locked
Powershell how to use if sats to check say if users are enabled do so.... RRS feed

  • Question

  • Hi powershell expert,

    I have a PowerShell script on the server at work that works good but I need to add an if sast into it.

    This script checks all those users that are in "Direct reports" if they are about to expire send mail to their manager.

    Question: I want to explain in my PowerShell that IF users are disabled do not send an email and IF users in 'direct reports' are enabled send mail or continue the rest of the script. I don't know how to write like this in PowerShell format

    Thursday, October 3, 2019 9:17 AM

Answers

  • But this line gets the manager of those users....I want to have a look on directreports ( those users who are in directreports ) if they are enable

    so maybe i have to write like this :

    $userDetails = Get-ADUser -Filter {Enabled -eq $True} -Properties AccountExpirationDate, accountExpires, EmailAddress 
    		

    Am I right ?

    Sorry, I thought you dont wanted to send emails to the manager whose accounts are disabled. This will work for you.

    • Marked as answer by Davoud.Ro Thursday, October 3, 2019 12:20 PM
    Thursday, October 3, 2019 12:01 PM

All replies

  • Hi,

    please format your code properly, use the option on the formating pane for the purpose:

    Regards,


    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" where applicable. This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!) Blog: https://blog.pohn.ch/ Twitter: @StoyanChalakov

    Thursday, October 3, 2019 9:22 AM
  • import-module ActiveDirectory;
    
    Get-ADUser -Filter *  -SearchBase '######################' -Properties directReports, EmailAddress, Displayname | ForEach {
    	$ManagerName = $_.Displayname
    Write-Host $_.directReports
    $Body = "
                            <html>
                            <body> 
                            <p style='font-size:12.0pt;font-family:Arial'>Hej $ManagerName,<br/><br>
                            Du har f&aring;tt detta mail f&ouml;r att du &auml;r ansvarig f&ouml;r de personer som listas nedan. De har &aring;tkomst till sina rika PIM-klienter via VPN.<br><br>
                            <style>
                            TABLE {font-family:Arial; border-width: 0px; border-style: solid; border-color: black; border-collapse: collapse; border-spacing: 0;}
                            TH {border-width: 1px; padding: 7px; border-style: solid; border-color: black; background-color: #2079B5; color: white;}
                            TD {border-width: 1px; padding: 7px; border-style: solid; border-color: black;}
                            </style>
                            <table>
                            <tbody>
                            <tr><th>Namn</th><th>E-postadress</th><th>Kontots utg&aring;ngsdatum</th></tr>";
    $AddBody = "";
    
    If ($_.directReports)
    {
    	
    	Write-Output("Processing : " + $ManagerName);
    	$ToEmail = $_.EmailAddress
    	
    	$_.directReports | ForEach {
    		
    		$userDetails = Get-ADUser $_ -Properties AccountExpirationDate, accountExpires, EmailAddress 
    		
    		$userName = $userdetails.Name
    		$userEmail = $userdetails.EmailAddress
    		Write-Host $userDetails.accountExpires
    		If ($userDetails.accountExpires -eq 0 -or $userDetails.accountExpires -eq 9223372036854775807)
    		{
    			
    			$sendEmail = $false
    		}
    		
    		If ($userDetails.AccountExpirationDate)
    		{
    			
    			$ExpiryDate = $userDetails.AccountExpirationDate
    			
    			$ExpiryDate1 = $ExpiryDate.ToShortDateString()
    			
    			$today = (Get-Date)
    			
    			$DaysLeft = ($ExpiryDate - $today).days
    			
    			If ($DaysLeft -le 30 -and $DaysLeft -ge 0)
    			{
    				$AddBody += "<tr><td>$userName</td> <td><a style='text-decoration:none;color: rgb(0, 0, 0);'>$userEmail</a></td> <td>$ExpiryDate1</td> </tr>";
    				$sendEmail = $true
    			}
    			
    		}
    	}

    Thursday, October 3, 2019 10:59 AM
  • hi again

    I sent a part of script that has to change .....

    in my openion i have to change here  in this line : 

    If ($userDetails.accountExpires -eq 0 -or $userDetails.accountExpires -eq 9223372036854775807)
    {

    $sendEmail = $false
    }

    but i dont know how to form it in powershell, maybe like this : If ($userDetails.accountExpires -eq 0 -or $userDetails.accountExpires -eq 9223372036854775807 -and $userDetails.samaacountname -eq Enabled)....

    somthing like this, but i got error and powershell doesnt accept ""-and $userDetails.samaacountname -eq Enabled""

    Thursday, October 3, 2019 11:04 AM
  • Try replacing the initial statement with the below one:

    Get-ADUser -Filter {Enabled -eq $True}  -SearchBase '######################' -Properties directReports, EmailAddress, Displayname 

    Thursday, October 3, 2019 11:06 AM
  • But this line gets the manager of those users....I want to have a look on directreports ( those users who are in directreports ) if they are enable

    so maybe i have to write like this :

    $userDetails = Get-ADUser -Filter{Enabled -eq $True} -Properties AccountExpirationDate, accountExpires, EmailAddress 
    		

    Am I right ?

    Thursday, October 3, 2019 11:20 AM
  • But this line gets the manager of those users....I want to have a look on directreports ( those users who are in directreports ) if they are enable

    so maybe i have to write like this :

    $userDetails = Get-ADUser -Filter{Enabled -eq $True} -Properties AccountExpirationDate, accountExpires, EmailAddress 
    		

    Am I right ?

    Doing this will also send the emails to the managers who's accounts are disabled, so they won't be able to receive the same, If you are making the filter on the manger(Before the loop) the email will be sent only if the manager's account is enabled even if the user's account got disabled so that he may take the necessary action.
    Thursday, October 3, 2019 11:25 AM
  • but i dont want managers get information about those accounts who's disabled, so you mean I have to write it befor loop ? like you wrote first ?
    Thursday, October 3, 2019 11:56 AM
  • But this line gets the manager of those users....I want to have a look on directreports ( those users who are in directreports ) if they are enable

    so maybe i have to write like this :

    $userDetails = Get-ADUser -Filter {Enabled -eq $True} -Properties AccountExpirationDate, accountExpires, EmailAddress 
    		

    Am I right ?

    Sorry, I thought you dont wanted to send emails to the manager whose accounts are disabled. This will work for you.

    • Marked as answer by Davoud.Ro Thursday, October 3, 2019 12:20 PM
    Thursday, October 3, 2019 12:01 PM
  • Ok 

    Thank you so much

    Thursday, October 3, 2019 12:20 PM