Bulk user validation in AD

Welcome Forums General PowerShell Q&A Bulk user validation in AD

This topic contains 8 replies, has 3 voices, and was last updated by

 
Participant
3 months, 3 weeks ago.

  • Author
    Posts
  • #105245

    Participant
    Points: 55
    Rank: Member

    I put together a script that imports a csv of samAccountNames and want to simply find out if they exist or now. Would alos like a count of each for on screen display only. Export is not ncessary

    I have this:

    #check if the service Accounts (allsvc07032018) exists
    $Data1 = Import-Csv Service_Accounts.csv 
    
    foreach ($user in $data1){
    $Name1 = $user.user
    $check = $(try {get-aduser -filter "samAccountName -eq '$Name1'"} catch {$null})
    if ($check -ne $null) { }
    else { "$Name1 Doesn't Exist" }
    }

    ..but my output all says "Doesn't Exist" even though I know some do. I'd like to see the samAccountNames and count of those that do exist and samAccountName and count of those that don't.

  • #105250

    Participant
    Points: 160
    Helping Hand
    Rank: Participant
    $Data1 = Import-Csv Service_Accounts.csv 
    
    $data1 | Select *,
                    @{Name="ExistsInAd";Expression={$user=$_.User;@(Get-ADUser -Filter {SamAccountName -eq $user}).Count -gt 0 }}
    
    • #105263

      Participant
      Points: 55
      Rank: Member
      samaccountname                                                                                       ExistsInAd                                                                                          
      --------------                                                                                       ----------                                                                                          
      rpt_user

      ...yet I show it does exist:

       Get-ADUser rpt_user | select name
      
      name                                                                                                                                                                                                     
      ----                                                                                                                                                                                                     
      rpt_user                                    
  • #105290

    Participant
    Points: 213
    Helping Hand
    Rank: Participant

    I'd like to see the samAccountNames and count of those that do exist and samAccountName and count of those that don't.

    You can't pull data on a non-existent object. 8^} Well, not any way that I know of. 8^}

    How about just this.

    $UserData = 'Administrator','Guest','allsvc07032018'
    $FoundCounter = 0
    $NotFoundCounter = 0
    $UserData | %{
        try
        { 
            (Get-ADUser -Identity $_).SamAccountName
            $FoundCounter ++
        }
        catch 
        { 
            Write-Warning -Message "$_  was not found" 
            $NotFoundCounter ++
        }
    }
    "Total found accounts: $FoundCounter"
    "Total not found accounts: $NotFoundCounter"
    
    # Results
    Administrator
    Guest
    WARNING: (Cannot find an object with identity: 'allsvc07032018' under: 'DC=contoso,DC=com'.  was not found
    
    Total found accounts: 2
    Total not found accounts: 1
    
    
    • #105418

      Participant
      Points: 55
      Rank: Member

      postanote, the only change I made to your script was:

      $UserData = Import-Csv MyServiceAccounts.csv

      and there is a samAccountName header fyi.

      ...but nonetheless I get this output

      WARNING: Cannot bind parameter 'Identity'. Cannot convert value "@{samaccountname=SvcASplunkTUwoPII}" to type "Microsoft.ActiveDirectory.Management.ADUser"
  • #105344

    Participant
    Points: 160
    Helping Hand
    Rank: Participant

    I tested the code I posted, but it assumed that there was a column in the CSV named "User". The results you showed had a "SamAccountName" column. This code indicates the column that is passed to Get-ADUser:

    $user=$_.User
    

    so if it were samaccountname:

    $user=$_.samaccountname
    

    this is how I tested emulating a CSV:

    $data1 = @()
    $data1 += [pscustomobject]@{User="User1"}
    $data1 += [pscustomobject]@{User="User2"}
    
    
    $data1 | Select *,
                    @{Name="ExistsInAd";Expression={$user=$_.User;@(Get-ADUser -Filter {SamAccountName -eq $user}).Count -gt 0 }}
    

    also, if you did want counts, then it would be something like this:

    $data1 = @()
    $data1 += [pscustomobject]@{User="User1"}
    $data1 += [pscustomobject]@{User="User2"}
    
    
    $results = $data1 | Select *,
                               @{Name="ExistsInAd";Expression={$user=$_.User;@(Get-ADUser -Filter {SamAccountName -eq $user}).Count -gt 0 }}
    
    "Found: {0}" -f @($results | Where{$_.ExistsInAd -eq $true}).Count
    "Not Found: {0}" -f @($results | Where{$_.ExistsInAd -eq $false}).Count
    
    
    • #105422

      Participant
      Points: 55
      Rank: Member

      Rob,

      So, taking what I originally posted and adding yours I wager this (notice my adjustment of the $user you correctly observed earlier):

      #check if the service Accounts exists in AD
      $Data1 = Import-Csv .\Service_Accounts.csv 
      
      $data1 = @()
      $data1 += [pscustomobject]@{User="User1"}
      $data1 += [pscustomobject]@{User="User2"}
      
      
      ..but I get no output
      
      $results = $data1 | Select *,
                                 @{Name="ExistsInAd";Expression={$user=$_.samAccountName;@(Get-ADUser -Filter {SamAccountName -eq $user}).Count -gt 0 }}
      
      "Found: {0}" -f @($results | Where{$_.ExistsInAd -eq $true}).Count
      "Not Found: {0}" -f @($results | Where{$_.ExistsInAd -eq $false}).Count
  • #105457

    Participant
    Points: 160
    Helping Hand
    Rank: Participant

    $data1 is a variable. The initial post indicated you were using $_.User, which meant you were referencing a column named "User". When you do an Import-CSV, it creates a PSObject, with properties like User. I used a custom object to emulate the CSV with a column named user. In a later post, you were referencing samaccountname. $_ is the current object, so $_.User is the user property in the current object. In the code you posted, you import the CSV as $data1 and then overwrite that variable with the $data1 custom object, which contains User, not SamAccountName:

    @{Name="ExistsInAd";Expression={$user=$_.samAccountName;@(Get-ADUser -Filter {SamAccountName -eq $user}).Count -gt 0 }}

    So, lets stick with the CSV. Assuming there is a column in the CSV that is SamAccountName that has the names that you want to lookup, your code would be:

    #Get the data from the CSV that has a column "SamAccountName"
    $Data1 = Import-Csv .\Service_Accounts.csv 
    
    #Pass the $data1 object to a Select and use a calculated property to create a new column called ExistsInAD.
    #We then set a variable called $user to the current row to the property samAccountName and perform a AD search.
    $results = $data1 | Select *,
                               @{Name="ExistsInAd";Expression={$user=$_.samAccountName;@(Get-ADUser -Filter {SamAccountName -eq $user}).Count -gt 0 }}
    
    "Found: {0}" -f @($results | Where{$_.ExistsInAd -eq $true}).Count
    "Not Found: {0}" -f @($results | Where{$_.ExistsInAd -eq $false}).Count
    
    • #105497

      Participant
      Points: 55
      Rank: Member

      Rob,

      works great. Thank you for the code and the lesson, it is really appreciated.

      ~Jeff

The topic ‘Bulk user validation in AD’ is closed to new replies.