Powershell GET-ADuser with searchbase against multipe AD OU's

Question

I'm trying to build a script to run that searches for AD user accounts that are configured for Password_not_required (544) and change them to password_req (512).

I cant quite figure out the section on the SearchBase as I want to limit the search to 2 OU's only, I have put these in a variable $OU and referenced it but the script fails. Any help would be appreciated.

# log file
    if ($logfile -eq $null)
    {
      $logfile = "C:\test\ADUsersChangedPWNOTREQD.txt"
      New-Item $logfile -ItemType File
    }

#OU Information
    $ous = 'OU=Standard users,DC=x1,DC=contoso,DC=com','OU=Standard users,DC=x2,DC=contoso,DC=com'

# set flag PasswordNotRequired to false
    $UsersNoPwdRequired = Get-ADUser -Properties Name,distinguishedname,useraccountcontrol,objectClass -SearchBase $ous -LDAPFilter "(&(userAccountControl:1.2.840.113556.1.4.803:=32)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2)(userAccountControl:1.2.840.113556.1.4.803:=65536)(IsCriticalSystemObject=TRUE))))"

    foreach($user in $UsersNoPwdRequired )
    {
      Set-ADAccountControl $user -PasswordNotRequired $false
      Add-Content $logfile "$User"
    }

Answer 1

Thanks Guys, does the job, I will look to make it efficient by moving the Get-aduser out of the For-each loop when I get abit more time.

Answer 2

Just do:

$ous = 'OU=Standard users,DC=x1,DC=contoso,DC=com','OU=Standard users,DC=x2,DC=contoso,DC=com'

$ous | ForEach-Object {
    $UsersNoPwdRequired = Get-ADUser -Properties Name,distinguishedname,useraccountcontrol,objectClass -SearchBase $_ -LDAPFilter "(&(userAccountControl:1.2.840.113556.1.4.803:=32)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2)(userAccountControl:1.2.840.113556.1.4.803:=65536)(IsCriticalSystemObject=TRUE))))"

    foreach($user in $UsersNoPwdRequired )
    {
        Set-ADAccountControl $user -PasswordNotRequired $false
        Add-Content $logfile "$User"
    }
}