Filter AD User - Powershell/CSV

Question

Filter AD User - Powershell/CSV

Asked 3 years, 9 months ago

Viewed 109 times

0

Dear colleagues,

I need to read a CSV file and filter the users within the AD with the information contained in the CSV. I need to compare the CSV field with the Userprincipalname inside the AD.

My script is like this:

Import-Module ActiveDirectory    
$Users = "C:\Script\leiaute.csv"    
Import-CSV $Users -Header UserPrincipalName | Foreach-Object {        
Get-ADUser -Filter "UserPrincipalName -like '$_'" -SearchBase 'OU=BHZ,OU=MG,DC=elv,DC=intranet' | % {Set-ADUser -Identity $_.’UserPrincipalName’ -Enabled $false}

Does not return me any error message, but does not perform the desired task.

1 answer

Browser other questions tagged windows csv powershell active-directory ad

You are not signed in. Login or sign up in order to post.

by João Mac-Cormick • 81 points · Answer 1 · 2020-11-21T21:25:08+00:00

I rewrote excerpt from the code

$Base = 'OU=BHZ,OU=MG,DC=elv,DC=intranet'
Import-CSV $Users -Header 'UserPrincipalName' |
    Foreach-Object -Process {
linha 1 Get-ADUser -Filter "UserPrincipalName -like '$PSItem'" -SearchBase $Base |
linha 2     Foreach-Object -Process {
linha 3         Set-ADUser -Identity $PSItem.'UserPrincipalName' -Enabled $false
linha 4     }
    }

You have not placed an example line from your CSV. So, make sure that the command Get-ADUser returns something. Remove lines 2, 3 and 4, and remove the redirect character | at the end of line 1. Run and check that a collection is returned.
To command Set-ADUser, the parameter Identity can be:

Distinguished Name ==> CN=Jimsmith,OU=Europe,CN=users,DC=Corp,DC=SS64,DC=com
GUID (objectGUID) ==> 599c3d2e-f72d-4d20-8a88-030d99495f20
Security Identifier (objectSid) ==> S-1-5-21-3165297888-301567370-576410423-1103
Security Accounts Manager (SAM) Account Name (sAMAccountName) ==> Annualreports

Source: SS64 Reference Guide

The field LDAP UserPrincipalName, alias UPN, is based on the RFC822 standard of the Internet. Usually an electronic address, commonly email. Your CSV file must be correct. There’s probably the misconception, when associating UserPrincipalName with Identity. When there is a powershell command with the suffix Get it usually returns a collection of items to which it can be redirected to the command Set, without the need to clarify the field Identity.
Then remove lines 2 and 4, and replace line 3 with Set-ADUser -Enabled $false.