none
Help with a script RRS feed

  • Question


  • Could someone please help.

    Basically the following line does not work .

    GET-ADUSER -filter * -SearchBase $OU -properties LastLogonDate | where { $_.LastLogonDate.AddDays($NumberDays) -lt $CurrentDate } | Format-Table 

    Error:

    Get-ADUser : Cannot validate argument on parameter 'SearchBase'. The argument is null. Provide a valid value for the argument, and then try running the command again.
    At C:\scripts\old_users.ps1:20 char:34
    + GET-ADUSER -filter * -SearchBase $OU -properties LastLogonDate | wher ...
    +                                                       ~~~
        + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    It seems to have something to do with the -SearchBase syntax needing a string and $OU is invalid. Although this script has been said to work, could you shed some light on where I am going wrong. Below is the full script created by Sean Kearney. Please forgive me if this is the wrong place or wrong way to post this. I have posted in the original thread as well but have not received an answer and probably chocked up to people being to busy.

    thank you,

    -JB

    *********************************************************************************

    # List all users in that have not logged on within  
    # XXX days in "Active Directory"  
    #   
    # This script requires the Active Directory Module from Microsoft.  
    # It works with Server 2008 R2 and higher Domain Controllers 
    # 
    # Get the Current Date  
    #   
    $CurrentDate=GET-DATE  
     
    # Number of Days to check back.    
    #   
    $NumberDays=90  
     
    # Organizational Unit to search  
     
    $SearchBase='OU=Users,OU=Business,DC=Contoso,DC=Local'  
     
    Import-Module ActiveDirectory 
    GET-ADUSER -filter * -SearchBase $OU -properties LastLogonDate | where { $_.LastLogonDate.AddDays($NumberDays-lt $CurrentDate } | Format-Table 
     
    # Add in a | DISABLE-ADAccount to AUTOMATICALLY Disable those accounts.  
    # Line should read like this if you want to do that  
     
    # GET-ADUSER -filter * -SearchBase $OU -properties LastLogonDate | where { $_.LastLogonDate.AddDays($NumberDays) -lt $CurrentDate } | Disable-ADAccount 


    • Edited by syebrexsr Thursday, September 29, 2016 8:20 PM
    Thursday, September 29, 2016 8:18 PM

Answers

All replies

  • You define $SearchBase above but then try to use $OU in Get-ADUser.

    Thursday, September 29, 2016 8:21 PM
  • Ok, so I will work on that line and possibly get rid of the second $searchbase.
    Thursday, September 29, 2016 8:41 PM
  • You define $SearchBase above but then try to use $OU in Get-ADUser.

    Thank you, so I changed the way I would get date and add days, then I got rid of the second searchbase. Then I a used selectobject and entered what I wanted for my results. 

    I also removed the -Searchbase from above and just made sure -searchbase points to $OU

    Original scrip was written by Sean Kearney and I just modified it to work for me. I am sure it works as is but I am new to this and it didn't work for me. His script is located below at the following website.

    https://gallery.technet.microsoft.com/scriptcenter/83d39949-3e22-45ef-aaba-3a4e17341c5e/view/Discussions#content

    Here is my finished script the does the trick and you can export it to txt or csv.

    ***********************************************************************************

    #

    # List all users in that have not logged on within  
    # XXX days in "Active Directory"  
    #   
    # This script requires the Active Directory Module from Microsoft.  
    # It works with Server 2008 R2 and higher Domain Controllers 

    # Get the Current Date  
    #   
    $Now = Get-Date  
    #  
    # Number of Days to check back.    
    #   
    $Date = $Now.AddDays(-180)  
    #  
    # Organizational Unit to search  
    #  
    $OU='OU=MJHALL Users,DC=mjhallandcompany,DC=com'  
    #  
    Import-Module ActiveDirectory 
    Get-ADUser -Filter  {(lastLogonTimeStamp -le $Date) -and (lastLogonTimeStamp -gt 0)} -Searchbase $OU -Properties LastLogonTimeStamp | Select-Object name, samaccountname, userprincipalname, distinguishedname, Enabled | Format-Table
    #  
    # Add in a | DISABLE-ADAccount to AUTOMATICALLY Disable those accounts.  
    # Line should read like this if you want to do that  
    #  
    # Get-ADUser -Filter {(lastLogonTimeStamp -le $Date) -and (lastLogonTimeStamp -gt 0)} -Searchbase $OU -Properties LastLogonTimeStamp | Disable-ADAccount 
    • Edited by syebrexsr Friday, September 30, 2016 4:40 PM
    Friday, September 30, 2016 4:19 PM