locked
PowerShell Script Help RRS feed

  • Question

  • I have the following script that should disabled and move inactive users. Unfortunately it will not run. I get the following error. Could someone review my script and tell me what I am doing wrong?

    

    Here is the script: 

    #import the ActiveDirectory module
    Import-Module ActiveDirectory

    #Create a variable for the date stamp in the log file
    $LogDate = Get-Date -f yyyMMddhhmm

    #Sets the OU to the base search for all user accounts. 
    $SearchBase = "OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=org"

    #Create an empty array for the log file
    $LogArray = @()

    #Sets the number of days to disable user accounts based on lastlogintimestamp
    $DaysInactive = (Get-Date).AddDays(-179)

    #User ForEach to loop through all users with lastlogontimestamp greater than date set. Disables the accounts and adds to log array
    $DisabledUsers = (Get-ADUser -SearchBase $SearchBase -Properties samaccountname, name, distingishedname -Filter {(lastlogondate -le $DaysInactive) } )


    if ($DisabledUsers -ne $null -and $DisabledUsers.Count > 0) 
        ForEach ($DisabledUser in $DisabledUsers) 

    #Sets the user objects description attribute to a date stamp. Example: "4/15/2016"
    Set-ADUser $DisabledUser -Description ((Get-Date).ToShortDateString()) -WhatIf

    #Disabled user object. To log only add "-whatif"
    Disable-ADAccount $DisabledUser -WhatIf

    #Create new object for logging
    $obj = New-Object PSObject
    $obj = Add-Member -MemberType NoteProperty -Name "Name" -Value $DisabledUser.name 
    $obj = Add-Member -MemberType NoteProperty -Name "DistinguishedName" -Value $DisabledUser.DistinguishedName

    #Adds object to the log array
    $LogArray += $obj

    }

    #Move disabled users to xxx OU
    Search-ADAccount -AccountDisabled -UsersOnly -SearchBase "OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=org" -WhatIf

    #Export log array to CSV file in the temp directory
    $LogArray | Export-Csv "C:\temp\InactiveUser-ComputerReport\InactiveUsers_PROD.csv" -NoTypeInformation 

    Any help is appreciated! Thanks in advance!

    Tuesday, April 26, 2016 8:27 PM

Answers

  • Too many redundant comments:

    Here is a simple view that should be easier t work with.

    $SearchBase = "OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=org"
    $targetOU='????' $DaysInactive = (Get-Date).AddDays(-179) Get-ADUser -SearchBase $SearchBase -Filter { lastlogondate -le $DaysInactive } | ForEach-Object{ $_ | select Name, DistinguishedName Set-ADUser $_ -Description (Get-Date).ToShortDateString() -WhatIf Disable-ADAccount $_ -WhatIf
    $_ |Move-AdObject -Target $targetOU -whatif } | Export-Csv C:\temp\InactiveUser-ComputerReport\InactiveUsers_PROD.csv -NoTypeInformation


    \_(ツ)_/





    • Edited by jrv Tuesday, April 26, 2016 9:11 PM
    • Marked as answer by SouthernDaisy Wednesday, April 27, 2016 3:29 PM
    Tuesday, April 26, 2016 9:07 PM
  • In a properly working  domain that is not possible:

    Try just these lines:

    $SearchBase = "OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=org"
    $DaysInactive = (Get-Date).AddDays(-179)
    Get-ADUser -SearchBase $SearchBase -Filter { lastlogondate -le $DaysInactive }
    
    

    Be sure SearchBase is correct.

    Test like this:

    Get-AdObject $searchbase

    If you get an error then the OU does not exist.



    \_(ツ)_/

    • Marked as answer by SouthernDaisy Wednesday, April 27, 2016 3:29 PM
    Wednesday, April 27, 2016 3:02 PM

All replies

  • It's just as the error message states: you're missing a script block after the if (condition).

    Just put a { after if ($DisabledUsers -ne $null -and $DisabledUsers.Count > 0) and another one after ForEach ($DisabledUser in $DisabledUsers) , close the } after (or before) the one that's already there and you should be good.

    Besides, the part below #Move disabled users to xxx OU doesn't do what it says in the comment.


    Evgenij Smirnov

    msg services ag, Berlin -> http://www.msg-services.de

    Windows Server User Group, Berlin -> http://www.winsvr-berlin.de

    Mark Minasi Technical Forum, reloaded -> http://newforum.minasi.com


    Tuesday, April 26, 2016 8:35 PM
  • Great! I added the open and close brackets and it carried on with the the script. However, I did get a message stating the parameter distinguishedname is invalid....and that a parameter could not be found for WhatIf.....Ugh!

    SouthernDaisy

    Tuesday, April 26, 2016 8:51 PM
  • Help for the "If" statement:

    https://technet.microsoft.com/en-us/library/hh847876.aspx

    What line raises your latest error?


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Tuesday, April 26, 2016 8:54 PM
  • on which line(s)?

    Oh wait, I see: There's a typo in 'distingishedname', 'u' is missing ;-)


    Evgenij Smirnov

    msg services ag, Berlin -> http://www.msg-services.de

    Windows Server User Group, Berlin -> http://www.winsvr-berlin.de

    Mark Minasi Technical Forum, reloaded -> http://newforum.minasi.com



    Tuesday, April 26, 2016 8:55 PM
  • This is safer and easier:
    $DisabledUsers=Get-ADUser -SearchBase $SearchBase -Properties samaccountname, name, distingishedname -Filter { lastlogondate -le $DaysInactive }
    $DisabledUsers |
    ForEach-Object{
    	$_|select Name, DistinguishedName
    	Set-ADUser $_ -Description (Get-Date).ToShortDateString() -WhatIf
    	Disable-ADAccount $_ -WhatIf
    }
    


    \_(ツ)_/

    Tuesday, April 26, 2016 9:02 PM
  • Too many redundant comments:

    Here is a simple view that should be easier t work with.

    $SearchBase = "OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=org"
    $targetOU='????' $DaysInactive = (Get-Date).AddDays(-179) Get-ADUser -SearchBase $SearchBase -Filter { lastlogondate -le $DaysInactive } | ForEach-Object{ $_ | select Name, DistinguishedName Set-ADUser $_ -Description (Get-Date).ToShortDateString() -WhatIf Disable-ADAccount $_ -WhatIf
    $_ |Move-AdObject -Target $targetOU -whatif } | Export-Csv C:\temp\InactiveUser-ComputerReport\InactiveUsers_PROD.csv -NoTypeInformation


    \_(ツ)_/





    • Edited by jrv Tuesday, April 26, 2016 9:11 PM
    • Marked as answer by SouthernDaisy Wednesday, April 27, 2016 3:29 PM
    Tuesday, April 26, 2016 9:07 PM
  • I appreciate your advice. I tried the shorter script above but I keep getting this error: 

    Get-ADUser : Directory object not found
    At line:4 char:1
    + Get-ADUser -SearchBase $SearchBase -Filter { lastlogondate -le $DaysInactive } |
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (:) [Get-ADUser], ADIdentityNotFoundException
        + FullyQualifiedErrorId : Directory object not found,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    As you can tell..I am very new to the scripting world.  But I try my best :)


    SouthernDaisy

    Wednesday, April 27, 2016 2:47 PM
  • I appreciate your advice. I tried the shorter script above but I keep getting this error: 

    Get-ADUser : Directory object not found
    At line:4 char:1
    + Get-ADUser -SearchBase $SearchBase -Filter { lastlogondate -le $DaysInactive } |
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (:) [Get-ADUser], ADIdentityNotFoundException
        + FullyQualifiedErrorId : Directory object not found,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    As you can tell..I am very new to the scripting world.  But I try my best :)


    SouthernDaisy

    Did you specify the $SearchBase variable for this?
    Regards
    Wednesday, April 27, 2016 2:54 PM
  • In a properly working  domain that is not possible:

    Try just these lines:

    $SearchBase = "OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=org"
    $DaysInactive = (Get-Date).AddDays(-179)
    Get-ADUser -SearchBase $SearchBase -Filter { lastlogondate -le $DaysInactive }
    
    

    Be sure SearchBase is correct.

    Test like this:

    Get-AdObject $searchbase

    If you get an error then the OU does not exist.



    \_(ツ)_/

    • Marked as answer by SouthernDaisy Wednesday, April 27, 2016 3:29 PM
    Wednesday, April 27, 2016 3:02 PM
  • Sad to say.... :(  I entered the OU backwards.... What was I thinking?? LOL The script works great!! Thank you sooo much!

    SouthernDaisy

    Wednesday, April 27, 2016 3:29 PM
  • Sad to say.... :(  I entered the OU backwards.... What was I thinking?? LOL The script works great!! Thank you sooo much!

    SouthernDaisy

    Great.  That is a common mistake.  It took me a bit to determine that a bad searchbase would cause that exact error.

    Good luck.


    \_(ツ)_/

    Wednesday, April 27, 2016 3:32 PM
  • Again, I thank you for your help.  I do have one other question.  How do you add multiple OUs in the SearchBase? I have added the OUs as:

    "OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=org","OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=org","OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=org","OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=org","OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=org","OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=org"

    I get this error: 

    Get-ADUser : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'SearchBase'. Specified method is not supported.
    At C:\Temp\InactiveUser-ComputerReport\InactiveUser_DEVA.ps1:13 char:24
    + Get-ADUser -SearchBase $SearchBase -Filter { lastlogondate -le $DaysInactive -or ...
    +                        ~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
        + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    I am only assuming this is because I have multiple OUs because it was running fine with only one. 


    SouthernDaisy

    Thursday, April 28, 2016 10:00 PM
  • Example:
    $OUS =  @('OU=Workstations,OU=Office Locations,DC=mydomain,DC=local',
              'CN=Computers,DC=mydomain,DC=local')
              foreach ($OU in $OUS) {
    $Computers = Get-ADComputer -Filter * -SearchScope Subtree -SearchBase "$OU"

    Regards
    Thursday, April 28, 2016 10:04 PM