Share via

Need assistance with Powershell script from scratch

Ashley StClair 1 Reputation point
2021-10-10T16:37:44.913+00:00

Hello,

I have been tasked with downloading a CSV file, needing to check it against AD and then validate who is activate in AD and who is not. Then to export that information to a new excel sheet. The CSV I currently have shows active and inactive AD users. I am unsure of how to isolate the active & inactive users and then export to a new excel file. Any help would be greatly appreciated.

Windows for business | Windows Server | User experience | PowerShell
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rich Matheisen 48,116 Reputation points
    2021-10-10T19:25:34.203+00:00

    Something like this should get you started: 

    $CSV_Path = "C:\Users\asstcl\Documents\PS HW\Accounts2.csv"
$CSV_Out  = "C:\temp\HW2.csv"
Import-CSV $CSV_Path |
    ForEach-Object {
        $u = Get-ADUser -Filter "mail -eq '$($_.emailaddress)'"
        if ($u){
            $u |
                Select-Object surname, samAccountName, distinguishedName, enabled
        }
        else{
            Write-Host "User with emailaddress $($_.emailaddress) wasn't found in AD"
        }
    } | Sort-Object surName | 
            Export-Csv -Path $CSV_Out -NoTypeInformation

    NOTE: you haven't identified the name of the column in your CSV that holds the emailaddress. I'm assuming it's "emailaddress"!

    Was this answer helpful?

    0 comments
  2. Rich Matheisen 48,116 Reputation points
    2021-10-10T18:40:42.977+00:00
    1. Download a CSV from where? Using what (ftp, http, copying from a fileshare)?
    2. What information in the CSV will you use to uniquely identify a use in the AD? A samAccountName, a distiguishedname, a UserPrincipalName?
    3. What do mean by "active" and "inactive" users? Do mean Enabled and Disabled? Or users that haven't logged on in X days? Or something else?
    4. Is there more than one Domain Controller in a domain? Are there multiple domains in your AD Forest? Are there multiple forests in your organization?

    You'd ignore the active/active status in the CSV and use the "enabled" property of the AD user (see #2 above if that's your criteria) to make the distinction. Or you'd get the lastLogon (or lastLogonTimeStamp) property if #3 is your criteria (see links below). You needn't use separate CSV files to separate enabled/active disabled/inactive users -- you can just add a new property to your exported CSV to identify them.

    Without more information any script someone proffers will probably not meet some of your unmentioned criteria. However, in the most general terms, the general structure of the script would probably be: 

    Import-Csv
    ForEach row
        get AD user
        determine status
        select properties from user
    Export-Csv

    the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works
    hey-scripting-guy-how-can-i-use-windows-powershell-to-identify-inactive-user-accounts-in-active-directory-domain-services

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.