none
Powershell command RRS feed

  • Question

  • Hi Team,

    I am looking for a command in powershell which can filter active/inactive user account from a particular ou.

    Requirement :

    We have to add users from a particular OU to a particular group. Problem is that OU contain active as well as inactive user accounts, we are looking for powershell command or script that can help to filter active account.

    Thanks
    Abhishek


    Abhishek Saxena


    Thursday, October 22, 2015 3:23 PM

Answers

  • Get-ADUser -SearchBase "OU=Teste,DC=kteste,DC=corp,DC=net" -Filter 'enabled -eq $true' | select samaccountname,enabled
    Friday, October 23, 2015 10:35 AM
  • User the Get-Help cmdlet to look at the help for the Get-ADUser, Add-ADGroupMember, and Add-ADPrincipalGroupMembership cmdlets. Something like the below may be similar to what you need.

    Get-ADUser -SearchBase "ou=West,dc=mydomain,dc=com" -Filter {Enabled -eq $True} | Add-ADPrincipalGroupMembership -MemberOf "ou shadow group"
    

    If this is a "shadow" group, that will require maintenance over time, you might want to look at this more advanced script that handles several gotchas that can be encountered:

    https://gallery.technet.microsoft.com/Update-Shadow-Group-with-9ee6336f

    For example, the snippet I gave above will raise an error if any user is already a member of the group.


    Richard Mueller - MVP Directory Services

    Friday, October 23, 2015 1:04 PM
    Moderator

All replies

  • HELP Search-AdObject -full

    Search-AdObject -User -Inactive ...


    \_(ツ)_/

    Thursday, October 22, 2015 3:33 PM
  • unable to execute this .. something is missing or i am missing something.

    please explain..

     

    PS C:\Users\ad-saxenaab> HELP Search-AdObject -full
    Search-AdObject -User -Inactive
    Get-Help : Get-Help could not find Search-AdObject in a help file in this session. To download updated help topics type: "Update-Help". To get help online, search for the help 
    topic in the TechNet library at http://go.microsoft.com/fwlink/?LinkID=107116.
    At line:55 char:7
    +       Get-Help @PSBoundParameters | more
    +       ~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ResourceUnavailable: (:) [Get-Help], HelpNotFoundException
        + FullyQualifiedErrorId : HelpNotFound,Microsoft.PowerShell.Commands.GetHelpCommand
     
    Search-AdObject : The term 'Search-AdObject' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path 
    was included, verify that the path is correct and try again.
    At line:2 char:1
    + Search-AdObject -User -Inactive
    + ~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (Search-AdObject:String) [], CommandNotFoundException
        + FullyQualifiedErrorId : CommandNotFoundException


    Abhishek Saxena

    Thursday, October 22, 2015 3:59 PM
  • Sorry.  Typo.  Should be Search-AdAccount.

    https://technet.microsoft.com/en-us/library/ee617247.aspx


    \_(ツ)_/

    Thursday, October 22, 2015 4:10 PM
  • No luck

    PS C:\Users\ad-saxenaab> Search-AdAccount -full
    Search-ADAccount -User -Inactive
    Search-ADAccount : A parameter cannot be found that matches parameter name 'full'.
    At line:1 char:18
    + Search-AdAccount -full
    +                  ~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Search-ADAccount], ParameterBindingException
        + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.SearchADAccountCmdlet
     
    Search-ADAccount : A parameter cannot be found that matches parameter name 'Inactive'.
    At line:2 char:24
    + Search-ADAccount -User -Inactive
    +                        ~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Search-ADAccount], ParameterBindingException
        + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.SearchADAccountCmdlet


    Abhishek Saxena

    Thursday, October 22, 2015 4:19 PM
  • You asked for "AD Command Help"  Here is the help:

    HELP SEARCH-ADACOUNT -FULL

    You need to learn the basics of PowerShell and this would not happen.  Read the help in its entirety as it tells you everything you need to know.


    \_(ツ)_/

    Thursday, October 22, 2015 4:34 PM
  • Per the help referred to, you should set the -SearchBase to the distinguished name of the OU. You can use the -AccountDisabled switch to request either enabled or disabled. Use -UsersOnly to only retrieve user objects.

    Richard Mueller - MVP Directory Services

    Thursday, October 22, 2015 5:22 PM
    Moderator
  • Requirement :

    We have to add users from a particular OU to a particular group. Problem is that OU contain active as well as inactive user accounts, we are looking for powershell command or script that can help to filter active account.


    Abhishek Saxena

    Friday, October 23, 2015 9:14 AM
  • By default the command returns only active accounts.

    \_(ツ)_/

    Friday, October 23, 2015 9:21 AM
  • Get-ADUser -SearchBase "OU=Teste,DC=kteste,DC=corp,DC=net" -Filter 'enabled -eq $true' | select samaccountname,enabled
    Friday, October 23, 2015 10:35 AM
  • User the Get-Help cmdlet to look at the help for the Get-ADUser, Add-ADGroupMember, and Add-ADPrincipalGroupMembership cmdlets. Something like the below may be similar to what you need.

    Get-ADUser -SearchBase "ou=West,dc=mydomain,dc=com" -Filter {Enabled -eq $True} | Add-ADPrincipalGroupMembership -MemberOf "ou shadow group"
    

    If this is a "shadow" group, that will require maintenance over time, you might want to look at this more advanced script that handles several gotchas that can be encountered:

    https://gallery.technet.microsoft.com/Update-Shadow-Group-with-9ee6336f

    For example, the snippet I gave above will raise an error if any user is already a member of the group.


    Richard Mueller - MVP Directory Services

    Friday, October 23, 2015 1:04 PM
    Moderator
  • Thank you Richard & Klebinhu.

    It worked. 


    Abhishek Saxena

    Friday, October 23, 2015 1:21 PM