Help - Combining Commands

This topic contains 9 replies, has 5 voices, and was last updated by Profile photo of Windows LiveUser6 Windows LiveUser6 3 years ago.

  • Author
    Posts
  • #15854
    Profile photo of Windows LiveUser6
    Windows LiveUser6
    Participant

    I am brand new to using PowerShell and am having a bit of trouble attempting to pull some data. What I'm trying to do is grab some basic information from mailboxes and the license names associated with those mailboxes for users within a specific OU in AD. I can get the mailbox information and the license names but I'm not sure how to filter that only to those mailboxes within certain OUs in AD. I'd like to get the info only for those accounts that are in our disabled employees OU. Can someone help me please? This is what I have so far.

    $datapath = "c:\DisabledAccountsInfo.csv"
    $results = @()
    $mailboxusers = get-mailbox -resultsize unlimited
    foreach ($user in $mailboxusers)
    {
    $UPN = $user.userprincipalname
    $license = get-msoluser -userprincipalname $UPN
    $mailboxinfo = get-mailbox $upn
    $properties = @{
    ExchangeGUID = $user.exchangeguid
    Name = $user.name
    Userprincipalname = $UPN
    License = $license.licenses[0].accountskuid
    Enabled =
    }
    $results += new-object psobject -property $properties
    }
    $results | Select-Object Name, Userprincipalname, exchangeguid, license |
    export-csv -path $datapath

    At what point can I filter this to only those users who are in the specific OUs or who are disabled in AD?

    Thanks in advance!

  • #15858
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    I don't have an Exchange environment to test this, but according to Get-Mailbox's documentation, there's an -OrganizationalUnit parameter which can be used to set the search root. Try something like this (after modifying it to contain your actual OU distinguished name):

    $mailboxusers = get-mailbox -resultsize unlimited -OrganizationalUnit 'OU=Disabled Employees,OU=Whatever,DC=contoso,DC=com'
    
  • #15863
    Profile photo of Windows LiveUser6
    Windows LiveUser6
    Participant

    When I try using the organizationalunit parameter, though I follow the model, I continually get as error message that the OU cannot be found. Perhaps the problem is that we're using Office 365 and are not hosting our own exchange server. However, O365 is tied into AD. I've tried referencing the different DCs to no avail. Hmmm.

  • #15864
    Profile photo of Windows LiveUser6
    Windows LiveUser6
    Participant

    Mike, referencing the ExchangeUserAccountControl is getting me in the right direction. I still have to figure out what's preventing me from picking a specific OU. We have disabled accounts in multiple OUs as we have a number of templates setup that are all disabled. I'm getting a ton of errors and will have to filter out a lot of extra information. Thanks for your help Mike and Dave.

  • #15865
    Profile photo of Mike F Robbins
    Mike F Robbins
    Participant

    Give this syntax a try:


    Get-Mailbox -ResultSize unlimited -Filter {ExchangeUserAccountControl -eq 'AccountDisabled'} -OrganizationalUnit 'contoso.com/Whatever/Disabled Employees'

    Note the different formatting of the value provided for the OrganizationalUnit parameter. Either way works with an On-Premises Exchange 2010 Server.

  • #15866
    Profile photo of Windows LiveUser6
    Windows LiveUser6
    Participant

    I tried that as well. No luck.

  • #15875
    Profile photo of Peter Jurgens
    Peter Jurgens
    Participant

    well without asking you to share the full code you're using (obviously you don't need to share your OU), I would first confirm that the OU you're specifying does actually exist. Load the ActiveDirectory module and do:

    Get-ADOrganizationalUnit 'OU=Name,DC=domain,DC=com'
    

    If it returns the OU you are trying to specify, then it does exist, and I'd then say perhaps there may be some missing link between O365 and your AD domain somehow. I do not have any experience with O365 at all unfortunately but hopefully this will at least get you on track to troubleshooting your issue.

    If you know the name of one of the user accounts you're looking at as well you could do:

    Get-ADUser -Identity username | Select-Object -ExpandProperty distinguishedname
    

    This will get you the full distinguished name of the full distinguished name of the user, then you can just remove the 'CN=' part of the dn to then have the OU that the user is in.

  • #15884
    Profile photo of Windows LiveUser6
    Windows LiveUser6
    Participant

    Peter, the OU does in fact get returned. I also have AD open while I'm writing this script. Thanks for helping me confirm that I'm not crazy, though. As far as selecting the specific usernames, there are roughly 1,200 I'm working with. It would be a long process to go through to select one at a time. I appreciate your assistance.

    Martin, I haven't considered that and I'll have to figure out how to incorporate that into what I'm doing. Thanks for the suggestion.

  • #15862
    Profile photo of Mike F Robbins
    Mike F Robbins
    Participant

    I don't see a license property on Exchange 2010, but maybe this will help you get started. For disabled users, filter on the 'ExchangeUserAccountControl' property:

    
    Get-Mailbox -ResultSize unlimited -Filter {ExchangeUserAccountControl -eq 'AccountDisabled'} |
    Sort-Object -Property OrganizationalUnit |
    Select-Object -Property UserPrincipalName, ExchangeGuid, Database,OrganizationalUnit
    

    You can also filter to a specific OU as Dave referenced in the previous comment.

    
    Get-Mailbox -ResultSize unlimited -Filter {ExchangeUserAccountControl -eq 'AccountDisabled'} -OrganizationalUnit 'OU=Disabled Employees,OU=Whatever,DC=contoso,DC=com'
    
  • #15879
    Profile photo of Martin Nielsen
    Martin Nielsen
    Participant

    Have you tried turning it upside down? Query your own AD for the users you want, then query Office Online for their mailboxes using the AD user objects' UserPrincipalNames.


    $users = Get-ADUser -LDAPFilter '(&(UserPrincipalName=*)(objectClass=user))' -SearchBase 'OU=People I like, DC=Contoso, DC=Com' -SearchScope Subtree
    foreach($user in $users)
    {
    Get-Mailbox $user.UserPrincipalName | Write-Output
    }

You must be logged in to reply to this topic.