by thedietz at 2012-10-02 07:22:05
Let me start by saying thanks and that I am very very new to scripting/powershell/all of the above. I have been tasked with cleaning up our AD environment a little bit. My tasks are to 1. Find AD user accounts that have been inactive for 6 months or longer and pipe that info to a file. 2. Set those accounts to "disabled". 3. Move those "disabled: accounts to a "disabled accounts" OU in AD. I have came up with 3 seperate cmdlets to do each one as follows.by jonhtyler at 2012-10-02 07:34:00
1. search-adaccount -usersonly -accountinactive -timespan "180" -searchbase "ou=users,dc=test,dc=org" | export-csv e:\test\test.txt
2. search-adaccount -usersonly -accountinactive -timespan "180" -searchbase "ou=users,dc=test,dc=org" | disable-adaccount
3. Search-ADAccount –AccountDisabled –UsersOnly –SearchBase “OU=users,dc=test,dc=org†| Move-ADObject –TargetPath “OU=Disabled Users,dc=test,dc=orgâ€
Running each of these one at a time gives the correct results. I am confused with Piping though. I though I could run all 3 with one command such as this…
search-adaccount -usersonly -accountinactive -timespan "180" -searchbase "ou=users,dc=test,dc=org" | export-csv e:\test\test.csv | disable-adaccount | Move-ADObject –TargetPath “OU=Disabled Users,dc=test,dc=orgâ€
this only performs the first pipe though and exports the data to CSV file. It does not disable or move accounts. I am wrong thinking I can run my first cmdlet and then pipe those results to do these 3 specfic tasks?
Thanks for the help, and i hope i explained what i am attemping well enough.
The reason that you are having this problem is that the Export-CSV does not pass the objects through to the next statement. I think if you re-arrange your statement, it might work better for you. Try this:by thedietz at 2012-10-02 08:44:55search-adaccount -usersonly -accountinactive -timespan "180" -searchbase "ou=users,dc=test,dc=org" | disable-adaccount -passthru | Move-ADObject –TargetPath “OU=Disabled Users,dc=test,dc=org†-passthru | export-csv e]
Notice the use of the -Passthru parameter on the two AD cmdlets.
nice…worked perfectly. Should I always use the -passthru parameter if i want to send the results to the next cmdlet?by jonhtyler at 2012-10-02 08:52:17
Usually, yes, but there is not always a -Passthru parameter available. You can find out what options there are for a cmdlet by using the Get-Help cmdlet with the -detailed or -full parameters. So, for instance, if you want to see what is available for Export-CSV, you would type:by Steve at 2012-10-02 11:11:25Get-Help Export-CSV -detailed
and it will tell you how the cmdlet works and how to use the different parameters to get what you want out of it. You can even use Get-Help on the Get-Help cmdlet as there are some other helpful parameters you can use there as well. There is a lot you can learn just by interrogating the cmdlets with the online help system.
Something else you can use is Tee-Object. That allows the object(s) to move in two paths.by RichardSiddaway at 2012-10-06 01:58:48search-adaccount -usersonly -accountinactive -timespan "180" -searchbase "ou=users,dc=test,dc=org" | Tee-Object export-csv e:\test\test.txt | disable-adaccount
Tee-Object splits the pipeline but one path has to go to a file or variable. Unfortunately it isn’t a complete split of the pipeline to make two new pipelinesby thedietz at 2012-10-08 06:49:24
one more question on this project. the way our AD is set up under our domain we have OU’s representing different departments in the organization. Under each department OU is a USERS OU for that department. Is there a way I can use the "-searchbase "ou=users,ou=billing,dc=test,dc=org" " to point to several locations. For example to have it searchbase ou=users,ou=billing,dc=test,dc=org AND ALSO ou=users,ou=accounting,dc=test,dc=org …and do this all in one command? Or will It need to be a seperate command for each department such as…
search-adaccount -usersonly -accountinactive -timespan "180" -searchbase "ou=users,ou=billing,dc=test,dc=org" | disable-adaccount -passthru | Move-ADObject –TargetPath “OU=Disabled Users,dc=test,dc=org†-passthru | export-csv e:\test\test.csv
and also run
search-adaccount -usersonly -accountinactive -timespan "180" -searchbase "ou=users,ou=accounting,dc=test,dc=org" | disable-adaccount -passthru | Move-ADObject –TargetPath “OU=Disabled Users,dc=test,dc=org†-passthru | export-csv e:\test\test.csv
there are about 7 different departments so that is why it would be easiest to get this all into one command rather than running it 7 times and exporting 7 CSV’s.
If i have to run a seperate command for each department then so be it…but I would rather run one command to target all the different departments with users in them if possible. Thanks guys.