Powershell how to use if sats to check say if users are enabled do so....

All replies

• 

  

  0

  Sign in to vote

  Hi,

  please format your code properly, use the option on the formating pane for the purpose:

  

  Regards,

  ---

  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" where applicable. This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!) Blog: https://blog.pohn.ch/ Twitter: @StoyanChalakov

  Thursday, October 3, 2019 9:22 AM
• 

  

  0

  Sign in to vote

  import-module ActiveDirectory;
  
  Get-ADUser -Filter *  -SearchBase '######################' -Properties directReports, EmailAddress, Displayname | ForEach {
  	$ManagerName = $_.Displayname
  Write-Host $_.directReports
  $Body = "
                          <html>
                          <body> 
                          <p style='font-size:12.0pt;font-family:Arial'>Hej $ManagerName,<br/><br>
                          Du har f&aring;tt detta mail f&ouml;r att du &auml;r ansvarig f&ouml;r de personer som listas nedan. De har &aring;tkomst till sina rika PIM-klienter via VPN.<br><br>
                          <style>
                          TABLE {font-family:Arial; border-width: 0px; border-style: solid; border-color: black; border-collapse: collapse; border-spacing: 0;}
                          TH {border-width: 1px; padding: 7px; border-style: solid; border-color: black; background-color: #2079B5; color: white;}
                          TD {border-width: 1px; padding: 7px; border-style: solid; border-color: black;}
                          </style>
                          <table>
                          <tbody>
                          <tr><th>Namn</th><th>E-postadress</th><th>Kontots utg&aring;ngsdatum</th></tr>";
  $AddBody = "";
  
  If ($_.directReports)
  {
  	
  	Write-Output("Processing : " + $ManagerName);
  	$ToEmail = $_.EmailAddress
  	
  	$_.directReports | ForEach {
  		
  		$userDetails = Get-ADUser $_ -Properties AccountExpirationDate, accountExpires, EmailAddress 
  		
  		$userName = $userdetails.Name
  		$userEmail = $userdetails.EmailAddress
  		Write-Host $userDetails.accountExpires
  		If ($userDetails.accountExpires -eq 0 -or $userDetails.accountExpires -eq 9223372036854775807)
  		{
  			
  			$sendEmail = $false
  		}
  		
  		If ($userDetails.AccountExpirationDate)
  		{
  			
  			$ExpiryDate = $userDetails.AccountExpirationDate
  			
  			$ExpiryDate1 = $ExpiryDate.ToShortDateString()
  			
  			$today = (Get-Date)
  			
  			$DaysLeft = ($ExpiryDate - $today).days
  			
  			If ($DaysLeft -le 30 -and $DaysLeft -ge 0)
  			{
  				$AddBody += "<tr><td>$userName</td> <td><a style='text-decoration:none;color: rgb(0, 0, 0);'>$userEmail</a></td> <td>$ExpiryDate1</td> </tr>";
  				$sendEmail = $true
  			}
  			
  		}
  	}

  
  

  Thursday, October 3, 2019 10:59 AM
• 

  

  0

  Sign in to vote

  hi again

  I sent a part of script that has to change .....

  in my openion i have to change here  in this line : 

  If ($userDetails.accountExpires -eq 0 -or $userDetails.accountExpires -eq 9223372036854775807)
  {
  
  $sendEmail = $false
  }

  but i dont know how to form it in powershell, maybe like this : If ($userDetails.accountExpires -eq 0 -or $userDetails.accountExpires -eq 9223372036854775807 -and $userDetails.samaacountname -eq Enabled)....

  somthing like this, but i got error and powershell doesnt accept ""-and $userDetails.samaacountname -eq Enabled""

  Thursday, October 3, 2019 11:04 AM
• 

  

  0

  Sign in to vote

  Try replacing the initial statement with the below one:

  Get-ADUser -Filter {Enabled -eq $True}  -SearchBase '######################' -Properties directReports, EmailAddress, Displayname 

  
  

  Thursday, October 3, 2019 11:06 AM
• 

  

  0

  Sign in to vote

  But this line gets the manager of those users....I want to have a look on directreports ( those users who are in directreports ) if they are enable

  so maybe i have to write like this :

  $userDetails = Get-ADUser -Filter{Enabled -eq $True} -Properties AccountExpirationDate, accountExpires, EmailAddress 
  		

  Am I right ?

  Thursday, October 3, 2019 11:20 AM
• 

  

  0

  Sign in to vote

  But this line gets the manager of those users....I want to have a look on directreports ( those users who are in directreports ) if they are enable

  so maybe i have to write like this :

  $userDetails = Get-ADUser -Filter{Enabled -eq $True} -Properties AccountExpirationDate, accountExpires, EmailAddress 
  		

  Am I right ?

  Doing this will also send the emails to the managers who's accounts are disabled, so they won't be able to receive the same, If you are making the filter on the manger(Before the loop) the email will be sent only if the manager's account is enabled even if the user's account got disabled so that he may take the necessary action.
  

  Thursday, October 3, 2019 11:25 AM
• 

  

  0

  Sign in to vote

  but i dont want managers get information about those accounts who's disabled, so you mean I have to write it befor loop ? like you wrote first ?

  Thursday, October 3, 2019 11:56 AM
• 

  

  1

  Sign in to vote

  But this line gets the manager of those users....I want to have a look on directreports ( those users who are in directreports ) if they are enable

  so maybe i have to write like this :

  $userDetails = Get-ADUser -Filter {Enabled -eq $True} -Properties AccountExpirationDate, accountExpires, EmailAddress 
  		

  Am I right ?

  Sorry, I thought you dont wanted to send emails to the manager whose accounts are disabled. This will work for you.

  • Marked as answer by Davoud.Ro Thursday, October 3, 2019 12:20 PM

  Thursday, October 3, 2019 12:01 PM
• 

  

  0

  Sign in to vote

  Ok 

  Thank you so much

  Thursday, October 3, 2019 12:20 PM