Exporting Disabled AD user accounts outside specific OU only?

Ask your Windows PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
ITEngineer
Posts: 138
Joined: Wed Oct 12, 2011 10:52 am

Exporting Disabled AD user accounts outside specific OU only?

Post by ITEngineer » Mon Nov 19, 2018 9:51 pm

Hi People,

I have created the below PowerShell script, but the result is not always correct.

Expected: Only export the Disabled AD account outside the Excluded OU lists to .CSV file.
Result:
Some OU like CN=Users,DC=Domain,DC=com which also have some Disabled AD accounts are skipped or not even checked?
The exported .CSV also still contains the Disabled AD account from OU=SiteX,OU=Disabled Users and some other in the Excluded OU?

Code: Select all

$filter = '(Enabled -eq $false)'
$ResultDirectory = 'C:\Disabled-ADAccountOutsideOU.csv'
$domainDN = (Get-ADDomain).DistinguishedName

$excludeOUs = @(
    'OU=Site1,OU=Disabled Users'
    'OU=Site2,OU=Disabled Users'
    'OU=SiteX,OU=Disabled Users'
) | ForEach-Object { $_ + ',' + $domainDN }
Get-ADUser -Filter $filter -Properties * |
    Where-Object { ($_.SamAccountName.Length -eq 7) -and ($excludeOUs -notcontains $_.ParentContainer) } |
    Select-Object -Property SamAccountName, Enabled, @{ n = 'ParentContainer'; e = { $_.DistinguishedName -replace '\A.*?,(?=(CN|OU|DC)=)' } }, CanonicalName, lastlogondate |
    Export-Csv -NoTypeInformation -Path $ResultDirectory
Any help would be greatly appreciated.
/* IT Engineer */

User avatar
jvierra
Posts: 13395
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Exporting Disabled AD user accounts outside specific OU only?

Post by jvierra » Mon Nov 19, 2018 10:11 pm

There is no such parameter as "parentContainer"

User avatar
ITEngineer
Posts: 138
Joined: Wed Oct 12, 2011 10:52 am

Re: Exporting Disabled AD user accounts outside specific OU only?

Post by ITEngineer » Mon Nov 19, 2018 10:20 pm

jvierra wrote:
Mon Nov 19, 2018 10:11 pm
There is no such parameter as "parentContainer"
No, it was just the column name on the .CSV
so how to fix the script so it is filtering properly.
/* IT Engineer */

User avatar
jvierra
Posts: 13395
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Exporting Disabled AD user accounts outside specific OU only?

Post by jvierra » Mon Nov 19, 2018 10:32 pm

Code: Select all

Get-ADUser -Filter {Enabled -eq $false} -Properties CanonicalName, lastlogondate |
    Where-Object{
        $_.SamAccountName.Length -eq 7 -and
        -not ($excludeOUs -match $_.DistinguishedName)
    }

User avatar
ITEngineer
Posts: 138
Joined: Wed Oct 12, 2011 10:52 am

Re: Exporting Disabled AD user accounts outside specific OU only?

Post by ITEngineer » Mon Nov 19, 2018 10:56 pm

jvierra wrote:
Mon Nov 19, 2018 10:32 pm

Code: Select all

Get-ADUser -Filter {Enabled -eq $false} -Properties CanonicalName, lastlogondate |
    Where-Object{
        $_.SamAccountName.Length -eq 7 -and
        -not ($excludeOUs -match $_.DistinguishedName)
    }
Ah, I see, But the Disabled AD account in the Users Container is still not reported?

how to include this CN: CN=Users,DC=Domain,DC=com
/* IT Engineer */

Locked