Powershell AD Users CSV report with ADPropertyValueCollection Error -

got loop going through ad users delete users on 90 days old. want pull report of deleted users in csv. in few fields of cvs microsoft.activedirectory.management.adpropertyvaluecollection

the code this

 users in have not logged on within  # 60 days in "active directory" , disable them  #  # current date  loginfo("start of log file") loginfo("compare date : getting date") $comparedate=get-date  # number of days check back. loginfo("set disable time : settings number of days disable 60") $numberdays=(get-date).adddays(-60) #$then = (get-date).adddays(-60)  # number of days check stale accounts  # our sample here taking "oldaccounts" , pumping  # 30 more days.   #therefore 90 days old accounts haven't logged in should purged  #  loginfo("set delete time : setting number of days delete 90") $deletedate=$numberdays+30  # have "override fields" bypass delete  # happening.  if "notes" field in a/d contains  # exact override phrase anywhere (in case  # word ***override*** , case sensitive  # account never deleted (unless of course remove  # word notes field  # loginfo("set override key word") #$override='***override***'   # other override field if  # onleave details in description  # field in a/d.  allows user  # not gone (ie: contractor / student) may  # return have account disabled ,  # left alone until return.  words here  # simple on leave until , can anywhere in  # description field in a/d  #  loginfo("set on leave override key word") $onleave='on leave until'  # organizational unit search â€“ in fictional domain of  # â€˜contoso.localâ€™ in ou of users under business ou on root  # of contoso a/d  #  loginfo("set ou path : setting ou path test ou") $ou='ou=users,ou=test,dc=corporate,dc=nzpost,dc=co,dc=nz'  # users not active within specified range , disable accounts in active directory  #  # store them away variable since we're going examine list few times.  loginfo("listing user accounts 60 days old") $listofaccounts=get-aduser -property lastlogondate -searchbase $ou -filter {lastlogondate -lt $numberdays} #  # account not logged in within short range gets disabled in ad  #  loginfo("disabling user accounts 60 days old") $listofaccounts | disable-adaccount -whatif  # pull new list.   old accounts  #  #$listofpotentialdeletes=$listofaccounts | { $_.lastlogon.adddays($deletedate) -gt $currentdate }  $listofpotentialdeletes=get-aduser -searchbase $ou -property lastlogondate -filter {lastlogondate -lt $deletedate}  # secondary compare more interesting.  if accounts stale, deleted unless special keywords  # in place  #  foreach ($user in $listofpotentialdeletes) {            get-aduser -identity $user -properties * | select @{ name = 'adspath'; expression = { $_.adspath -join ';'; }; },cn,givenname,lastlogondate,description, profilepath, homedirectory, `             @{ name = 'mail'; expression = { $_.mail -join ';'; }; }, @{ name = 'publicdelegates'; expression = { $_.publicdelegates -join ';'; }; }, whencreated, company, manager, employeeid, `             @{ name = 'memberof'; expression = { $_.memberof -join ';'; }; }  | export-csv "e:\damo\_userlist.csv" -append        if (($user.notes -notlike '*'+$override+'*') -and ($user.description -notlike '*'+$onleave+'*'))      {           loginfo("$user.samaccountname deleted")          write-host $user.samaccountname 'deleted'          remove-adobject $user.samaccountname -whatif       }      elseif ($user.notes -like '*'+$override+'*')          {              loginfo("$user.samaccountname not removed due administrative override")             write-host $user.samaccountname 'not removed due administrative override'            }          else          {              loginfo("$user.samaccountname not removed - presently on leave")             write-host $user.samaccountname 'not removed - presently on leave'          }   #get-aduser -identity $user -properties * | select adspath,cn,givenname,lastlogondate,description, profilepath, homedirectory, @{ name = 'mail'; expression = { $_.mail -join ';'; }; },      #publicdelegates, whencreated, company, manager, employeeid, memberof | export-csv "e:\folder\_userlist.csv" -append }   $users = get-aduser -searchbase $ou -properties userprincipalname,lastlogondate,description,mail,profilepath,homedirectory -filter {userprincipalname -like "*"}  $csv = foreach($user in $users){       $grp = get-adprincipalgroupmembership $user      foreach($group in $grp){          new-object -typename psobject -property @{              #memberof = $user.memberof[0]             group = $group.name              user = $user.samaccountname              givenname = $user.givenname             surname = $user.surname             lastlogon = $user.lastlogondate             description = $user.description             mail = $user.mail             profilepath = $user.profilepath             homedir = $user.homedirectory             }          }  }   $csv | export-csv e:\folder\deletedusersinfo.csv

how memberof populate in csv, shows group user

i have 2 loops there trying 1 work, shows memberof groups without full ou path.

any fantastic.

cheers in advance

the issue active directory attributes collections/arrays. example, user can have multiple e-mail aliases in mail attribute. in order display in csv file, must pre-process information before can represented single string.

to demonstrate "issue" using simple example, consider following:

$arr = @(1,2,3); $arr.tostring();

the result looks this:

system.object[]

to resolve this, need augment objects before passed export-csv cmdlet. fortunately, can using select-object, slight modification!

consider simple example, builds on previous one, joining array on character:

$arr = @(1,2,3); $arr -join ';'

the result looks this:

1;2;3

now, applying example, going join array of items on character (eg. semicolon). here like:

get-aduser -identity $user -properties * | select adspath,cn,givenname,lastlogondate,description, profilepath, homedirectory, @{ name = 'mail'; expression = { $_.mail -join ';'; }; }, publicdelegates, whencreated, company, manager, employeeid, memberof | export-csv "e:\damo\_userlist.csv" -append

in above code, resulting mail property following:

email1@domain.com;email2@domain.com;email3@domain.com

since array data represented single string, export spreadsheet (csv file).

Search This Blog

XPATH

Powershell AD Users CSV report with ADPropertyValueCollection Error -

Comments

Post a Comment

Popular posts from this blog

c# - Unity IoC Lifetime per HttpRequest for UserStore -

Change the color of an oval at click in Java AWT -

I am trying to solve the error message 'incompatible ranks 0 and 1 in assignment' in a fortran 95 program. -