locked
Disable accounts based on search RRS feed

  • Question

  • I'm trying to automate disabled our vendor vpn accounts at the end of the week. so far I have:

    Import-Module ActiveDirectory
    $Enabledlist = Get-ADUser -Filter {enabled -eq "True"} -SearchBase "OU=Vendor,OU=site,DC=job,DC=state,DC=local" | Select-Object SamAccountName 
    foreach($enabledAccount in $enabledList)
        {Disable-ADAccount -Identity $enabledAccount} 

    Problem is:

    Cannot convert value "@{SamAccountName=vendervpnaccount}" to type "Microsoft.ActiveDirectory.Management.ADAccount"
    I'm not sure how to just get the samaccountname and not the @{samaccountname= with it.


    Wednesday, April 30, 2014 6:33 PM

Answers

All replies

  • Use the -ExpandProperty parameter of the Select-Object cmdlet.

    $Enabledlist = Get-ADUser -Filter {enabled -eq "True"} -SearchBase "OU=Vendor,OU=site,DC=job,DC=state,DC=local" | Select-Object -ExpandProperty SamAccountName

    Or, use dotted notation.

    $Enabledlist = (Get-ADUser -Filter {enabled -eq "True"} -SearchBase "OU=Vendor,OU=site,DC=job,DC=state,DC=local").SamAccountName
    Edit: Added second example

    Wednesday, April 30, 2014 6:35 PM
  • Hi,

    You need to reference the SamAccountName property of the object:


    Disable-ADAccount -Identity $enabledAccount.SamAccountName

    Also, you're using $disabledAccount in your loop, but you need to be using $enabledAccount, as that's what you're naming the variable.


    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    Wednesday, April 30, 2014 6:37 PM
  • yeah, sorry that was a typo; I thought I edited it. I Appreciate the help!
    Wednesday, April 30, 2014 7:08 PM
  • Wednesday, April 30, 2014 7:09 PM
  • I might be missing something here, but you don't need the loop or the Select-Object.

    You can pipe the results of Get-ADUser directly into Disable-ADAccount.

    Get-ADUser -Filter {enabled -eq "True"} -SearchBase OU=Vendor,OU=site,DC=job,DC=state,DC=local" | Disable-ADAccount


    • Proposed as answer by Mike Laughlin Thursday, May 1, 2014 5:31 PM
    Thursday, May 1, 2014 4:56 PM
  • I might be missing something here, but you don't need the loop or the Select-Object.

    You can pipe the results of Get-ADUser directly into Disable-ADAccount.

    Yep, that'll work too. I have a bad habit of always using ForEach even when I don't really need to.

    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    Thursday, May 1, 2014 5:31 PM
  • Hi,

    Sorry for hijacking this post, but I am trying to do a very similar thing, using the replies "that work", but frustratingly, they are not working for me.

    What works:

    Get-ADUser -Filter {ExtensionAttribute3 -eq "user"} | ft SamAccountName

    $users = Get-ADUser -Filter {ExtensionAttribute3 -eq "user"}

    $users

      User1

      User2

      ....

    These return all the default properties of each user. Great, but I'm only interested in SamAccountName or DistingishedName, therefore, using dotted notation, I should be able to do, but doesn't return anything:

    (Get-ADUser -Filter {ExtensionAttribute3 -eq "user"}).SamAccountName

    or

    $users = Get-ADUser -Filter {ExtensionAttribute3 -eq "user"}

    $users.SamAccountName

    Any pointers?

    Thanks


    W.


    • Edited by Woter324 Wednesday, May 7, 2014 1:07 PM
    Wednesday, May 7, 2014 1:05 PM
  • Any pointers?

    Yes, start your own thread if you want anyone to see this question.


    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    Wednesday, May 7, 2014 1:14 PM
  • These return all the default properties of each user. Great, but I'm only interested in SamAccountName or DistingishedName, therefore, using dotted notation, I should be able to do, but doesn't return anything:

    Stop trying to use dotted notation. 

    If you only want the SamAccountName or DistinguishedName, you need to pipe the result into Select-Object.

    Get-ADUser -Filter {ExtensionAttribute3 -eq "user"} | Select-Object SamAccountName

    Get-ADUser -Filter {ExtensionAttribute3 -eq "user"} | Select-Object SamAccountName, distinguishedName

    Shorter form...

    Get-ADUser -Filter {ExtensionAttribute3 -eq "user"} | Select SamAccountName, distinguishedName

    Wednesday, May 7, 2014 2:18 PM