none
Script for disabling corresponding user account having suffix "svc" RRS feed

  • Question

  • Hello Scripters,

    I am having two user accounts in AD for a USER. One is having login name or "cn" as "Jeff" and other with having a suffix "svc" like "Jeffsvc". I want a PS script that will check if account Jeff is disabled in AD then script should disable its corresponding "svc" account.

    All svc accounts for all users are in an OU, while normal accounts are in multiple OUs.

    Let me know if anything is not clear.

    Regards..

    Himanshu


    https://www.udemy.com/mastering-dns-on-windows-server-2012-r2/?couponCode=code100 MCTS|MCSE|MCSA:Messaging|CCNA

    Friday, November 11, 2016 5:08 AM

Answers

  • Good Day

    My recommendation is the following

    #Get all the SVC accounts in the Domain
    $SVC_Accounts = (Get-ADUser -Filter " SamaccountName -like '*svc' " ).SamaccountName
    foreach ($SVC_Account in $SVC_Accounts) {
    
    #This lines makes a validation to check if the SVC user account is enabled or disabled
    $ValidationS = (Get-ADUser -Identity $SVC_Account ).Enabled
    
    #From all the SVC accounts verified selects only the ones that are enabled
    if ($ValidationS -eq $true ) {
    
    #This line removes the 'SVC' from the SamaccountName so we can search the regular user account
    $User = $SVC_Account.Replace('svc','')
    
    #This lines makes a validation to check if the regular user account is enabled or disabled
    $ValidationU = (Get-ADUser -Identity $User ).Enabled
    
    #From all the regular user accounts verified selects only the ones that are disabled
    if ($ValidationU -eq $false ) {
    
    #Get all of the Groups where the SVC account that has a disabled regular account is a member
    $Groups = Get-ADUser -Identity $SVC_Account -Properties memberof | select -Property memberof -ExpandProperty memberof
    foreach ($Group in $Groups) {
    
    #Removes all of the groups assigned to the SVC Acccount without confirmation
    Remove-ADGroupMember -Identity $Group -Members $SVC_Account -Confirm:$false -Verbose
    
    #Finally disables the SVC account 
    Disable-ADAccount -Identity $SVC_Account -Verbose } } } }

    All lines have a little explanation so you can see what are we doing
    Hope this works for you

    Regards


    Friday, November 11, 2016 10:27 PM

All replies

  • Thanks Vincent, for pointing me to the right direction.

    I am not asking anyone to write a script for me, I just want to know what logic can I apply to create script, as I don't find relevant script in script center.

    Thanks!!


    https://www.udemy.com/mastering-dns-on-windows-server-2012-r2/?couponCode=code100 MCTS|MCSE|MCSA:Messaging|CCNA

    Friday, November 11, 2016 6:35 AM
  • Cmdlets you need

    Get-ADUser

    about_If

    Disable-ADAccount

    Check Examples and try to write your own script

    Post the script which you have tried if it doesn't work

    Friday, November 11, 2016 7:25 AM
  • Good Day

    My recommendation is the following

    #Get all the SVC accounts in the Domain
    $SVC_Accounts = (Get-ADUser -Filter " SamaccountName -like '*svc' " ).SamaccountName
    foreach ($SVC_Account in $SVC_Accounts) {
    
    #This lines makes a validation to check if the SVC user account is enabled or disabled
    $ValidationS = (Get-ADUser -Identity $SVC_Account ).Enabled
    
    #From all the SVC accounts verified selects only the ones that are enabled
    if ($ValidationS -eq $true ) {
    
    #This line removes the 'SVC' from the SamaccountName so we can search the regular user account
    $User = $SVC_Account.Replace('svc','')
    
    #This lines makes a validation to check if the regular user account is enabled or disabled
    $ValidationU = (Get-ADUser -Identity $User ).Enabled
    
    #From all the regular user accounts verified selects only the ones that are disabled
    if ($ValidationU -eq $false ) {
    
    #Get all of the Groups where the SVC account that has a disabled regular account is a member
    $Groups = Get-ADUser -Identity $SVC_Account -Properties memberof | select -Property memberof -ExpandProperty memberof
    foreach ($Group in $Groups) {
    
    #Removes all of the groups assigned to the SVC Acccount without confirmation
    Remove-ADGroupMember -Identity $Group -Members $SVC_Account -Confirm:$false -Verbose
    
    #Finally disables the SVC account 
    Disable-ADAccount -Identity $SVC_Account -Verbose } } } }

    All lines have a little explanation so you can see what are we doing
    Hope this works for you

    Regards


    Friday, November 11, 2016 10:27 PM