Hi all,

I am new to Powershell, and have been given the task to do the following.

I am trying to get a PowerShell script v4 to got through certain OU Groups in AD and if a user is 60 days inactive then disable it and move to a disabled OU, if inactive 90 day or more then delete the from the disabled OU.

 

I have this so far, with the Transcript, I have it in there to log, but I can not get it to format correctly.

Also need to move the users profile folder to a drive, where we will keep it for a period of time before deleting.

$Logfile = "D:\test\AUTODELETEUSERS.txt"

Start-Transcript -Path $Logfile 

Write-Verbose "START OF LOG FILE" -Verbose

Write-Verbose "Compare Date : Getting date" -Verbose

$COMPAREDATE=GET-DATE

Write-Verbose "Settings Number of days to 60" -Verbose

$NumberDays=(get-date).adddays(-60)

$DeleteDate=$NumberDays+30

# 

#$OverRide='***OVERRIDE***' 

# 

$OnLeave='On Leave Until'

# 

$OU='OU=Test,DC=corporate,DC=nzpost,DC=co,DC=nz'

$then = (Get-Date).AddDays(-60)

$LISTOFACCOUNTS=Get-ADUser -Property Name,lastLogonDate -Filter {lastLogonDate -lt $then} -SearchBase $OU | FT Name,lastLogonDate

# 

$LISTOFACCOUNTS | DISABLE-ADACCOUNT -whatif 

# 

$LISTOFPOTENTIALDELETES=$LISTOFACCOUNTS | where { $_.LastLogon.AddDays($DeleteDate) -gt $CURRENTDATE } 

# 

FOREACH ($USER in $LISTOFPOTENTIALDELETES) 

{ 

    IF (($USER.Notes -notlike '*'+$OVERRIDE+'*') -and ($USER.Description -notlike '*'+$OnLeave+'*')) 

    { 

        REMOVE-ADOBJECT $USER.Name -whatif 

        WRITE-HOST $USER.Name 'Deleted' 

    } 

    ELSEIF ($USER.Notes -like '*'+$OVERRIDE+'*') 

        { 

            WRITE-HOST $USER.Name 'Not removed due to Administrative Override' 

        } 

        ELSE 

        { 

            WRITE-HOST $USER.Name 'Not removed - Presently on Leave' 

        } 

} 

Stop-Transcript


$Name = "testuser"

$User = Get-ADUser -LDAPFilter "(sAMAccountName=$Name)"

If ($User -eq $Null) {"User does not exist in AD"}

Else {"User Found in AD"}

Get-ADUser -Filter * -SearchBase $OU -Properties Enabled, CanonicalName, Displayname,Givenname, Surname, Department  | select Enabled, 

CanonicalName, Displayname, GivenName, Surname, Department | Export-CSV "E:\Damo\UserDescription.csv"
 
Answer Summary:
Cancel
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

1

G'day mate!  You probably already figured it out by now but thought I'd post in case it helps someone else.  

For logging I like to use the old ">>" to a text file because it's fast and easy.  Can't help you much with backing up user profiles because I don't know where you're storing them in your environment.

#Declare variable constants[string]$Log = "D:\test\AUTODELETEUSERS.txt"[int]$DaysToDisable = -60[int]$DaysToDelete = -90[string]$SearchBaseOU = 'OU=Test,DC=corporate,DC=nzpost,DC=co,DC=nz'[string]$DisabledOU = 'OU=Disabled,OU=Test,DC=corporate,DC=nzpost,DC=co,DC=nz'[string]$OverrideKey = '***OVERRIDE***'[string]$OnLeaveKey = 'On Leave'[int]$CountDisabled = 0[int]$CountDeleted = 0"[SCRIPT START] Script started on $(Get-Date)" >> $Log#DELETE stale accountsGet-ADUser -SearchBase $SearchBaseOU -SearchScope Subtree -Filter * -Properties * |     where { (([DateTime]::FromFileTime($_.LastLogon)) -lt (Get-Date).AddDays($DaysToDelete)) -and             ($_.Notes -notmatch $OverrideKey) -and             ($_.Description -notmatch $OnLeaveKey) } | ForEach-Object {        $_ | Remove-ADUser -WhatIf        "  [DELETED] $($UserAccount.Name)" >> $Log        $CountDisabled++    }#DISABLE stale accountsGet-ADUser -SearchBase $SearchBaseOU -SearchScope Subtree -Filter * -Properties * |     where { (([DateTime]::FromFileTime($_.LastLogon)) -lt (Get-Date).AddDays($DaysToDisable)) -and             ($_.Notes -notmatch $OverrideKey) -and             ($_.Description -notmatch $OnLeaveKey) } | ForEach-Object {        $_ | Move-ADObject -TargetPath $DisabledOU -WhatIf        $_ | Disable-ADAccount        "  [DISABLED] $($_.Name) for being $(((Get-Date)-([DateTime]::FromFileTime($_.LastLogon))) | select -ExpandProperty Days) days stale" >> $Log        $CountDeleted++    }"[SCRIPT END] $($CountDisabled) accounts disabled and $($CountDeleted) accounts deleted." >> $Log
Answered 09/23/2014 by: JackNeff
White Belt

Please log in to comment
Answer this question or Comment on this question for clarity
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja

Share