This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 82%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Hello all
Hello all
This is what i am trying to accomplish.
ISSUE
I cant get the differences between the import .csv file and what is found in the OU's written to the output file
$OUNames = "OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=test-tech,DC=com", "OU=BPO and RPA,OU=Cognizant,OU=Consultants,OU=Users,OU=Corp,DC=test-tech,DC=com"
Import-Csv C:\temp\test2.csv |
ForEach-Object{
$u = get-aduser -Filter "userPrincipalName -eq '$($_.upn)'"
if ($u){
$OU = $u.DistinguishedName.Substring($u.DistinguishedName.IndexOf('OU=',[System.StringComparison]::CurrentCultureIgnoreCase))
if ($OUNames -contains $OU){
Set-ADAccountExpiration -Identity $u.distinguishedName -TimeSpan 90.0:0
}
else{
$_
}
}
else {
$_
}
} | Export-Csv C:\temp\WhoAreThesePeople.csv -NoTypeInformation
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Try this one:
$OUNames = "OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=test-tech,DC=com", "OU=BPO and RPA,OU=Cognizant,OU=Consultants,OU=Users,OU=Corp,DC=test-tech,DC=com"
# Load hash with UPNs
$UPNs = @{}
$OUNames |
ForEach-Object{
Get-ADUser -Filter * -SearchBase $_ -SearchScope OneLevel |
ForEach-Object{
$UPNs[$_.UserPrincipalName] = $false
}
}
Import-Csv C:\temp\test2.csv |
ForEach-Object {
$u = get-aduser -Filter "userPrincipalName -eq '$($_.upn)'"
if ($u) {
Set-ADAccountExpiration -Identity $u.distinguishedName -TimeSpan 90.0:0
$UPNs.($_.UPN) = $true
} else {
[PSCustomObject]@{
UPN = $_.UPN
Reason = "UPN not found in AD"
}
}
} | Export-CSV C:Temp\NotInAD.csv -NoTypeInformation
$UPNs.GetEnumerator()|
ForEach-Object{
if (-not $_.Value){
[PSCustomObject]@{
UPN = $_.Key
Reason = "UPN not in CSV, or UPN in different OU"
}
}
} | Export-Csv C:\Temp\NotInCSV.csv -NoTypeInformation
NotinCSV.csv exports, but its not exporting the users upn.
NotinAD.csv doesn't export
Change line 8 and 19. I've corrected the code sample I posted.
Line 8 used "$<underbar>.UPN" and it should have been "$<underbar>.UserPrincipalName".
Line 19 used "$<underbar>" and it should have been "$<underbar>.UPN"
That did it! Thank you very much. @Rich Matheisen @MotoX80 I just want to let you both know i am very grateful for all of your help. Thank you once again
If get-aduser works, then $FoundUser will be incremented by one.
If get-aduser fails, then $UnknowUser will be incremented by one.
$FoundUser + $UnknowUser will equal the total number of rows in the csv.
If $OUNames -contains $OU, then $GotOne will be incremented by one. (Assuming that you corrected my typo error )
If the OU test fails, then $NotInOU will be incremented by one.
$Gotone + $NotinOU will equal $FoundUser.
If $NotInOU is greater than one, or $UnknowUser is greater than one, then the current object (dollar underscore) will be added to the $WhoAreThesePeople array.
If your csv only has one row in it, does $FoundUser equal one? If not, go figure out what is wrong as to why it's not finding the user.
Once get-aduser works, does $NotInOU equal 1? If it does, analyze the OU names to figure out why it's not working. Does $OU.gettype() show that it is a string? Does $OU.length match the number of characters that visually display on the screen?
Here is an updated script with more diagnostics. Please post the entire output of this.
Be advised that I don't have a good way to test this. It may contain mistakes.
$WhoAreThesePeople = @()
$FoundUser = 0
$GotOne = 0
$NotInOU = 0
$UnknowUser = 0
$OUNames = "OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=test-tech,DC=com", "OU=BPO and RPA,OU=Cognizant,OU=Consultants,OU=Users,OU=Corp,DC=test-tech,DC=com"
Import-Csv C:\temp\test2.csv |
ForEach-Object {
$u = get-aduser -Filter "userPrincipalName -eq '$($_.upn)'"
if ($u) {
$FoundUser++
$OU = $u.DistinguishedName.Substring($u.DistinguishedName.IndexOf('OU=',[System.StringComparison]::CurrentCultureIgnoreCase))
if ($OUNames -contains $OU) {
$GotOne++ # fixed per Rich
Set-ADAccountExpiration -Identity $u.distinguishedName -TimeSpan 90.0:0
} else {
$NotInOU++
$WhoAreThesePeople+= $_
"A user was added to WhoAreThesePeople because we did not find the OU."
"The OU we tested is {0}" -f $OU
"The OU variable type is {0} " -f $OU.gettype().Name
"The string length is {0}" -f $OU.length
"Current WhoAreThesePeoplecount is {0}" -f $WhoAreThesePeople.count
}
} else {
$UnknowUser++
$WhoAreThesePeople+= $_
"An unknown user was added to WhoAreThesePeople. Current count is {0}" -f $WhoAreThesePeople.count
}
}
"We found {0} users." -f $FoundUser
"Of the users that we found, {0} were NOT in the OU." -f $NotInOU
"Expiration was set on {0} users." -f $GotOne
"Count of users NOT found in AD: {0}" -f $UnknowUser
"Total WhoAreThesePeople count is {0}" -f $WhoAreThesePeople.count
$WhoAreThesePeople | Export-Csv C:\temp\WhoAreThesePeople.csv -NoTypeInformation
only one user in my .csv file. header of .csv file = UPN
Excellent! it's working!!.
Now add a bogus user to the csv file and verify that it gets written to the WhoAreThesePeople.csv file.
Its finding the user in the .csv file, and its setting the expiration date of the user, and its correctly identifying the number of users that are NOT found in AD:, but "WhoAreThesePeople: count is 0 . I have 100 users in the "OU=FMI,OU=Cognizant,OU=FM Users,OU=Corp,DC=ip-tech,DC=com" OU . This is OU is what is in the script
Test with 2 entries in the input csv file. One that is a legitimate user and one whose upn name is garbage.
Okay, now i know what you are doing. You are looking at what is in the .csv file and comparing it to what is in the OU, and then dumping the difference to WhoAreThesePeople.csv
I just put a bogus user into the import.csv file and sure enough it dumped the bogus user into "WhoAreThesePeople". What i am trying to achieve is dump all users in the OU that dont match what is also found in the import-csv file to WhoAreThesePeople.csv.
OMG I had a feeling I wasn't being 100% clear.
Yes this works exactly how the script is currently designed. I need it the other way.
Okay, now i know what you are doing. You are looking at what is in the .csv file and comparing it to what is in the OU, and then dumping the difference to WhoAreThesePeople.csv
I just put a bogus user into the import.csv file and sure enough it dumped the bogus user into "WhoAreThesePeople". What i am trying to achieve is dump all users in the OU that DONT match what is also found in the import-csv file to WhoAreThesePeople.csv. So again dump the users from the OU that dont match in the input.csv file to WhoAreThesePeople.csv
OMG I had a feeling I wasn't being 100% clear. Again you and Rich have been so helpful . I cant thank you both enough
You are looking at what is in the .csv file and comparing it to what is in the OU
The "you" in above sentence is not me. I started with the code that you posted.
If a match is not found write the non matched accounts to a separate .csv file
Isn't this what you asked for?
Your example code was processing a csv, not enumerating all users in an OU. Plus you had 2 OU's listed in your initial code sample.
What's the point of using a csv file, if what you really want to do is to set the account expiration for all users in a given OU?
Query all users in the OU and dump out their name and account expiration.
Use a Where-Object to pick off users who don't have the 90 day expiration date set. Those accounts were not in the csv.
You were perfectly clear:
"This is what i am trying to accomplish.
How is item #3 different to item #4. Item #3 says that if the UPN in the CSV is found in one of the selected OUs, set the expiration date. Item # 4 says if the UPN in the CSV isn't found, or if the account in the AD is in an OU different to the specified OUs, write the UPN to a separate CSV.
Item #2 implies you're matching the UPN from the CSV against a list of accounts. Whether that list in in an array, a hash, or something else really doesn't matter. Only the match/no-match or OU mismatch matters -- not which items in "the list of accounts" were not found in the CSV!