Powershell script to search disabled users in OU from CSV and enable if exist.

Mark Logan 1 Reputation point
2020-09-24T20:42:44.947+00:00

Hi Everyone,

I'm not one for asking for assistance but I this one has me puzzled.

Summary

A script which imports a CSV with users, checks this imported list against an OU full of disabled users and enables and moves the users to another OU.

CSV contains the column heading "Username"
OU only contains disabled Users

This will run on a Scheduled Task each referencing a CSV which is updated each day.

Excuse for not doing this on my own.

I can usually scrape past with ugly but functional scripts doing the bare minimum it needs to get by and one of these days everything will come together and they will become things of beauty but until then ugly suits me fine.

I have had a go at pulling this together and it looks like this.

Import-Module ActiveDirectory

$GetAdminact = Get-Credential
$searchbase = "OU=DISABLEDUSERS,OU=LAB,DC=labserver,DC=com" 
$ReferenceUsers = Import-Csv "C:\Folder\ReferenceUsers.csv"

$UserCount = 0

foreach ($Account in $ReferenceUsers) {
$Account.Username
Get-ADUser -searchbase $searchbase -Filter * -Identity $Account.Username  -Properties Enabled | where -Property Enabled -eq $false | Enable-ADAccount -PassThru | Move-ADObject -TargetPath "OU=ENABLEDUSERS,OU=LAB,DC=labserver,DC=com"
$usercount = $usercount +1
}

This is not working and I suspect it is something to do with the -identity not being compatible with -searchbase.
I may be away down the wrong path with this but if anyone can assist I would be most grateful.

Please excuse me if I have violated any rules posting this here, I will fix any issues if pointed out.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,822 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,355 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Denis Cooper 26 Reputation points
    2020-09-24T20:59:52.617+00:00

    Hi,

    I would look at doing this in a slightly different way.

    In your foreach loop I would run something like this.

    $username = $account.username
    $user = get-aduser $username -properties enabled
    If($user.enabled -eq $false){
    enable-adaccount
    Move-Adobject.....
    }

    1 person found this answer helpful.
    0 comments No comments

  2. Rich Matheisen 44,696 Reputation points
    2020-09-24T21:30:53.307+00:00

    I think one of your problems is trying to combine the Filter and Identity parameters.

    I no longer have an AD to verify that this works, but see if this works for you (assuming the 'AccountName' column in your CSV is a samAccountName!):

    $searchbase = "OU=DISABLEDUSERS,OU=LAB,DC=labserver,DC=com" 
    
    $UserCount = 0
    Import-Csv "C:\Folder\ReferenceUsers.csv" |
        ForEach-Object {
            Get-ADUser -searchbase $searchbase -Filter "samAccountName -eq $_.AccountName -and enabled -eq $false" | 
                ForEach-Object{
                    Enable-ADAccount -PassThru | 
                        Move-ADObject -TargetPath "OU=ENABLEDUSERS,OU=LAB,DC=labserver,DC=com"
                    $UserCount++
                }
        }
    
    1 person found this answer helpful.
    0 comments No comments

  3. Ian Xue (Shanghai Wicresoft Co., Ltd.) 29,486 Reputation points Microsoft Vendor
    2020-09-25T09:38:17.423+00:00

    Hi,
    The parameter -identity accepts type ADUser but the type of $Account.Username is String. Please check if this works for you

    $searchbase = "OU=DISABLEDUSERS,OU=LAB,DC=labserver,DC=com"   
    $ReferenceUsers = Import-Csv "C:\Folder\ReferenceUsers.csv"  
    $UserCount = 0  
    foreach($Account in $ReferenceUsers) {   
        #Assming Username is the SamAccountName which is unique in a domain  
        $nametmp = $Account.Username     
        Get-ADUser -Filter {(SamAccountName -eq $nametmp) -and (Enabled -eq $false)} -SearchBase $searchbase | Enable-ADAccount -PassThru | Move-ADObject -TargetPath "OU=ENABLEDUSERS,OU=LAB,DC=labserver,DC=com"  
        $UserCount=$UserCount+1  
    }  
    

    Best Regards,
    Ian

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

  4. Denis Cooper 26 Reputation points
    2020-09-24T21:00:29.05+00:00

    Sorry above formatting is a bit messy but I’m on my iPad and not the easiest to type code.

    0 comments No comments

  5. Mark Logan 1 Reputation point
    2020-09-24T21:41:37.96+00:00

    Thanks for the suggestions gents, I will try both out in my lab and get back to you tomorrow.

    Rich I never you knew you could run a foreach-object nested (if that's how you even describe it.)

    Looking forward to trying these out now, thanks again for getting back so quickly.

    0 comments No comments