When we disable users in our AD, they are moved to an Archive OU. When you view their managers AD properties, the disabled users still appear and there is no indication that the users is disabled.
Is there a way to have Powershell go and find these situations? Either find a manager who that has users that are disabled, or to find a disabled user whose manager is enabled?
If some functions exists, I’m hoping to run this every month to keep the AD a little cleaner.
Not sure if the below script help your requirement.
$b=get-aduser -filter {(Enabled -eq $False)} -Properties * |select Name,@{n=“Manager”;e={(get-aduser $_.manager).name}}
$c=$b.manager
foreach($d in $c){
get-aduser -Identity $d -Properties Enabled|where {$_.Enabled -eq $true}|select Name,Enabled
}
If this helps dive into other scripts in my website.
What is generating the report? Is there an LDAP filter? The simplest solution would be to filter out the Archive OU from the reporting. Next, why not remove the managers from all disabled accounts and going forward remove the manager when disabling?
I will try the script and see if that will work. If it doesn’t net what we want, we will just manually remove the managers from all disabled users and going forward remove the manager as part of the termination process.
If the script does work I will report back.