Help - Combining Commands

This topic contains 9 replies, has 5 voices, and was last updated by  Windows LiveUser6 4 years, 1 month ago.

  • Author
  • #15854

    Windows LiveUser6

    I am brand new to using PowerShell and am having a bit of trouble attempting to pull some data. What I'm trying to do is grab some basic information from mailboxes and the license names associated with those mailboxes for users within a specific OU in AD. I can get the mailbox information and the license names but I'm not sure how to filter that only to those mailboxes within certain OUs in AD. I'd like to get the info only for those accounts that are in our disabled employees OU. Can someone help me please? This is what I have so far.

    $datapath = "c:\DisabledAccountsInfo.csv"
    $results = @()
    $mailboxusers = get-mailbox -resultsize unlimited
    foreach ($user in $mailboxusers)
    $UPN = $user.userprincipalname
    $license = get-msoluser -userprincipalname $UPN
    $mailboxinfo = get-mailbox $upn
    $properties = @{
    ExchangeGUID = $user.exchangeguid
    Name = $
    Userprincipalname = $UPN
    License = $license.licenses[0].accountskuid
    Enabled =
    $results += new-object psobject -property $properties
    $results | Select-Object Name, Userprincipalname, exchangeguid, license |
    export-csv -path $datapath

    At what point can I filter this to only those users who are in the specific OUs or who are disabled in AD?

    Thanks in advance!

  • #15858

    Dave Wyatt

    I don't have an Exchange environment to test this, but according to Get-Mailbox's documentation, there's an -OrganizationalUnit parameter which can be used to set the search root. Try something like this (after modifying it to contain your actual OU distinguished name):

    $mailboxusers = get-mailbox -resultsize unlimited -OrganizationalUnit 'OU=Disabled Employees,OU=Whatever,DC=contoso,DC=com'
  • #15863

    Windows LiveUser6

    When I try using the organizationalunit parameter, though I follow the model, I continually get as error message that the OU cannot be found. Perhaps the problem is that we're using Office 365 and are not hosting our own exchange server. However, O365 is tied into AD. I've tried referencing the different DCs to no avail. Hmmm.

  • #15864

    Windows LiveUser6

    Mike, referencing the ExchangeUserAccountControl is getting me in the right direction. I still have to figure out what's preventing me from picking a specific OU. We have disabled accounts in multiple OUs as we have a number of templates setup that are all disabled. I'm getting a ton of errors and will have to filter out a lot of extra information. Thanks for your help Mike and Dave.

  • #15865

    Mike F Robbins

    Give this syntax a try:

    Get-Mailbox -ResultSize unlimited -Filter {ExchangeUserAccountControl -eq 'AccountDisabled'} -OrganizationalUnit ' Employees'

    Note the different formatting of the value provided for the OrganizationalUnit parameter. Either way works with an On-Premises Exchange 2010 Server.

  • #15866

    Windows LiveUser6

    I tried that as well. No luck.

  • #15875

    Peter Jurgens

    well without asking you to share the full code you're using (obviously you don't need to share your OU), I would first confirm that the OU you're specifying does actually exist. Load the ActiveDirectory module and do:

    Get-ADOrganizationalUnit 'OU=Name,DC=domain,DC=com'

    If it returns the OU you are trying to specify, then it does exist, and I'd then say perhaps there may be some missing link between O365 and your AD domain somehow. I do not have any experience with O365 at all unfortunately but hopefully this will at least get you on track to troubleshooting your issue.

    If you know the name of one of the user accounts you're looking at as well you could do:

    Get-ADUser -Identity username | Select-Object -ExpandProperty distinguishedname

    This will get you the full distinguished name of the full distinguished name of the user, then you can just remove the 'CN=' part of the dn to then have the OU that the user is in.

  • #15884

    Windows LiveUser6

    Peter, the OU does in fact get returned. I also have AD open while I'm writing this script. Thanks for helping me confirm that I'm not crazy, though. As far as selecting the specific usernames, there are roughly 1,200 I'm working with. It would be a long process to go through to select one at a time. I appreciate your assistance.

    Martin, I haven't considered that and I'll have to figure out how to incorporate that into what I'm doing. Thanks for the suggestion.

  • #15862

    Mike F Robbins

    I don't see a license property on Exchange 2010, but maybe this will help you get started. For disabled users, filter on the 'ExchangeUserAccountControl' property:

    Get-Mailbox -ResultSize unlimited -Filter {ExchangeUserAccountControl -eq 'AccountDisabled'} |
    Sort-Object -Property OrganizationalUnit |
    Select-Object -Property UserPrincipalName, ExchangeGuid, Database,OrganizationalUnit

    You can also filter to a specific OU as Dave referenced in the previous comment.

    Get-Mailbox -ResultSize unlimited -Filter {ExchangeUserAccountControl -eq 'AccountDisabled'} -OrganizationalUnit 'OU=Disabled Employees,OU=Whatever,DC=contoso,DC=com'
  • #15879

    Martin Nielsen

    Have you tried turning it upside down? Query your own AD for the users you want, then query Office Online for their mailboxes using the AD user objects' UserPrincipalNames.

    $users = Get-ADUser -LDAPFilter '(&(UserPrincipalName=*)(objectClass=user))' -SearchBase 'OU=People I like, DC=Contoso, DC=Com' -SearchScope Subtree
    foreach($user in $users)
    Get-Mailbox $user.UserPrincipalName | Write-Output

You must be logged in to reply to this topic.