Author Posts

November 18, 2015 at 3:02 pm

Hi Brothers & Sisters,
Please help- I am trying to disable bunch of computers from a text file but stuck at a point where I need to concatenate system name with a "$" sign. Below is the script:

$Computer = Get-Content C:\Users\Administrator\Desktop\Computer.txt
Foreach($psitem in $Computer)
{
Disable-ADAccount -Identity "$psitem+$"
Get-ADComputer -Identity "$PSitem+$" | Move-ADObject -TargetPath 'OU=Disabled Computers,DC=sccm,DC=com'
}

November 18, 2015 at 8:41 pm

Not sure what you are doing with the +$ there, but it's not needed or desired. Your foreach loop is setting $psitem to the current computer identity from the computer.txt file input. You should just need that variable, no concatenation necessary assuming that your computer.txt input file contains valid computer identities.

$Computer = Get-Content C:\Users\Administrator\Desktop\Computer.txt
Foreach($psitem in $Computer)
{
Disable-ADAccount -Identity "$psitem"
Get-ADComputer -Identity "$PSitem" | Move-ADObject -TargetPath 'OU=Disabled Computers,DC=sccm,DC=com'
}

November 18, 2015 at 10:58 pm

Hi Curtis,

Thank you for your response.

Guess the objects within $Computer are getting treated as simple text, that is why it is getting executed successfully after concatenating $ symbol which is then treated as a computer object.

Please refer to below error while script execution using only $PSItem. I am also copying the code which was successfully executed after adding $ to the computer name.

Disable-ADAccount : Cannot find an object with identity: '4584XP-LT' under: 'DC=sccm,DC=com'.
At C:\Users\Administrator\Desktop\Move-Computer.ps1:4 char:5
+ Disable-ADAccount -Identity "$psitem"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (4584XP-LT:ADAccount) [Disable-ADAccount], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirecto
ry.Management.Commands.DisableADAccount

PS C:\Users\Administrator> Disable-ADAccount -Identity 4584XP-LT$

PS C:\Users\Administrator>

November 18, 2015 at 11:57 pm

Would something like this work?

$Computer = Get-Content C:\Users\Administrator\Desktop\Computer.txt
$To = "OU=Disabled Computers,DC=sccm,DC=com"
Foreach($C in $Computer)
{
$obj = Get-ADComputer -Identity $C
$obj | Disable-ADAccount
$obj | Move-ADObject -TargetPath $To
}

November 19, 2015 at 4:54 am

Ah, the error explains it. Based on the error you provided, your input file does not contain a valid Identity for your computer accounts.

Disable-ADAccount accepts the following for the Identity parameter

-Identity 
        Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute.
        
          Distinguished Name 
            Example: CN=SaraDavis ,CN=Users,DC=corp,DC=contoso,DC=com
          GUID (objectGUID) 
            Example: 599c3d2e-f72d-4d20-8a88-030d99495f20 
          Security Identifier (objectSid) 
            Example: S-1-5-21-3165297888-301567370-576410423-1103
          SAM Account Name (sAMAccountName) 
            Example: saradavis

You are using, for example, 4584XP-LT in your input file; however, in AD computer objects sAMAccountName do not look like that. The sAMAccountName always ends with a $. That is why appending $ to then end of your input value works. By doing so you are making it a valid sAMAccountName to be used as the Identity parameter.

Ok, so on the concatenation, you just need to not use the + sign inside of your "". "" will automatically evaluate variables, so just put your variable inside of "" with the $ at the end like below.

$variable = "ComputerName"

"$variable$"

Results:
ComputerName$

November 20, 2015 at 1:36 am

Thanks a ton Curtis- that worked!!

L-bo- I'll give a shot to your suggestion as well.