DEVHIDE
Login Or Sign up

Terminated & Not In Group

77 Views Asked by At

I'm trying to generate a report for all disabled accounts that don't have the group "Terminated Employees" but it isn't seeming to generate the report. Below is the code that I have at the moment.

TLDR: The text file contains a list of all the disabled accounts and I am trying to cross reference that list with the list of people in Terminated Employees and then return to a CSV file the accounts that are in that list and not in the group "Terminated Employees".

Also note that we need to bypass the limit of Get-ADGroupMember as there are over 5000 members in this group.

$ADGroupName = "Terminated Employees"
$users = Get-Content C:\Shortcuts\users.txt
$InputPath= "C:\Scripts\T_Accounts.csv"

$a = @(Get-ADGroup $ADGroupName | Select-Object -ExpandProperty Member)

foreach ($user in $users) {
    if ($a -contains $user) {
    "Member found"
    } else {
        $SplitStep1 = ($Member -split ",",2)[0]
        $SplitStep2 = ($SplitStep1 -split "=",2)[1]
        $SplitStep2 = $SplitStep2 | Out-File -Append $InputPath
    }
}

foreach ($value in (Get-Content $InputPath)) {
    $b = Get-ADUser -Identity $value -Properties DisplayName, sAMAccountName, LastLogonDate, Enabled
}
powershell active-directory account active-directory-group powershell-1.0
Original Q&A
2

There are 2 best solutions below

2
Janne Tuukkanen On BEST ANSWER

I suggest using Import-Csv and Export-Csv cmdlets handling input and output files. And if we are searching disabled user accounts, which are members of specific group, there should be no need for the input file at all. How about this oneliner:

Get-ADGroup "Terminated Employees" -Properties Members |
Select-Object -ExpandProperty Members |
Get-ADUser -Properties Enabled, Displayname, LastLogonDate |
Where-Object {$_.Enabled -eq $false} |
Select-Object DisplayName, SamAccountName, LastLogonDate, Enabled |
Export-Csv outfile.txt

Edit: Should have internalized the original question before rushing to answer. I think the clearest way is to create two sets of users and compare them, exporting results to CSV file.

$disabledusers = Get-Aduser -filter "Enabled -eq '$false'" -properties
DisplayName, SamAccountName, LastLogonDate, Enabled | select DisplayName,
SamAccountName, LastLogonDate, Enabled

$groupmembers = Get-ADGroup "Terminated Employees" -Properties Members| 
Select-Object -ExpandProperty Members | Get-ADUser -Properties DisplayName,
sAMAccountName, LastLogonDate, Enabled | select DisplayName, SamAccountName,
LastLogonDate, Enabled

Compare-Object $groupmembers $disabledusers -Property enabled -PassThru |
?{$_.sideindicator -eq "=>"} | select DisplayName, SamAccountName,
LastLogonDate, Enabled | export-csv outfile.txt
1
Bluecakes On

You aren't requesting the Members property from ActiveDirectory in your Get-ADGroup command (also need to add the s to Members in your Select-Object ;) ).

$ADGroupName = "Terminated Employees"
$users = Get-Content C:\Shortcuts\users.txt
$InputPath= "C:\Scripts\T_Accounts.csv"

# Here we need to add the -Properties parameter to ask ActiveDirectory for the group Members
$a = @(Get-ADGroup -Identity $ADGroupName -Properties Members | Select-Object -ExpandProperty Members)


ForEach ($user in $users)
{
if ($a -contains $user)
{
"Member found"
}
else 
{
 $SplitStep1 = ($Member -split ",",2)[0]
 $SplitStep2 = ($SplitStep1 -split "=",2)[1]
 $SplitStep2 = $SplitStep2 | out-file -Append $InputPath
}
}


ForEach ($value in (Get-Content $InputPath))
{
 $b = Get-ADUser -identity $value -Properties DisplayName, sAMAccountName, LastLogonDate, Enabled
}

Related Questions in POWERSHELL

Related Questions in ACTIVE-DIRECTORY

Related Questions in ACCOUNT

Related Questions in ACTIVE-DIRECTORY-GROUP

Related Questions in POWERSHELL-1.0

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

Copyright © 2021 Jogjafile Inc.