List disabled AD account outside certain OU only and Export to .CSV

Welcome Forums General PowerShell Q&A List disabled AD account outside certain OU only and Export to .CSV

This topic contains 5 replies, has 4 voices, and was last updated by

 
Participant
4 months ago.

  • Author
    Posts
  • #125730

    Participant
    Points: 141
    Rank: Participant

    Hi All,

    I have created the below PowerShell script, but the result is not always correct or still not perfectly filtering the result:

    $filter = '(Enabled -eq $false)'
    $ResultDirectory = 'C:\Disabled-ADAccountOutsideOU.csv'
    $domainDN = (Get-ADDomain).DistinguishedName
    $excludeOUs = @(
    'OU=Site1,OU=Disabled Users'
    'OU=Site2,OU=Disabled Users'
    'OU=SiteX,OU=Disabled Users'
    ) | ForEach-Object { $_ + ',' + $domainDN }
    Get-ADUser -Filter $filter -Properties * |
    Where-Object { ($_.SamAccountName.Length-eq7) -and ($excludeOUs-notcontains$_.ParentContainer) } |
    Select-Object-Property SamAccountName, Enabled,@{ n='ParentContainer'; e= { $_.DistinguishedName-replace'\A.*?,(?=(CN|OU|DC)=)' } }, CanonicalName, lastlogondate |
    Export-Csv-NoTypeInformation -Path $ResultDirectory

    Expected: Only export the Disabled AD account outside the Excluded OU lists to .CSV file.
    Result:
    Some OU like CN=Users, DC=Domain, DC=com which also have some Disabled AD accounts are skipped or not even checked?
    The exported.CSV also still contains the Disabled AD account from OU=SiteX, OU=Disabled Users and some other in the Excluded OU?

    Thank you in advance.

  • #125735

    Participant
    Points: 69
    Rank: Member

    Check out search-adaccount there should be an disable parameter. I'll search disable users export that to a CSV then just remove the filter OU out.

  • #125745

    Participant
    Points: 1,123
    Helping Hand
    Rank: Community Hero

    Search-ADAccount has a -SearchBase – parameter, just as most of the other AD cmdlets. So you can search for disabled accounts and specify the OU you're after.
    Edit: Ooops ... stupid me ... "Outside cetrain OU" ... ignore my post ... follow Jefferys recommendation! 😉

  • #125786

    Participant
    Points: 637
    Helping Hand
    Rank: Major Contributor

    The biggest issue is that you are building 'ParentContainer' AFTER you are trying to filter on it. Maybe try segregating the code into a more modular approach so that you can step through it easier.

    $ResultDirectory = 'C:\Disabled-ADAccountOutsideOU.csv'
    
    
    #Create you filter
    $domainDN = (Get-ADDomain).DistinguishedName
    $excludeOUs = @(
        'OU=Site1,OU=Disabled Users'
        'OU=Site2,OU=Disabled Users'
        'OU=SiteX,OU=Disabled Users'
    ) | ForEach-Object { $_ + ',' + $domainDN }
    
    
    #Get all disabled users
    $disabledUsers = Get-ADUser -Filter {Enabled -eq $false} -Properties SamAccountName, Enabled, DistinguishedName, CanonicalName, LastLogonDate |
                     Select-Object -Property SamAccountName, Enabled,@{ n='ParentContainer'; e= { $_.DistinguishedName-replace'\A.*?,(?=(CN|OU|DC)=)' } }, CanonicalName, lastlogondate 
    
    #Attempt to filter users
    $filteredUsers = $disabledUsers | Where-Object { ($_.SamAccountName.Length -eq 7) -and ($excludeOUs -notcontains $_.ParentContainer) }
    
    #Now before you create a CSV, I would do some basic analysis.
    $disabledUsers.Count
    $filteredUsers.Count
    $filteredUsers | Group-Object -Property ParentContainer -NoElement
    
    #Once I know I have what I want, then I would send it to a CSV
    $filteredUsers | Export-Csv -Path $ResultDirectory -NoTypeInformation
    
    • #125897

      Participant
      Points: 141
      Rank: Participant

      Yes, @Rob code does the trick. 🙂

      @Olaf, yes that's right.

      @jeff, That's cool, I will learn about that cmdlet.

       

      Thanks all for participating.

  • #125801

    Participant
    Points: 1,123
    Helping Hand
    Rank: Community Hero

The topic ‘List disabled AD account outside certain OU only and Export to .CSV’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort