0

I've been given a task that would be perfect for Powershell, and have taken the opportunity to learn the Powershell scripting language.

I have a CSV file with two colums: 

Name, Active

I want to grab the name of each record that has disabled in the column. With that name, I want to check the AD and check if they're disabled or not. Ultimately, if they're not disabled, I want to disable them but I don't want you guys to spoil all of the fun for me!

Here's where I am at, I don't know if the following is possible but as it is right now there are syntax errors.

$file = 'C:\scripts\users.csv'
$test = Import-CSV $file | Where-Object {$_.Active -like "disable*"} | Select-Object Name

foreach($user in $test){
    if (Get-AdUser -LDAPFilter "(samaccountname=*$user*)" | Select-Object Enabled){
       Write-Host $user + "is active" 
    }
}

Thanks for any help.

Edit: I've fixed the syntax error, and now the Script will run but there is no output. I know that there are users that are still active, so there should definitely be some output.

Improve this question

3 Answers 3

Reset to default
2

You are so very close, but what I think you need is the -ExpandProperty argument for Select-Object.

    if ((Get-AdUser $user | Select-Object -ExpandProperty Enabled)){

Otherwise it is not a Boolean response of True/False, but instead it is an object with one property, that property being Enabled. The value of that property will be a Boolean true/false, but if all you want is the value you have to expand the property first.

Edit: Also, you don't really need the Write-Host command (and many people will tell you to avoid using it unless you really want to write to the screen and nothing else). You can simply that line to just "$user is active" as the double quotes will expand the string automatically.

I suppose you could simplify it further by doing something like:

get-aduser -filter {SAMAccountName -eq "$user" -and Enabled -eq $true} | ForEach{ $_.samaccountname + " is enabled." }

That would take the place of your entire ForEach block.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Or if ((Get-AdUser $user).Enabled){ ... }.
Hello and thank you for the comment! I've implemented your suggestion and am now getting the following error: Get-ADUser : Cannot bind parameter 'Identity'. Cannot convert value "@{Name=JMONFALCON}" to type
Could try something like this Get-ADUser -Filter {samaccountname -eq $user}
Use the -ExpandProperty argument on your CSV import as well and you will have an array of strings that is just the users' names. Right now you have an array of objects, which each object has a property of Name. That property contains the user's name.
You always want to use either the -LDAPFilter or -Filter parameters with Get-ADUser inside an If statement. If you do not, a non-existent user will cause Get-ADUser $User to throw an error, interrupting your code logic. Use Get-ADUser -Filter {samaccountname -eq $User} or Get-ADUser -LDAPFilter "(samaccountname=$User)".
|
0

Build up the filterstring as follows

$filterstring = "samaccountname=*{0}*" -f $user

Improve this answer

Comments

0

Select-Object will return an object array of Enabled. Your If statement:

if(Get-ADUser disabledUser | Select-Object enabled){Write-host "Enabled"}
Enabled

That should have been false? What happened was is the If evaluated a populated statement. It was not empty so it was $true

What you should do it use -ExpandProperty. That will get the raw value from enabled and that will trigger the if statement properly. 

if(Get-ADUser disabledUser | Select-Object -ExpandProperty enabled){Write-host "Enabled"}
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.