Stuck on Ad Expire report on multi domains

ruben-miclotte · May 25, 2016, 4:59am

Hi All,

I’m busy writing a multi domain (W2003-W2012) script to perform following things:

Add expiry date for Admin users belonging to 1 Ad, if none is set (and have them be reported into a file)
Extend the expiry date for the same users if the date is expired or about to expire, only when belonging to certain groups (and have them be reported into a file)
report from the same admin set in 2 those not belonging to that group, needing to be handled manually
4.report 3 other kind of users(normal users in 1 AD) and 2 other kind of users in several AD’s and have the expiry date be removed if one is set

5.Create a global report of all those users having 2 extra criteria added in the report : days left to expire & kind of account

I’m having difficulties in the last steps…

For
-when usining the multi dimensional array , I see that the script adds 1 extra line per count ( so 1 line for user 1 , 30 lines for user 30
-It adds “-736108” in files for when I calculate the days left to expire and this is set to “never expire”

please help, because I cannot sort this out


if ( (Get-PSSnapin -Name quest.activeroles.admanagement -ErrorAction SilentlyContinue) -eq $null ) { Add-PsSnapin quest.activeroles.admanagement }
############################

Declaration of Constants
############################
$pw = read-host “Enter password” -AsSecureString

$Domains = gc “E:\Input\test.txt”
###########

Logging
###########

Log Dir time stamp:
$LogTime = Get-Date -Format “yyyy-MM-dd”

$LogDir = “E:\Output"+$LogTime+”_ExpireScript"
#Remove LogDir if allready existant

if (Test-Path $LogDir)

{

Remove-Item $LogDir -recurse -Force -confirm:$false

}

#Create New Logdir

New-Item -ItemType Directory -Force -Path $LogDir
#Creation of CUSTOM object to parse to Csv
$objectCollection=@()
$object = New-Object PSObject

Add-Member -InputObject $object -MemberType NoteProperty -Name Domain -Value “”

Add-Member -InputObject $object -MemberType NoteProperty -Name LogonName -Value “”

Add-Member -InputObject $object -MemberType NoteProperty -Name Displayname -Value “”

Add-Member -InputObject $object -MemberType NoteProperty -Name Description -Value “”

Add-Member -InputObject $object -MemberType NoteProperty -Name Email -Value “”

Add-Member -InputObject $object -MemberType NoteProperty -Name DistinguishedName -Value “”

Add-Member -InputObject $object -MemberType NoteProperty -Name AccountExpires -Value “”

Add-Member -InputObject $object -MemberType NoteProperty -Name AccountType -Value “”

Add-Member -InputObject $object -MemberType NoteProperty -Name DaysLeft -Value “”
#################

FunctionBlock
#################
Function AddExpDate
{

$InOneYear = (Get-Date).AddDays(365)

$User.DN holds the DN user
Set-QADUser -identity $User -AccountExpires $InOneYear

}
Function RemExpDate
{#Remove Expiration date (PA TA FA)

Set-QADUser -identity $User -accountexpires $null

}
###############

ScriptBlock
###############
foreach ($domain in $Domains)

{
Try

{
Connect-QADService $domain -ConnectionAccount $domain\HJG008-a -ConnectionPassword $pw
Get-QADUser -LdapFilter '(Samaccountname=*-A)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\PAA_Acc.csv -encoding unicode -notypeinformation -Append
Get-QADUser -LdapFilter '(description=admin*)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\PAA_Acc.csv -encoding unicode -notypeinformation -Append
Get-qaduser -LdapFilter '(description=technical*)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\Tech-Func_Acc.csv -encoding unicode -notypeinformation -Append
Get-qaduser -LdapFilter '(description=functional*)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\Tech-Func_Acc.csv -encoding unicode -notypeinformation -Append


$a=Import-csv $LogDir\PAA_Acc.csv|Sort name -Unique
$a|export-csv $LogDir\Unique_PAA_Acc.csv -encoding unicode -notypeinformation #-Append
$a|export-csv $LogDir\Unique_PAA_Full_Acc.csv -encoding unicode -notypeinformation -Append
$Users=$a
$b=Import-csv $LogDir\Tech-Func_Acc.csv
$b|export-csv $LogDir\All_Tech-Func_Acc.csv -encoding unicode -notypeinformation -Append
$Users2=$b

foreach ($user in $users)

{

$name =$user.name

$usr=Get-QADUser $name -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires
$object.Domain = $Usr.domain

$object.LogonName = $Usr.name

$object.Displayname = $Usr.displayname

$object.Description = $Usr.Description

$object.DistinguishedName = $Usr.Dn

$object.AccountExpires = $Usr.accountExpires

$object.Email = $Usr.email

$objectCollection += $object

$name =$user.name

Get Today for something to compare against
$Today=get-date

Find out when account is supposed to expire
$ExpireDate=$usr.accountExpires -as [datetime]

How many days left before account expires
$AccountAgeLeft=$ExpireDate-$Today

Get the value in days
$DaysLeft=$AccountAgeLeft.days

Write-host “$name has $daysleft days left”-fore DarkRed
If ($usr.accountExpires -eq $null)

{ if ($domain -eq ‘MAIN.DOMAIN.net’)

{

Write-host “Please Set Expire date for PAA Account $name” -fore Cyan

#$DN = $usr.DN

#AddExpDate $DN

$object.AccountType = “Personal Admin Account”

$object.Daysleft = $DaysLeft

$objectCollection += $object

$objectCollection|export-csv $LogDir\MAINDOMAIN_PAA_Acc_Auto_set_exp.csv -encoding unicode -notypeinformation -Append

}

else

{

Write-host “Logging PAA Account $name” -fore Cyan

$object.AccountType = “Personal Admin Account”

$object.Daysleft = $DaysLeft

$objectCollection += $object

$objectCollection|export-csv $LogDir\PAA_Acc_No_exp.csv -encoding unicode -notypeinformation -Append

}

}
If  ($DaysLeft -le 1) #-and ($DaysLeft -ge 0) )

{

Write-host “Account $name has expired >> EXTEND” -fore Red

if ($domain -eq ‘MAIN.DOMAIN.net’)

{

$UserGroups= Get-QADMemberOf -identity $name | Foreach-Object {$_.Name}

if($UserGroups -like ‘G100.’ -OR $UserGroups -like 'G205.’ -OR $UserGroups -like ‘G207.’ -OR $UserGroups -like 'G208.’ )

{

Write-host “$name is member of one of the groups groups,with expiredate $exp” -fore Green

#$DN = $usr.DN

#AddExpDate $DN

$object.AccountType = “Personal Admin Account”

$object.Daysleft = $DaysLeft

$objectCollection += $object

$objectCollection|export-csv $LogDir\MAINDOMAIN_PAA_Acc_Auto_set_exp.csv -encoding unicode -notypeinformation -Append

#$usr2=import-csv $LogDir\MAINDOMAIN_PAA_Acct_Auto_set_exp.csv

#$usr2| Add-Member -MemberType NoteProperty “days left” -Value $daysleft

#$usr2| Add-Member -MemberType NoteProperty “Account Type” -Value “Personal ADMIN account”

#$usr2|export-csv $LogDir\MAINDOMAIN_PAA_Acct_Auto_set_exp2.csv -encoding unicode -notypeinformation -Append
            }
            else 
            {
            Write-host "$name user has to be reported" -fore Yellow
            $object.AccountType = "Personal Admin Account"
    $object.Daysleft = $DaysLeft
    $objectCollection += $object
    $objectCollection|export-csv $LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv -encoding unicode -notypeinformation -Append
            #$usr2=import-csv $LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv
    #$usr2| Add-Member -MemberType NoteProperty "days left" -Value $daysleft
    #$usr2| Add-Member -MemberType NoteProperty "Account Type" -Value "Personal ADMIN account"
    #$usr2|export-csv $LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv -encoding unicode -notypeinformation -Append
   
            }
    }
  }
}  

#Looping trough Technical & Functional accounts
foreach ($user2 in $users2)

{$name2 =$user2.name

$usr2=Get-QADUser $name2 -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires

$object.Domain = $Usr2.domain

$object.LogonName = $Usr2.name

$object.Displayname = $Usr2.displayname

$object.Description = $Usr2.Description

$object.DistinguishedName = $Usr2.Dn

$object.AccountExpires = $Usr2.accountExpires

$object.Email = $Usr2.email

if ($usr.Description -like “technical*”)

{$object.AccountType = “Technical Account”}

if ($usr.Description -like “functional*”)

{$object.AccountType = “Functional Account”}

Get Today for something to compare against
$Today=get-date

Find out when account is supposed to expire
$ExpireDate=$usr2.accountExpires -as [datetime]

How many days left before account expires
$AccountAgeLeft=$ExpireDate-$Today

Get the value in days
$DaysLeft=$AccountAgeLeft.days
If ($usr2.accountExpires -ne $null)

{

Write-host “Please REMOVE Expire date for Account $name2” -fore Cyan

#$DN2 = $usr2.DN

#RemExpDate $DN2

$object.Daysleft = $DaysLeft

$objectCollection += $object

$objectCollection|export-csv $LogDir\Tech-Func_Acc_Auto_REMOVE_exp.csv -encoding unicode -notypeinformation -Append

}

}

#Rename inputfiles

Rename-Item $LogDir\PAA_Acc.csv PAA_Acc_$domain.csv

Rename-Item $LogDir\Unique_PAA_Acc.csv Unique_PAA_Acc_$domain.csv

Rename-Item $LogDir\Tech-Func_Acc.csv Tech-Func_Acc_$domain.csv

}

Catch

{

$ErrorMessage = $.Exception.Message

$FailedItem = $.Exception.ItemName

“We failed to connect to $domain. The error message was $ErrorMessage”| out-file  $LogDir\ErrorLog33.log -append

}
}

Connect-QADService MAIN.DOMAIN.net -ConnectionAccount MAIN.DOMAIN.net\HJG008-a -ConnectionPassword $pw

Get-QADUser * -searchroot “MAIN.DOMAIN.net/MAINDOMAIN Customers/Users/Personal” -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\MAINDOMAINPA_Acc.csv -encoding unicode -notypeinformation -Append

Get-QADUser * -searchroot “MAIN.DOMAIN.net/IAM/Accounts” -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\MAINDOMAINPA_Acc.csv -encoding unicode -notypeinformation -Append

$x=Import-csv $LogDir\MAINDOMAINPA_Acc.csv|Sort name -Unique

$x|export-csv $LogDir\Unique_MAINDOMAINPA_Acc.csv -encoding unicode -notypeinformation #-Append

$Users3=$x

foreach ($user3 in $users3)

{$name3 =$user3.name

$usr3=Get-QADUser $name3 -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires

$object.Domain = $Usr3.domain

$object.LogonName = $Usr3.name

$object.Displayname = $Usr3.displayname

$object.Description = $Usr3.Description

$object.DistinguishedName = $Usr3.Dn

$object.AccountExpires = $Usr3.accountExpires

$object.Email = $Usr3.email

Get Today for something to compare against
$Today=get-date

Find out when account is supposed to expire
$ExpireDate=$usr3.accountExpires -as [datetime]

How many days left before account expires
$AccountAgeLeft=$ExpireDate-$Today

Get the value in days
$DaysLeft=$AccountAgeLeft.days
If ($usr3.accountExpires -ne $null)

{

Write-host “Please REMOVE Expire date for Account $name3” -fore Cyan

#$DN3 = $usr3.DN

#RemExpDate $DN3

$object.AccountType = “Personal Account”

$object.Daysleft = $DaysLeft

$objectCollection += $object

$objectCollection|export-csv $LogDir\MAINDOMAINPA_Acc_Auto_REMOVE_exp.csv -encoding unicode -notypeinformation -Append

}

}
##############

Repporting
##############
$csv1=Import-csv “$LogDir\MAINDOMAINPA_Acc_Auto_REMOVE_exp.csv”

$csv1| Add-Member -MemberType NoteProperty “Action” -Value “REMOVED Expire date”

$csv1|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append

$table += $csv1
$csv2=Import-csv “$LogDir\Tech-Func_Acc_Auto_REMOVE_exp.csv”

$csv2| Add-Member -MemberType NoteProperty “Action” -Value “REMOVED Expire date”

$csv2|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append

$table += $csv2
$csv3=Import-csv “$LogDir\MAINDOMAIN_PAA_Acc_Auto_set_exp.csv”

$csv3| Add-Member -MemberType NoteProperty “Action” -Value “Expiry Date EXTENDED”

$csv3|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append

$table += $csv3
$csv4=Import-csv “$LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv”

$csv4| Add-Member -MemberType NoteProperty “Action” -Value “Non Auto extended users : CHECK!”

$csv4|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append

$table += $csv4
$Header = @"
TABLE {border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}

TH {border-width: 1px;padding: 3px;border-style: solid;border-color: black;background-color: #6495ED;}

TD {border-width: 1px;padding: 3px;border-style: solid;border-color: black;}
Expiry Date Report
"@

$Pre = “This is a BETA Version of the report BE AWARE NO ACTION HAS BEEN DONE YET”

$Post ="This is an automaticly generated repport created by "
$table | ConvertTo-HTML -Head $Header -body “Expiry Date Report created on $LogTime” -PreContent $Pre -PostContent $Post| Out-File c:\temp\report3.html

rdtechie · May 25, 2016, 9:01am

Sorry to say, but it’s incredibly hard to read this script. Please follow the forum guideline on how to format code: https://powershell.org/forums/topic/how-to-format-code-in-the-forums/

Furthermore, can you specify exactly from which part of the script you expect a particular output, but is generated differently?

ruben-miclotte · May 25, 2016, 1:21pm

if ( (Get-PSSnapin -Name quest.activeroles.admanagement -ErrorAction SilentlyContinue) -eq $null ) { Add-PsSnapin quest.activeroles.admanagement }

############################
# Declaration of Constants #
############################

$pw = read-host "Enter password" -AsSecureString
$Domains = gc "E:\Input\test.txt"

###########
# Logging #
###########

# Log Dir time stamp:
$LogTime = Get-Date -Format "yyyy-MM-dd"
$LogDir = "E:\Output\"+$LogTime+"_ExpireScript"

#Remove LogDir if allready existant
if (Test-Path $LogDir)
{
Remove-Item $LogDir -recurse -Force -confirm:$false
}
#Create New Logdir
New-Item -ItemType Directory -Force -Path $LogDir

#Creation of CUSTOM object to parse to Csv

$objectCollection=@()

$object = New-Object PSObject
Add-Member -InputObject $object -MemberType NoteProperty -Name Domain -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name LogonName -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name Displayname -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name Description -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name Email -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name DistinguishedName -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name AccountExpires -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name AccountType -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name DaysLeft -Value ""

#################
# FunctionBlock #
#################

Function AddExpDate

{
$InOneYear = (Get-Date).AddDays(365)
# $User.DN holds the DN user
Set-QADUser -identity $User -AccountExpires $InOneYear
}

Function RemExpDate

{#Remove Expiration date (PA TA FA)
Set-QADUser -identity $User -accountexpires $null
}

###############
# ScriptBlock #
###############

foreach ($domain in $Domains)
{

Try
{

Connect-QADService $domain -ConnectionAccount $domain\HJG008-a -ConnectionPassword $pw

Get-QADUser -LdapFilter '(Samaccountname=*-A)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\PAA_Acc.csv -encoding unicode -notypeinformation -Append
Get-QADUser -LdapFilter '(description=admin*)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\PAA_Acc.csv -encoding unicode -notypeinformation -Append
Get-qaduser -LdapFilter '(description=technical*)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\Tech-Func_Acc.csv -encoding unicode -notypeinformation -Append
Get-qaduser -LdapFilter '(description=functional*)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\Tech-Func_Acc.csv -encoding unicode -notypeinformation -Append

$a=Import-csv $LogDir\PAA_Acc.csv|Sort name -Unique
$a|export-csv $LogDir\Unique_PAA_Acc.csv -encoding unicode -notypeinformation #-Append
$a|export-csv $LogDir\Unique_PAA_Full_Acc.csv -encoding unicode -notypeinformation -Append
$Users=$a
$b=Import-csv $LogDir\Tech-Func_Acc.csv
$b|export-csv $LogDir\All_Tech-Func_Acc.csv -encoding unicode -notypeinformation -Append
$Users2=$b

foreach ($user in $users)
{
$name =$user.name
$usr=Get-QADUser $name -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires

$object.Domain = $Usr.domain
$object.LogonName = $Usr.name
$object.Displayname = $Usr.displayname
$object.Description = $Usr.Description
$object.DistinguishedName = $Usr.Dn
$object.AccountExpires = $Usr.accountExpires
$object.Email = $Usr.email
$objectCollection += $object
$name =$user.name
# Get Today for something to compare against
$Today=get-date
# Find out when account is supposed to expire
$ExpireDate=$usr.accountExpires -as [datetime]
# How many days left before account expires
$AccountAgeLeft=$ExpireDate-$Today
# Get the value in days
$DaysLeft=$AccountAgeLeft.days
Write-host "$name has $daysleft days left"-fore DarkRed

If ($usr.accountExpires -eq $null)
{ if ($domain -eq 'MAIN.DOMAIN.net')
{
Write-host "Please Set Expire date for PAA Account $name" -fore Cyan
#$DN = $usr.DN
#AddExpDate $DN
$object.AccountType = "Personal Admin Account"
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\MAINDOMAIN_PAA_Acc_Auto_set_exp.csv -encoding unicode -notypeinformation -Append
}
else
{
Write-host "Logging PAA Account $name" -fore Cyan
$object.AccountType = "Personal Admin Account"
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\PAA_Acc_No_exp.csv -encoding unicode -notypeinformation -Append
}
}

If ($DaysLeft -le 1) #-and ($DaysLeft -ge 0) )
{
Write-host "Account $name has expired >> EXTEND" -fore Red
if ($domain -eq 'MAIN.DOMAIN.net')
{
$UserGroups= Get-QADMemberOf -identity $name | Foreach-Object {$_.Name}
if($UserGroups -like 'G100.*' -OR $UserGroups -like 'G205.*' -OR $UserGroups -like 'G207.*' -OR $UserGroups -like 'G208.*' )
{
Write-host "$name is member of one of the groups groups,with expiredate $exp" -fore Green
#$DN = $usr.DN
#AddExpDate $DN
$object.AccountType = "Personal Admin Account"
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\MAINDOMAIN_PAA_Acc_Auto_set_exp.csv -encoding unicode -notypeinformation -Append
#$usr2=import-csv $LogDir\MAINDOMAIN_PAA_Acct_Auto_set_exp.csv
#$usr2| Add-Member -MemberType NoteProperty "days left" -Value $daysleft
#$usr2| Add-Member -MemberType NoteProperty "Account Type" -Value "Personal ADMIN account"
#$usr2|export-csv $LogDir\MAINDOMAIN_PAA_Acct_Auto_set_exp2.csv -encoding unicode -notypeinformation -Append

}
else
{
Write-host "$name user has to be reported" -fore Yellow
$object.AccountType = "Personal Admin Account"
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv -encoding unicode -notypeinformation -Append
#$usr2=import-csv $LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv
#$usr2| Add-Member -MemberType NoteProperty "days left" -Value $daysleft
#$usr2| Add-Member -MemberType NoteProperty "Account Type" -Value "Personal ADMIN account"
#$usr2|export-csv $LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv -encoding unicode -notypeinformation -Append

}
}
}
}

#Looping trough Technical & Functional accounts

foreach ($user2 in $users2)
{$name2 =$user2.name
$usr2=Get-QADUser $name2 -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires
$object.Domain = $Usr2.domain
$object.LogonName = $Usr2.name
$object.Displayname = $Usr2.displayname
$object.Description = $Usr2.Description
$object.DistinguishedName = $Usr2.Dn
$object.AccountExpires = $Usr2.accountExpires
$object.Email = $Usr2.email
if ($usr.Description -like "technical*")
{$object.AccountType = "Technical Account"}
if ($usr.Description -like "functional*")
{$object.AccountType = "Functional Account"}
# Get Today for something to compare against
$Today=get-date
# Find out when account is supposed to expire
$ExpireDate=$usr2.accountExpires -as [datetime]
# How many days left before account expires
$AccountAgeLeft=$ExpireDate-$Today
# Get the value in days
$DaysLeft=$AccountAgeLeft.days

If ($usr2.accountExpires -ne $null)
{
Write-host "Please REMOVE Expire date for Account $name2" -fore Cyan
#$DN2 = $usr2.DN
#RemExpDate $DN2
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\Tech-Func_Acc_Auto_REMOVE_exp.csv -encoding unicode -notypeinformation -Append
}
}
#Rename inputfiles
Rename-Item $LogDir\PAA_Acc.csv PAA_Acc_$domain.csv
Rename-Item $LogDir\Unique_PAA_Acc.csv Unique_PAA_Acc_$domain.csv
Rename-Item $LogDir\Tech-Func_Acc.csv Tech-Func_Acc_$domain.csv
}
Catch
{
$ErrorMessage = $_.Exception.Message
$FailedItem = $_.Exception.ItemName
"We failed to connect to $domain. The error message was $ErrorMessage"| out-file $LogDir\ErrorLog33.log -append
}

}

Connect-QADService MAIN.DOMAIN.net -ConnectionAccount MAIN.DOMAIN.net\HJG008-a -ConnectionPassword $pw
Get-QADUser * -searchroot "MAIN.DOMAIN.net/MAINDOMAIN Customers/Users/Personal" -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\MAINDOMAINPA_Acc.csv -encoding unicode -notypeinformation -Append
Get-QADUser * -searchroot "MAIN.DOMAIN.net/IAM/Accounts" -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\MAINDOMAINPA_Acc.csv -encoding unicode -notypeinformation -Append
$x=Import-csv $LogDir\MAINDOMAINPA_Acc.csv|Sort name -Unique
$x|export-csv $LogDir\Unique_MAINDOMAINPA_Acc.csv -encoding unicode -notypeinformation #-Append
$Users3=$x
foreach ($user3 in $users3)
{$name3 =$user3.name
$usr3=Get-QADUser $name3 -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires
$object.Domain = $Usr3.domain
$object.LogonName = $Usr3.name
$object.Displayname = $Usr3.displayname
$object.Description = $Usr3.Description
$object.DistinguishedName = $Usr3.Dn
$object.AccountExpires = $Usr3.accountExpires
$object.Email = $Usr3.email

# Get Today for something to compare against
$Today=get-date
# Find out when account is supposed to expire
$ExpireDate=$usr3.accountExpires -as [datetime]
# How many days left before account expires
$AccountAgeLeft=$ExpireDate-$Today
# Get the value in days
$DaysLeft=$AccountAgeLeft.days

If ($usr3.accountExpires -ne $null)
{
Write-host "Please REMOVE Expire date for Account $name3" -fore Cyan
#$DN3 = $usr3.DN
#RemExpDate $DN3
$object.AccountType = "Personal Account"
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\MAINDOMAINPA_Acc_Auto_REMOVE_exp.csv -encoding unicode -notypeinformation -Append
}
}

##############
# Repporting #
##############

$csv1=Import-csv "$LogDir\MAINDOMAINPA_Acc_Auto_REMOVE_exp.csv"
$csv1| Add-Member -MemberType NoteProperty "Action" -Value "REMOVED Expire date"
$csv1|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append
$table += $csv1

$csv2=Import-csv "$LogDir\Tech-Func_Acc_Auto_REMOVE_exp.csv"
$csv2| Add-Member -MemberType NoteProperty "Action" -Value "REMOVED Expire date"
$csv2|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append
$table += $csv2

$csv3=Import-csv "$LogDir\MAINDOMAIN_PAA_Acc_Auto_set_exp.csv"
$csv3| Add-Member -MemberType NoteProperty "Action" -Value "Expiry Date EXTENDED"
$csv3|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append
$table += $csv3

$csv4=Import-csv "$LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv"
$csv4| Add-Member -MemberType NoteProperty "Action" -Value "Non Auto extended users : CHECK!"
$csv4|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append
$table += $csv4

$Header = @"

TABLE {border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}
TH {border-width: 1px;padding: 3px;border-style: solid;border-color: black;background-color: #6495ED;}
TD {border-width: 1px;padding: 3px;border-style: solid;border-color: black;}

Expiry Date Report

"@
$Pre = "This is a BETA Version of the report BE AWARE NO ACTION HAS BEEN DONE YET"
$Post ="This is an automaticly generated repport created by "

$table | ConvertTo-HTML -Head $Header -body "Expiry Date Report created on $LogTime" -PreContent $Pre -PostContent $Post| Out-File c:\temp\report3.html

ruben-miclotte · May 25, 2016, 3:29pm

I want everything to be logged…
Fact is that my superior wants an overvieuw on each of his accounts , actions done, days left to expire, expirey date, email , sort of account , description, domain , etc …

I also performed an overview to a html page, for having a proper view of the output at his side, also loging of each different step, so an operator could use the csv files per step to perform any needed action

ruben-miclotte · May 27, 2016, 12:56am

It does look like each loop I perform in the Foreach, the output gets duplicated more and more
+= on foreach loop is adding duplicate entry’s in my file, causing report files of 2 gB and more… script runtime also not performant.

PLEASE HELP… I’m running out of time and diskspace …

ruben-miclotte · May 30, 2016, 1:51am

I found the error …
In fact it was TOO obvious, silly me

$objectCollection += $object
$objectCollection|export-csv $LogDir\MAINDOMAINPA_Acc_Auto_REMOVE_exp.csv -encoding unicode -notypeinformation -Append

$objectCollection += $object

And

$objectCollection|export-csv $LogDir\MAINDOMAINPA_XXXX.csv -encoding unicode -notypeinformation -Append

Are the 2 reasons why my foreach loops created more and more duplicates per run…
Fact is that $objectCollection += $object & having the -Append set as parameter are creating this occurence.
after havint removed the + in the lines



$objectCollection += $object

my outup did not generate any duplicate/run

Now I just have to sort out the issue on accounts that never expire having a value on -736XX in reporting.

Topic		Replies	Views
Complete Newbie - Looking for Help Creating a Script to Provide List of AD User PowerShell Help	3	224	October 26, 2020
Active Directory Account Expiration Notification to Managers PowerShell Help	0	197	July 4, 2019
Set ad account expiration to none PowerShell Help	5	117	January 4, 2018
Set-expirationdate delay PowerShell Help	2	147	December 13, 2020
List of expiring accounts and email managers PowerShell Help	4	158	August 23, 2017

Stuck on Ad Expire report on multi domains

Declaration of Constants

Logging

Log Dir time stamp:

FunctionBlock

$User.DN holds the DN user

ScriptBlock

Get Today for something to compare against

Find out when account is supposed to expire

How many days left before account expires

Get the value in days

Get Today for something to compare against

Find out when account is supposed to expire

How many days left before account expires

Get the value in days

Get Today for something to compare against

Find out when account is supposed to expire

How many days left before account expires

Get the value in days

Repporting

Related Topics