Reputation: 117
Filter enabled AD users from CSV file
I have a script to import a list of users and want to check if any of these users are disabled. I did try to run the script below but it doesn't filter the users in the CSV file it filters everyone in the entire organization. any suggestions would be appreciated. displayname and SIP address in one of the headers in the CSV file if needed to use the header.
Import-CSV -Path .\Piscataway-+1732.csv | ForEach-Object {
Get-ADUser -Filter "Enabled -eq '$true'" | select Enabled,EmailAddress,SamAccountName
} | Export-CSV .\results77.csv -NoTypeInformation
Upvotes: 1
Views: 2344
Answers (1)
Reputation: 7057
You have several issues:
- You are piping From
Import-CsvtoForEach-Object. SoGet-ADUserdoesn't really know you are piping it input objects. Get-ADUser's-Identityparameter is by value, not by property name. so you need to echo the appropriate column to send it down the pipe.- If you pipe and use the
-Filterparameter the filter is going to apply to the whole domain. It's not going to limit the filter to what you piped in. - If you want the email address to be output you have to tell
Get-ADUserto retrieve it.
Try something like this:
Import-CSV -Path .\Piscataway-+1732.csv |
ForEach-Object{ $_.samAccountName }
Get-ADUser -Properties mail |
Where-Object{ $_.Enabled }
Select-Object Enabled,mail,SamAccountName |
Export-CSV .\results77.csv -NoTypeInformation
Note: The Property for the email address is "mail".
Note: Since we don't have a sample of the CSV file the above example assumes there's a column names samAccountName.
Now, if you want the output to come from the CSV file but validate it according to the user's status in AD we have to change the approach. As always there are several ways to do this.
Example 1:
Import-CSV -Path "c:\temp\test.csv" |
Select-Object @{Label = 'Enabled'; Expression = { ( Get-ADUser $_.samAccountName ).Enabled } },EmailAddress,samAccountName |
Export-CSV -Path "c:\temp\Output.csv" -NoTypeInformation
This again assumes the column name (samAccountName). It also assumes there is not already an "enabled" column. So we are adding a property called enabled that we're getting via Get-ADUser. Then finally re-exporting to Csv.
Example 2:
$CsvData = Import-CSV -Path "c:\temp\test.csv"
$EnabledUsers =
(
$CsvData |
ForEach-Object{ $_.samAccountName } |
Get-ADUser |
Where-Object{ $_.Enabled }
).samAccountName
$CsvData |
Where-Object{ $EnabledUsers -contains $_.samAccountName } |
Select-Object @{Label = 'Enabled'; Expression = { $true } },EmailAddress,samAccountName |
Export-Csv -Path "c:\temp\Output.csv" -NoTypeInformation
Example 1 is great for small jobs but too many individual calls to Get-ADUser might be slow for larger runs. In this example Import the CSV data once. Then use it to get a flat list of those entries that are enabled in AD. Once you have that you can use the -contains operator to check if the account is enabled. Once again there's a little extra work to add the "Enabled" property.
This should give you a general idea. There are probably a dozen more ways to do this, but hopefully this give you a good idea of what has to happen. Let me know if this helps.
Upvotes: 1
Related Questions
- exporting AD users displayName for selected groups only - powershell
- Powershell querying users in Active Directory
- Powershell Search AD via CSV and report on disabled / enable / non-existant users
- PowerShell - Filter Get-ADUser to get disabled accounts only
- Csv Export Script for Active Directory Users
- Powershell export AD users to csv
- Filtering Get-aduser on csv contents
- import-csv, get-aduser, then export-csv to filter out non-existing AD users
- Wrapping all ADUsers in a CSV File
- How can I compare CSV to AD users and disable users not in CSV?