they will become things of beauty but until then ugly suits me fine.

I have had a go at pulling this together and it looks like this.

Import-Module ActiveDirectory

$GetAdminact = Get-Credential
$searchbase = "OU=DISABLEDUSERS,OU=LAB,DC=labserver,DC=com" 
$ReferenceUsers = Import-Csv "C:\Folder\ReferenceUsers.csv"

$UserCount = 0

foreach ($Account in $ReferenceUsers) {
$Account.Username
Get-ADUser -searchbase $searchbase -Filter * -Identity $Account.Username  -Properties Enabled | where -Property Enabled -eq $false | Enable-ADAccount -PassThru | Move-ADObject -TargetPath "OU=ENABLEDUSERS,OU=LAB,DC=labserver,DC=com"
$usercount = $usercount +1
}

This is not working and I suspect it is something to do with the -identity not being compatible with -searchbase.
I may be away down the wrong path with this but if anyone can assist I would be most grateful.

Please excuse me if I have violated any rules posting this here, I will fix any issues if pointed out.

Answer 1

Hi,

I would look at doing this in a slightly different way.

In your foreach loop I would run something like this.

$username = $account.username
$user = get-aduser $username -properties enabled
If($user.enabled -eq $false){
enable-adaccount
Move-Adobject.....
}

Answer 2

I think one of your problems is trying to combine the Filter and Identity parameters.

I no longer have an AD to verify that this works, but see if this works for you (assuming the 'AccountName' column in your CSV is a samAccountName!):

$searchbase = "OU=DISABLEDUSERS,OU=LAB,DC=labserver,DC=com" 

$UserCount = 0
Import-Csv "C:\Folder\ReferenceUsers.csv" |
    ForEach-Object {
        Get-ADUser -searchbase $searchbase -Filter "samAccountName -eq $_.AccountName -and enabled -eq $false" | 
            ForEach-Object{
                Enable-ADAccount -PassThru | 
                    Move-ADObject -TargetPath "OU=ENABLEDUSERS,OU=LAB,DC=labserver,DC=com"
                $UserCount++
            }
    }

Answer 3

Hi,
The parameter -identity accepts type ADUser but the type of $Account.Username is String. Please check if this works for you

$searchbase = "OU=DISABLEDUSERS,OU=LAB,DC=labserver,DC=com"   
$ReferenceUsers = Import-Csv "C:\Folder\ReferenceUsers.csv"  
$UserCount = 0  
foreach($Account in $ReferenceUsers) {   
    #Assming Username is the SamAccountName which is unique in a domain  
    $nametmp = $Account.Username     
    Get-ADUser -Filter {(SamAccountName -eq $nametmp) -and (Enabled -eq $false)} -SearchBase $searchbase | Enable-ADAccount -PassThru | Move-ADObject -TargetPath "OU=ENABLEDUSERS,OU=LAB,DC=labserver,DC=com"  
    $UserCount=$UserCount+1  
}  

Best Regards,
Ian

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 4

Sorry above formatting is a bit messy but I’m on my iPad and not the easiest to type code.

Answer 5

Thanks for the suggestions gents, I will try both out in my lab and get back to you tomorrow.

Rich I never you knew you could run a foreach-object nested (if that's how you even describe it.)

Looking forward to trying these out now, thanks again for getting back so quickly.