This is part of my ‘Finding all Disabled users in AD’ from an earlier post. The backstory is, I used some powershell to import about 1100 dummy users into a newly created AD.
Out of 1100 users, 300+ became disabled due to non-compliant passwords (too short, didn’t meet requirements). My end goal was to have all disabled users re-enabled, which meant I had to give them all proper passwords. In the meantime, I decided to create this script to move all disabled users into a separate OU.
The steps for this script are pretty simple:
- 1. Create a list of all the disabled users (done in last post)
- 2. Export list of disabled users, taking all the unique values (samAccountName) into .CSV Format (done in last post)
- 3. Retrieving the list with powershell, and moving all the users in the CSV list into another AD OU container
This does of course require a list of users in CSV format, just SamAccountName since each user has as unique value.
like so:
SamAccountName |
“Codie.Youthead” |
“Bellina.Kobierski” |
“Melitta.Marcum” |
“Marietta.Caverhill” |
Now the code:
import-module ActiveDirectory
#Store CSV into $Movelist variable
$MoveList = Import-Csv -Path "C:\Path_AD_users_to_move.csv"
#Specify target OU to move users in that CSV file
$TargetOU = "OU=Disabled-Users,OU=contoso,DC=contonso,DC=org"
#Import the data from CSV file and assign it to variable
$Imported_csv = Import-Csv -Path "C:\C:\Path_AD_users_to_move.csv"
$Imported_csv | ForEach-Object {
# Retrieve Distinguised Name of Users
$UserDN = (Get-ADUser -Identity $_.SamAccountName).distinguishedName
Write-Host " Moving Accounts ..... "
# Move user to target OU.
Move-ADObject -Identity $UserDN -TargetPath $TargetOU #-Whatif
}
Write-Host " Completed move "
$total = ($MoveList).count
$total
Write-Host "Accounts have been moved successfully..."
Showing the Results
Typically, Get-ADUser relies on the -DistinguishedName Property. Which really is quite long, and not entirely human readable. Sample code which works, but not in a very pretty manner:
Get-ADUser -Filter * -Properties * | select samaccountname,DistinguishedName|sort-object -descending DistinguishedName
Not really the best use of screen real estate
The distinguishename property by itself is a string, separated by a comma “,”. Which means, we can actually split the contents by still using one line of code within powershell. Like so:
Get-ADUser -filter * -Properties samaccountname,distinguishedname | select samaccountname, @{l='OU';e={$_.DistinguishedName.split(',')[1].split('=')[1]}}
Results show like so:
I can’t seem to get the sort-object code to sort by distinguishedname. If someone out there knows how, I’d be happy to include it in here.
[ivory-search 404 "The search form 3350 does not exist"]