I need help with a script.

Daniel Medeiros 1 Reputation point
2022-11-14T19:08:20.203+00:00

hello guys, i'm testing a script that needs to disable a list of users, move to OU, and add a description.

Daily this list will enter new users, and when the script has been activated, it should only modify those that are active and not all.

The script is adding description on the already deactivated users.

can anybody help me?

Import-Module ActiveDirectory

$today = Get-Date -UFormat "%d/%m/%Y %R"

Import-CSV "C:\script\desativar.csv" |  

   ForEach {              

Get-ADUser -Identity $.samaccountname | where -Property Enabled -eq $true | Move-ADObject -TargetPath "OU=Desabilitados,DC=daniel,DC=infra" -PassThru          
Get-ADUser -Identity $
.samaccountname | where -Property Enabled -eq $true | Disable-ADAccount            
Get-ADUser -Identity $.samaccountname | where -Property Enabled -eq $false | Select-Object Description               
Get-ADUser -Identity $
.samaccountname -Properties Description |  
                  ForEach-Object {                       
Set-ADUser $_ -Description "$($_.Description) Desabilitado por script em: $today"                    }         
 }

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,202 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,449 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Rich Matheisen 45,671 Reputation points
    2022-11-14T20:22:10.53+00:00

    Try it this way:

    Import-Module ActiveDirectory  
    $today = Get-Date -UFormat "%d/%m/%Y %R"  
    Import-Csv "C:\script\desativar.csv" |    
        ForEach-Object {                
            Get-ADUser -Identity $_.samaccountname |   
                Where-Object -Property Enabled -EQ $true |   
                    Move-ADObject -TargetPath "OU=Desabilitados,DC=daniel,DC=infra"           
            Get-ADUser -Identity $_.samaccountname |   
                Where-Object -Property Enabled -EQ $true |   
                    Disable-ADAccount              
            $d = Get-ADUser -Identity $_.samaccountname |   
                    Where-Object -Property Enabled -EQ $false |   
                        Select-Object -Expand Description                 
      
            Get-ADUser -Identity $_.samaccountname -Properties Description |    
                ForEach-Object {                         
                    Set-ADUser $ -Description "$d Desabilitado por script em: $today"   
                }           
        }  
    

    NOTE: If you have multiple domain controllers this script may not work consistently. To make sure that each cmdlet is working with the same copy of the AD object, add the parameter "-Server" and explicitly state the name of a DC.

    0 comments No comments