This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Dear experts,
I'm trying to write a script to check the users from a list with one column (samaccountname). I need to confirm if the user exists in AD or not first, then check if the status is disabled, then filter out those are still in Enabled status, go ahead to disable them, and generate a report about the user list that were just disabled by this script.
I attached my script but it gave me errors about $Null not exist or something?
Any advice would be helpful. Thanks a lot for reading.
Import-Module ActiveDirectory
$Users = Import-Csv "D:\OneDrive - testing\IT Dept\PowerShell\Scripts\Case_Study\Disable_Bulk_ADuser_FromCSV\Disable_Bulk_ADuser_FromCSV_20220830.csv"
Foreach ($User in $Users) {
$SamAccountName = $User.SamAccountName
if (Get-ADUser -Filter { ($SamAccountName -eq $Null) }) {
#if user does not exist, give a warning
Write-Warning "User account with username $SamAccountName does NOT exist in Active Directory"
}
elseif (Get-ADUser -Filter { (Enabled -eq $False) }) {
#If user exists but in disabled state, give a warning
Write-Warning "A user account with username $SamAccountName has already been DISABLED in Active Directory."
}
else {
Get-ADUser -Identity $SamAccountName | Disable-ADAccount
Write-Output "$($SamAccountName) has now been disabled"
}
}
Get-ADUser : Variable: 'Null' found in expression: $Null is not defined.
At D:\OneDrive - testing\IT Dept\PowerShell\Scripts\Case_Study\Disable_Bulk_ADuser_FromCSV\Disable_Bulk_ADuser_FromCSV.ps1:4 char:8
+ if (Get-ADUser -Filter { (SamAccountName -eq $Null) }) {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
elseif : The term 'elseif' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify
that the path is correct and try again.
At D:\OneDrive - testing\IT Dept\PowerShell\Scripts\Case_Study\Disable_Bulk_ADuser_FromCSV\Disable_Bulk_ADuser_FromCSV.ps1:8 char:4
+ elseif (Get-ADUser -Filter { (Enabled -eq $False) }) {
+ ~~~~~~
+ CategoryInfo : ObjectNotFound: (elseif:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
else : The term 'else' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that
the path is correct and try again.
At D:\OneDrive - testing\IT Dept\PowerShell\Scripts\Case_Study\Disable_Bulk_ADuser_FromCSV\Disable_Bulk_ADuser_FromCSV.ps1:12 char:4
+ else {
+ ~~~~
+ CategoryInfo : ObjectNotFound: (else:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Hello,
try changing you if to
if (!(Get-ADUser -Filter {Samaccountname -eq $samaccountname}))
also for exists and disabled, try
elseif (Get-ADUser -filter { ((SamAccountName -eq $samaccountname) -and (Enabled -eq $false)) })
Hi @Eaven HUANG ,
please try this:
$Users = "testuser1", "testuser2"
Foreach ($User in $Users) {
$SamAccountName = $User
if (!(Get-ADUser -Filter { (SamAccountName -eq $SamAccountName) })) {
#if user does not exist, give a warning
Write-Warning "User account with username $SamAccountName does NOT exist in Active Directory"
}
elseif (Get-ADUser -Filter { (SamAccountName -eq $SamAccountName) -and (Enabled -eq $False) }) {
#If user exists but in disabled state, give a warning
Write-Warning "A user account with username $SamAccountName has already been DISABLED in Active Directory."
}
else {
Get-ADUser -Identity $SamAccountName | Disable-ADAccount
Write-Output "$($SamAccountName) has now been disabled"
}
}
----------
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Here's another way to accomplish the task. This code checks for unmatched account names, reports already disabled users, and reports any failure to disable enabled users.
Import-Csv "D:\OneDrive - testing\IT Dept\PowerShell\Scripts\Case_Study\Disable_Bulk_ADuser_FromCSV\Disable_Bulk_ADuser_FromCSV_20220830.csv" |
ForEach-Object{
$SamAccountName = $_.SamAccountName
Try{
$u = Get-ADUser -Identity $SamAccountName -ErrorAction STOP
if ($u.Enabled){
Try{
$u | Disable-ADAccount -ErrorAction STOP
Write-Output "$SamAccountName has now been disabled"
}
Catch{
Write-Warning "Failed to disable the enabled user $SamAccountName"
}
}
else{
#If user exists but in disabled state, give a warning
Write-Warning "A user account with username $SamAccountName has already been DISABLED in Active Directory."
}
}
Catch{
#if user does not exist, give a warning
Write-Warning "User account with username $SamAccountName does NOT exist in Active Directory"
}
}