I am trying to automate our ActiveSync approval process at work. I’ve created a script that queries all devices with the status “DeviceAccessState = False” and pulls the Device ID, UserDisplayName, DeviceType, and Identity into a CSV file. That part works fine.
The trouble I encounter is when I run my other script that is supposed to pull the SamAccountName for each user by referencing the UserDisplayName that I get from the Get-MobileDevice cmdlet, which is what I use to generate the CSV. Here is my script"
cls
Import-Module ActiveDirectory
$Users = Import-Csv -path "C:\QuarantineUser.csv"
foreach ($User in $Users)
{
Write-Output $User.UserDisplayName #This is to verify that it is pulling the UserDisplayName data from the 'Quarantine' file#
$Name = Get-ADUser -filter {DisplayName -eq "$User.UserDisplayName*"} -properties * | Select SamAccountName
Write-Output "$Name.samaccountname"
}
This is the output of the script: user names altered to protect the innocent
Ellen Ripley
.samaccountname
Dennis Menace
.samaccountname
…and so on.
I want to pull the SamAccountName by using the UserDisplayName so that I can query a specific security group to see if the users contained in the Quarantine file are members. If they are members then the next step would be to set the DeviceAccessState for their ActiveSync device to Allowed. The roadblock I am running into is with the $Name variable. Although the UserDisplayName provided by the Get-MobileDevice cmdlet appears to put the UserDisplayName in the same format as the DisplayName found by Get-ADUser, it does not seem to translate to a samaccountname when I attempt to search by the UDN.
Any help would be greatly appreciated!