This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 82%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Hello all
Hello all
This is what i am trying to accomplish.
ISSUE
I cant get the differences between the import .csv file and what is found in the OU's written to the output file
$OUNames = "OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=test-tech,DC=com", "OU=BPO and RPA,OU=Cognizant,OU=Consultants,OU=Users,OU=Corp,DC=test-tech,DC=com"
Import-Csv C:\temp\test2.csv |
ForEach-Object{
$u = get-aduser -Filter "userPrincipalName -eq '$($_.upn)'"
if ($u){
$OU = $u.DistinguishedName.Substring($u.DistinguishedName.IndexOf('OU=',[System.StringComparison]::CurrentCultureIgnoreCase))
if ($OUNames -contains $OU){
Set-ADAccountExpiration -Identity $u.distinguishedName -TimeSpan 90.0:0
}
else{
$_
}
}
else {
$_
}
} | Export-Csv C:\temp\WhoAreThesePeople.csv -NoTypeInformation
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Try this one:
$OUNames = "OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=test-tech,DC=com", "OU=BPO and RPA,OU=Cognizant,OU=Consultants,OU=Users,OU=Corp,DC=test-tech,DC=com"
# Load hash with UPNs
$UPNs = @{}
$OUNames |
ForEach-Object{
Get-ADUser -Filter * -SearchBase $_ -SearchScope OneLevel |
ForEach-Object{
$UPNs[$_.UserPrincipalName] = $false
}
}
Import-Csv C:\temp\test2.csv |
ForEach-Object {
$u = get-aduser -Filter "userPrincipalName -eq '$($_.upn)'"
if ($u) {
Set-ADAccountExpiration -Identity $u.distinguishedName -TimeSpan 90.0:0
$UPNs.($_.UPN) = $true
} else {
[PSCustomObject]@{
UPN = $_.UPN
Reason = "UPN not found in AD"
}
}
} | Export-CSV C:Temp\NotInAD.csv -NoTypeInformation
$UPNs.GetEnumerator()|
ForEach-Object{
if (-not $_.Value){
[PSCustomObject]@{
UPN = $_.Key
Reason = "UPN not in CSV, or UPN in different OU"
}
}
} | Export-Csv C:\Temp\NotInCSV.csv -NoTypeInformation
NotinCSV.csv exports, but its not exporting the users upn.
NotinAD.csv doesn't export
Change line 8 and 19. I've corrected the code sample I posted.
Line 8 used "$<underbar>.UPN" and it should have been "$<underbar>.UserPrincipalName".
Line 19 used "$<underbar>" and it should have been "$<underbar>.UPN"
That did it! Thank you very much. @Rich Matheisen @MotoX80 I just want to let you both know i am very grateful for all of your help. Thank you once again
What error do you get? Examine the data before you try to write it to the csv.
$WhoAreThesePeople = @()
$OUNames = "OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=test-tech,DC=com", "OU=BPO and RPA,OU=Cognizant,OU=Consultants,OU=Users,OU=Corp,DC=test-tech,DC=com"
Import-Csv C:\temp\test2.csv |
ForEach-Object{
$u = get-aduser -Filter "userPrincipalName -eq '$($_.upn)'"
if ($u){
$OU = $u.DistinguishedName.Substring($u.DistinguishedName.IndexOf('OU=',[System.StringComparison]::CurrentCultureIgnoreCase))
if ($OUNames -contains $OU){
Set-ADAccountExpiration -Identity $u.distinguishedName -TimeSpan 90.0:0
}
else{
$WhoAreThesePeople+= $_
}
}
else {
$WhoAreThesePeople+= $_
}
}
"Here are the people we can't find"
$WhoAreThesePeople
$WhoAreThesePeople | Export-Csv C:\temp\WhoAreThesePeople.csv -NoTypeInformation
Hello thank you for the assistance. I'm trying your suggestion in my lab. I'm not getting an error, but the differences between what is in the .csv import file and the OU's is not being written to the output .csv file. What is getting written to the output file is the same thing that is in the input file. my csv import file csv header is upn.
Thank you again.
The exported CSV's contents will only include the same information found in your imported CSV.
Okay, i probably wasn't clear. My apologies. I need the difference between what is in the .csv input file and the OU's written to the .csv output file.
Thank you again.
Keep count of where in your processing you might have an error.
$WhoAreThesePeople = @()
$FoundUser = 0
$UserInOU = 0
$GotOne = 0
$NotInOU = 0
$UnknowUser = 0
$OUNames = "OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=test-tech,DC=com", "OU=BPO and RPA,OU=Cognizant,OU=Consultants,OU=Users,OU=Corp,DC=test-tech,DC=com"
Import-Csv C:\temp\test2.csv |
ForEach-Object {
$u = get-aduser -Filter "userPrincipalName -eq '$($_.upn)'"
if ($u) {
$FoundUser++
$OU = $u.DistinguishedName.Substring($u.DistinguishedName.IndexOf('OU=',[System.StringComparison]::CurrentCultureIgnoreCase))
if ($OUNames -contains $OU) {
$GotOne++ # fixed per Rich
Set-ADAccountExpiration -Identity $u.distinguishedName -TimeSpan 90.0:0
} else {
$NotInOU++
$WhoAreThesePeople+= $_
}
} else {
$UnknowUser++
$WhoAreThesePeople+= $_
}
}
"We found {0} users." -f $FoundUser
"Of the users that we found, {0} were NOT in the OU." -f $NotInOU
"Expiration was set on {0} users." -f $GotOne
"Count of users NOT found in AD: {0}" -f $UnknowUser
$WhoAreThesePeople | Export-Csv C:\temp\WhoAreThesePeople.csv -NoTypeInformation
I'm still not getting any errors, however the output file is still only dumping what is exactly in the input .csv file. The two accounts that the script said it couldn't find are the same accounts that are in the input .csv file. 
The users that are matched from the .csv input file and the OU's need to have the account expiration set. Any accounts that are not matched between the .csv input file and the OU's need to be dumped to the . csv output file "whoareThesePeople.csv"
Thank you again for all of your help
If you're only working with two users, why not just display the $OU variable on the console? Is it in the correct format? Is it one of the ones in the $OUNames list?
I'm testing with two users in my input.csv file. Once everything is working the input file will hold about 500 users. The $OUNames variable is using the DN of the OU's. Yes my two test accounts live in one of the two OU's that are mentioned in the script
It's not finding the OU. That why it says "Of the users that we found, 2 were NOT in the OU".
Output the OU variable contents as Rich suggested.. You likely just have a typo that you are not seeing. Look at them one by one.
$OU = $u.DistinguishedName.Substring($u.DistinguishedName.IndexOf('OU=',[System.StringComparison]::CurrentCultureIgnoreCase))
foreach ($o2 in $OUNames) {
""
$OU # spit out what we're looking for
$o2 # does it match ?
""
}
if ($OUNames -contains $OU) {
On line 3 you have a declared but unreferenced variable.
On line 4 you declare the variable $GotOne BUT on line 15 you increment a variable named $GoneOne which you never reference again.
On line 28 you report the value of $GotOne -- which remains with it's initial value of 0 -- as the number of users that had their expiry date set.
Two questions remains: is the value in $OU correct? Are the OU names in $OUNames correct?
I knew there would be a typo involved with this problem somehow.....
Fixed.
To make things easier. I am testing against one OU. If i run $OU and $o2 the OU matches exactly what is found in $OUNames
Do you have trailing spaces $OU? Look at $ou.length or do a $OU.Trim().
Okay, so tell me what I'm missing.
$OUNames = "OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=ip-tech,DC=com", "OU=BPO and RPA,OU=Cognizant,OU=Consultants,OU=Users,OU=Corp,DC=ip-tech,DC=com"
$OU1 = "OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=ip-tech,DC=com"
$OUNames -contains $OU1
$OUNames[0] -eq $OU1
Both tests return "True".
In the script you posted, though, the 1st DC component in each OU in $OUNames is "test-tech", not "ip-tech" as in your screenshot.
Good catch.
I dont know what your missing. lol It came back "True" for me. I was modifying the DN name to "TEST" because i was going back and forth from my lab environment
I copied exactly what was in ADSIEDIT for the DN of the OU and pasted it into the script. but what's interesting is $ou.length = 49
However below = 55
OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=ip-tech,DC=com
This is making me crazy. lol wth??
So you've proven that "-contains" works when the array of names contains the OU name. That indicates that there is some issue with OU name when you read it from AD.
Did you add a .trim() to remove trailing spaces?
Try using this to get the DN of each OU instead of specifying them as literals. This way the OU DNS will match regardless of what domain you're working in:
$OUList = "FMI","BPO and RPA"
$OUList |
ForEach-Object{
[array]$OUNames += (Get-ADOrganizationalUnit -Filter "name -eq '$_'").distinguishedName
}
This assumes that the names of the OU's match the 1st OU element in the list you provided.
ITrim and length both match up correctly now after i copied and pasted directly from with the DN of the OU. The script is changing the expiration date, for the users that are in the input file but its not dumping the difference between what is in the ,csv input vs. what is found is matched in the OU
What's in the $WhoAreThesePeople variable?
You're keeping a count of the number of users whose UPNs are assigned to object that are in OUs different to those in the $OUNames list. Is that number greater than zero? It should be equal to the number of objects in the $WhoAreThesePeople array.
Do these figures check out?
"$GotOne + $NotInOU should be equal to $FoundUser" They dont.
$GotOne + $NotInOU + $UnknowUser should be equal to the number of data rows (i.e. UPNs) in the imported CSV. They dont. My .csv file has one account in it
Thank you both very much for sticking with me on this . I appreciate all your help. Thank you
Nothing. When i run $WhoAreThesePeople nothing is returned.
You still have a problem with your script:
Line 6 is missing the letter "n":
$UnknowUser = 0
Do yourself a favor and start using an development environment like VS Code that detects problems like this. "Typos" are pretty common and as scripts grow larger or more complex they get harder to find.
Until you do, apply a little deductive reasoning to your troubleshooting. How can $gotone and $notinou both be equal to zero and yet $founduser has a value of 1?
Are you using the PowerShell ISE? Even that has a "Debug" mode. Set breakpoints on lines 12, 15, 18 and 22. Then run your script. Are you hitting those breakpoints when the conditions warrant?