Send email for each user that has been disabled to their managers

Welcome Forums General PowerShell Q&A Send email for each user that has been disabled to their managers

Viewing 8 reply threads
  • Author
    Posts
    • #270769
      Participant
      Topics: 3
      Replies: 4
      Points: 46
      Rank: Member

      Hi

      I have a script that will search users that were disabled for the past 14 days + show their managers name and date when they were disabled and managers email.

      $ou = “my_ou”
      $date = (Get-Date).AddDays(-14)
      $disabledAccounts = Get-aduser -filter {Enabled -eq $false -and Modified -ge $date } -SearchBase $ou -Properties Modified,manager | select samaccountname,Modified, @{Name=”ManagerEmail”;Expression={(get-aduser -property emailaddress $_.manager).emailaddress}}, @{Label=’Manager’;Expression={(Get-ADUser $_.Manager).sAMAccountName}}
      $ManagerName=$_.Displayname

      $Body = ”
      <html>
      <body>
      <p>Dear $ManagerName,<br>
      The user $userName has been disabled on .<br
      </body>
      </html>”

      ForEach($disabledAccount in $disabledAccounts){
      Send-MailMessage -To $disabledAccount.ManagerEmail -From ‘[email protected]’ -Subject ‘Disabled account’ -Body $Body -SmtpServer ‘mysmtp server’ -BodyAsHtml -Priority High
      }

      Now my problem is that this is the email that I’m receiving:

      Dear ,
      The user has been disabled on .

      After “Dear” i don’t see any managers names and in the second line after “user” i don’t see the specific user name that is disabled and after “on” i need a date.
      any suggestions or help?
      Thanks
    • #270778
      Participant
      Topics: 25
      Replies: 206
      Points: 774
      Helping Hand
      Rank: Major Contributor

      you need to add a foreach loop.

      and validate your “managername” variable contains what you believe it does
      i’d start with
      foreach ($item in $disabledaccounts)
      {
      write-host $item.managername
      write-host $item.username
      }

      make sure you have the value you expect.
      second, i don’t see anywhere that you actually set a date on, nor are you calling a value in your body is why you don’t see a date.

      then you can put your send-mailmessage code within the scriptblock with the foreach.

    • #270976
      Participant
      Topics: 3
      Replies: 4
      Points: 46
      Rank: Member

      Hi David,

       

      Yes about the date i need to figure out how to add it to my script

      And “foreach”, where you suggest i should add it in my script?

    • #271042
      Participant
      Topics: 25
      Replies: 206
      Points: 774
      Helping Hand
      Rank: Major Contributor

      you have to add it after your $disabledAccounts section

      step 1 you store all of the ad objects your disabledaccounts code retrieves in a collection
      then you use the foreach to loop through the collection.

      There isn’t going to be a value in ad to tell you the date the account itself was disabled.
      the closest you can probably get is whenchanged

    • #271654
      Participant
      Topics: 3
      Replies: 4
      Points: 46
      Rank: Member

      I have something like this:

      $ou = “my_ou”
      $date = (Get-Date).AddDays(-14)
      $disabledAccounts = Get-aduser -filter {Enabled -eq $false -and Modified -ge $date } -SearchBase $ou -Properties Modified,manager | select samaccountname,Modified,manager
      $ManagerName = ”
      $Body = ”
      <html>
      <body>
      <p>Dear $ManagerName,<br>
      The user $userName has been disabled on .<br
      </body>
      </html>”

      ForEach($disabledAccount in $disabledAccounts){

      $manager = get-aduser -property emailaddress,DisplayName $disabledAccount.manager
      $ManagerName= $manager.Displayname
      $userName = $disabledAccount.samaccountname
      Send-MailMessage -To $manager.UserPrincipalName -From ‘[email protected]’ -Subject ‘Disabled account’ -Body $Body -SmtpServer ‘mysmtp server’ -BodyAsHtml -Priority High
      }

      And I’m receiving for some reason only 1 email for 1 employee, and the second command for Get-Aduser gives me only 1 manager and the first one provide me 2.

      • This reply was modified 2 weeks, 4 days ago by kobeat50.
      • This reply was modified 2 weeks, 4 days ago by kobeat50.
      • This reply was modified 2 weeks, 4 days ago by kobeat50.
    • #271906
      Participant
      Topics: 17
      Replies: 1869
      Points: 3,631
      Helping Hand
      Rank: Community Hero

      A manager can have more than one disabled account, so if they have 3 users in the report, it’s doubtful they want 3 separate emails. For this, you should do some grouping on the email. You’re building the email for each user, so the html content should be in the loop. This is untested, but should get you close:

    • #272053
      Participant
      Topics: 9
      Replies: 677
      Points: 2,680
      Helping Hand
      Rank: Community Hero

      Rob’s got a point, only thing I would change is the multiple calls to AD and Select-Object -Expand to get manager details

    • #272101
      Participant
      Topics: 3
      Replies: 4
      Points: 46
      Rank: Member

      Thanks guys,

      the multiple email sending works but when I’m getting the email, I’m getting it without Manager name:

      Dear ,

      The users have been disabled:

      DisplayName SamAccountName Enabled Modified
      test False 11/16/2020 5:45:18 PM

       

      —————————-

      Solved it.

       

       

      • This reply was modified 2 weeks, 2 days ago by kobeat50.
      • This reply was modified 2 weeks, 2 days ago by kobeat50.
    • #272254
      Participant
      Topics: 9
      Replies: 677
      Points: 2,680
      Helping Hand
      Rank: Community Hero

      Appears it should be $manager.group.ManagerDisplayName instead of $manager.name

Viewing 8 reply threads
  • You must be logged in to reply to this topic.