Powershell AD Users CSV report with ADPropertyValueCollection Error -
got loop going through ad users delete users on 90 days old. want pull report of deleted users in csv. in few fields of cvs microsoft.activedirectory.management.adpropertyvaluecollection
the code this
users in have not logged on within # 60 days in "active directory" , disable them # # current date loginfo("start of log file") loginfo("compare date : getting date") $comparedate=get-date # number of days check back. loginfo("set disable time : settings number of days disable 60") $numberdays=(get-date).adddays(-60) #$then = (get-date).adddays(-60) # number of days check stale accounts # our sample here taking "oldaccounts" , pumping # 30 more days. #therefore 90 days old accounts haven't logged in should purged # loginfo("set delete time : setting number of days delete 90") $deletedate=$numberdays+30 # have "override fields" bypass delete # happening. if "notes" field in a/d contains # exact override phrase anywhere (in case # word ***override*** , case sensitive # account never deleted (unless of course remove # word notes field # loginfo("set override key word") #$override='***override***' # other override field if # onleave details in description # field in a/d. allows user # not gone (ie: contractor / student) may # return have account disabled , # left alone until return. words here # simple on leave until , can anywhere in # description field in a/d # loginfo("set on leave override key word") $onleave='on leave until' # organizational unit search – in fictional domain of # ‘contoso.local’ in ou of users under business ou on root # of contoso a/d # loginfo("set ou path : setting ou path test ou") $ou='ou=users,ou=test,dc=corporate,dc=nzpost,dc=co,dc=nz' # users not active within specified range , disable accounts in active directory # # store them away variable since we're going examine list few times. loginfo("listing user accounts 60 days old") $listofaccounts=get-aduser -property lastlogondate -searchbase $ou -filter {lastlogondate -lt $numberdays} # # account not logged in within short range gets disabled in ad # loginfo("disabling user accounts 60 days old") $listofaccounts | disable-adaccount -whatif # pull new list. old accounts # #$listofpotentialdeletes=$listofaccounts | { $_.lastlogon.adddays($deletedate) -gt $currentdate } $listofpotentialdeletes=get-aduser -searchbase $ou -property lastlogondate -filter {lastlogondate -lt $deletedate} # secondary compare more interesting. if accounts stale, deleted unless special keywords # in place # foreach ($user in $listofpotentialdeletes) { get-aduser -identity $user -properties * | select @{ name = 'adspath'; expression = { $_.adspath -join ';'; }; },cn,givenname,lastlogondate,description, profilepath, homedirectory, ` @{ name = 'mail'; expression = { $_.mail -join ';'; }; }, @{ name = 'publicdelegates'; expression = { $_.publicdelegates -join ';'; }; }, whencreated, company, manager, employeeid, ` @{ name = 'memberof'; expression = { $_.memberof -join ';'; }; } | export-csv "e:\damo\_userlist.csv" -append if (($user.notes -notlike '*'+$override+'*') -and ($user.description -notlike '*'+$onleave+'*')) { loginfo("$user.samaccountname deleted") write-host $user.samaccountname 'deleted' remove-adobject $user.samaccountname -whatif } elseif ($user.notes -like '*'+$override+'*') { loginfo("$user.samaccountname not removed due administrative override") write-host $user.samaccountname 'not removed due administrative override' } else { loginfo("$user.samaccountname not removed - presently on leave") write-host $user.samaccountname 'not removed - presently on leave' } #get-aduser -identity $user -properties * | select adspath,cn,givenname,lastlogondate,description, profilepath, homedirectory, @{ name = 'mail'; expression = { $_.mail -join ';'; }; }, #publicdelegates, whencreated, company, manager, employeeid, memberof | export-csv "e:\folder\_userlist.csv" -append } $users = get-aduser -searchbase $ou -properties userprincipalname,lastlogondate,description,mail,profilepath,homedirectory -filter {userprincipalname -like "*"} $csv = foreach($user in $users){ $grp = get-adprincipalgroupmembership $user foreach($group in $grp){ new-object -typename psobject -property @{ #memberof = $user.memberof[0] group = $group.name user = $user.samaccountname givenname = $user.givenname surname = $user.surname lastlogon = $user.lastlogondate description = $user.description mail = $user.mail profilepath = $user.profilepath homedir = $user.homedirectory } } } $csv | export-csv e:\folder\deletedusersinfo.csv how memberof populate in csv, shows group user
i have 2 loops there trying 1 work, shows memberof groups without full ou path.
any fantastic.
cheers in advance
the issue active directory attributes collections/arrays. example, user can have multiple e-mail aliases in mail attribute. in order display in csv file, must pre-process information before can represented single string.
to demonstrate "issue" using simple example, consider following:
$arr = @(1,2,3); $arr.tostring(); the result looks this:
system.object[] to resolve this, need augment objects before passed export-csv cmdlet. fortunately, can using select-object, slight modification!
consider simple example, builds on previous one, joining array on character:
$arr = @(1,2,3); $arr -join ';' the result looks this:
1;2;3 now, applying example, going join array of items on character (eg. semicolon). here like:
get-aduser -identity $user -properties * | select adspath,cn,givenname,lastlogondate,description, profilepath, homedirectory, @{ name = 'mail'; expression = { $_.mail -join ';'; }; }, publicdelegates, whencreated, company, manager, employeeid, memberof | export-csv "e:\damo\_userlist.csv" -append in above code, resulting mail property following:
email1@domain.com;email2@domain.com;email3@domain.com since array data represented single string, export spreadsheet (csv file).
Comments
Post a Comment