question

SkipHofmann-5788 avatar image
0 Votes"
SkipHofmann-5788 asked RichMatheisen-8856 commented

help with Poweshell compare\hashtable

Hello. Looking for help with constructing a PowerShell script that will do the following

  1. csv file contains list of users (upn)

  2. PowerShell script reads all users from csv file (step1.) does a compare or hash table against users in three specific OU's in AD using (upn). The three specific OU's contain all of our vendor accounts

  3. If a match is found, extend account expiration + 90 days

  4. if a match is not found write the non matched accounts to a separate .csv file


Thank you very much in advance for any help

windows-server-powershellwindows-active-directory
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Post the script that you've developed, explain what error you're getting, or what you don't understand, and I'm sure that someone will help you.

0 Votes 0 ·
RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered RichMatheisen-8856 commented

Try something like this:


 $OUNames = "OU=1,OU=X,DC=domain,DC=tld", "OU=2,OU=Y,DC=domain,DC=tld", "OU=3,OU=X,DC=domain,DC=tld"
 Import-Csv C:\Junk\AllHands.csv |
     ForEach-Object{
         $u = Get-ADUser -Filter "userPrincipalName -eq '$($_.UPN)'" -Properties AccountExpires,distinguishedName
         if ($u){
             $OU = $u.DistinguishedName.Substring($u.DistinguishedName.IndexOf('OU=',[System.StringComparison]::CurrentCultureIgnoreCase))
             if ($OUNames -contains $OU){
                 Set-ADAccountExpiration -Identity $u.distinguishedName -DateTime ([datetime]::fromfiletime($u.accountexpires)).AddDays(90)
             }
             else{
                 $_
             }
         }
         else {
             $_
         }
     } | Export-Csv C:\Junk\WhoAreThesePeople.csv -NoTypeInformation

NOTE: I haven't run this code. You should try it first by adding the "-WhatIf" switch to the Set-ADAccountExpiration cmdlet until you're sure it does what you want!

· 18
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello

Thanks again for your assistance with this. When i run the script in my lab i am getting the following error

Get-ADUser : Error parsing query: 'userPrincipalName -eq @{userprincipalname=Akhil.Gattu@mydomain.com}.UPN' Error Message: 'syntax error' at position: '23'.
At line:4 char:15
+ ... $u = Get-ADUser -Filter "userPrincipalName -eq $_.UPN" -Proper ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Get-ADUser], ADFilterParsingException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

0 Votes 0 ·

Sorry. My bad. The filter string should look like this:

 $u = Get-ADUser -Filter "userPrincipalName -eq '$($_.UPN)'" -Properties AccountExpires,distinguishedName
0 Votes 0 ·

I think there is something still wrong with the filter string. When i run this
$u = Get-ADUser -Filter "userPrincipalName -eq '$($_.UPN)'" -Properties AccountExpires,distinguishedName

i get error

Get-ADUser : The search filter cannot be recognized
At line:1 char:6
+ $u = Get-ADUser -Filter "userPrincipalName -eq '$($_.UPN)'" -Properti ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8254,Microsoft.ActiveDirectory.Management.Commands.GetADUser


0 Votes 0 ·
Show more comments
SkipHofmann-5788 avatar image
0 Votes"
SkipHofmann-5788 answered

Thank you very much. I appreciate your help! I will test in our lab

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.