Stuck on Ad Expire report on multi domains

Hi All,

I’m busy writing a multi domain (W2003-W2012) script to perform following things:

  1. Add expiry date for Admin users belonging to 1 Ad, if none is set (and have them be reported into a file)
  2. Extend the expiry date for the same users if the date is expired or about to expire, only when belonging to certain groups (and have them be reported into a file)
  3. report from the same admin set in 2 those not belonging to that group, needing to be handled manually
    4.report 3 other kind of users(normal users in 1 AD) and 2 other kind of users in several AD’s and have the expiry date be removed if one is set

5.Create a global report of all those users having 2 extra criteria added in the report : days left to expire & kind of account

I’m having difficulties in the last steps…

For
-when usining the multi dimensional array , I see that the script adds 1 extra line per count ( so 1 line for user 1 , 30 lines for user 30
-It adds “-736108” in files for when I calculate the days left to expire and this is set to “never expire”

please help, because I cannot sort this out :frowning:

if ( (Get-PSSnapin -Name quest.activeroles.admanagement -ErrorAction SilentlyContinue) -eq $null ) { Add-PsSnapin quest.activeroles.admanagement }

############################

Declaration of Constants

############################

$pw = read-host “Enter password” -AsSecureString
$Domains = gc “E:\Input\test.txt”

###########

Logging

###########

Log Dir time stamp:

$LogTime = Get-Date -Format “yyyy-MM-dd”
$LogDir = “E:\Output”+$LogTime+"_ExpireScript"

#Remove LogDir if allready existant
if (Test-Path $LogDir)
{
Remove-Item $LogDir -recurse -Force -confirm:$false
}
#Create New Logdir
New-Item -ItemType Directory -Force -Path $LogDir

#Creation of CUSTOM object to parse to Csv

$objectCollection=@()

$object = New-Object PSObject
Add-Member -InputObject $object -MemberType NoteProperty -Name Domain -Value “”
Add-Member -InputObject $object -MemberType NoteProperty -Name LogonName -Value “”
Add-Member -InputObject $object -MemberType NoteProperty -Name Displayname -Value “”
Add-Member -InputObject $object -MemberType NoteProperty -Name Description -Value “”
Add-Member -InputObject $object -MemberType NoteProperty -Name Email -Value “”
Add-Member -InputObject $object -MemberType NoteProperty -Name DistinguishedName -Value “”
Add-Member -InputObject $object -MemberType NoteProperty -Name AccountExpires -Value “”
Add-Member -InputObject $object -MemberType NoteProperty -Name AccountType -Value “”
Add-Member -InputObject $object -MemberType NoteProperty -Name DaysLeft -Value “”

#################

FunctionBlock

#################

Function AddExpDate

{
$InOneYear = (Get-Date).AddDays(365)

$User.DN holds the DN user

Set-QADUser -identity $User -AccountExpires $InOneYear
}

Function RemExpDate

{#Remove Expiration date (PA TA FA)
Set-QADUser -identity $User -accountexpires $null
}

###############

ScriptBlock

###############

foreach ($domain in $Domains)
{

Try
{

Connect-QADService $domain -ConnectionAccount $domain\HJG008-a -ConnectionPassword $pw

Get-QADUser -LdapFilter '(Samaccountname=*-A)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\PAA_Acc.csv -encoding unicode -notypeinformation -Append
Get-QADUser -LdapFilter '(description=admin*)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\PAA_Acc.csv -encoding unicode -notypeinformation -Append
Get-qaduser -LdapFilter '(description=technical*)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\Tech-Func_Acc.csv -encoding unicode -notypeinformation -Append
Get-qaduser -LdapFilter '(description=functional*)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\Tech-Func_Acc.csv -encoding unicode -notypeinformation -Append


$a=Import-csv $LogDir\PAA_Acc.csv|Sort name -Unique
$a|export-csv $LogDir\Unique_PAA_Acc.csv -encoding unicode -notypeinformation #-Append
$a|export-csv $LogDir\Unique_PAA_Full_Acc.csv -encoding unicode -notypeinformation -Append
$Users=$a
$b=Import-csv $LogDir\Tech-Func_Acc.csv
$b|export-csv $LogDir\All_Tech-Func_Acc.csv -encoding unicode -notypeinformation -Append
$Users2=$b

foreach ($user in $users)
{
$name =$user.name
$usr=Get-QADUser $name -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires

$object.Domain = $Usr.domain
$object.LogonName = $Usr.name
$object.Displayname = $Usr.displayname
$object.Description = $Usr.Description
$object.DistinguishedName = $Usr.Dn
$object.AccountExpires = $Usr.accountExpires
$object.Email = $Usr.email
$objectCollection += $object
$name =$user.name

Get Today for something to compare against

$Today=get-date

Find out when account is supposed to expire

$ExpireDate=$usr.accountExpires -as [datetime]

How many days left before account expires

$AccountAgeLeft=$ExpireDate-$Today

Get the value in days

$DaysLeft=$AccountAgeLeft.days
Write-host “$name has $daysleft days left”-fore DarkRed

If ($usr.accountExpires -eq $null)
{ if ($domain -eq ‘MAIN.DOMAIN.net’)
{
Write-host “Please Set Expire date for PAA Account $name” -fore Cyan
#$DN = $usr.DN
#AddExpDate $DN
$object.AccountType = “Personal Admin Account”
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\MAINDOMAIN_PAA_Acc_Auto_set_exp.csv -encoding unicode -notypeinformation -Append
}
else
{
Write-host “Logging PAA Account $name” -fore Cyan
$object.AccountType = “Personal Admin Account”
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\PAA_Acc_No_exp.csv -encoding unicode -notypeinformation -Append
}
}

If ($DaysLeft -le 1) #-and ($DaysLeft -ge 0) )
{
Write-host “Account $name has expired >> EXTEND” -fore Red
if ($domain -eq ‘MAIN.DOMAIN.net’)
{
$UserGroups= Get-QADMemberOf -identity $name | Foreach-Object {$_.Name}
if($UserGroups -like ‘G100.’ -OR $UserGroups -like 'G205.’ -OR $UserGroups -like ‘G207.’ -OR $UserGroups -like 'G208.’ )
{
Write-host “$name is member of one of the groups groups,with expiredate $exp” -fore Green
#$DN = $usr.DN
#AddExpDate $DN
$object.AccountType = “Personal Admin Account”
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\MAINDOMAIN_PAA_Acc_Auto_set_exp.csv -encoding unicode -notypeinformation -Append
#$usr2=import-csv $LogDir\MAINDOMAIN_PAA_Acct_Auto_set_exp.csv
#$usr2| Add-Member -MemberType NoteProperty “days left” -Value $daysleft
#$usr2| Add-Member -MemberType NoteProperty “Account Type” -Value “Personal ADMIN account”
#$usr2|export-csv $LogDir\MAINDOMAIN_PAA_Acct_Auto_set_exp2.csv -encoding unicode -notypeinformation -Append

            }
            else 
            {
            Write-host "$name user has to be reported" -fore Yellow
            $object.AccountType = "Personal Admin Account"
    $object.Daysleft = $DaysLeft
    $objectCollection += $object
    $objectCollection|export-csv $LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv -encoding unicode -notypeinformation -Append
            #$usr2=import-csv $LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv
    #$usr2| Add-Member -MemberType NoteProperty "days left" -Value $daysleft
    #$usr2| Add-Member -MemberType NoteProperty "Account Type" -Value "Personal ADMIN account"
    #$usr2|export-csv $LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv -encoding unicode -notypeinformation -Append
   
            }
    }
  }
}  

#Looping trough Technical & Functional accounts

foreach ($user2 in $users2)
{$name2 =$user2.name
$usr2=Get-QADUser $name2 -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires
$object.Domain = $Usr2.domain
$object.LogonName = $Usr2.name
$object.Displayname = $Usr2.displayname
$object.Description = $Usr2.Description
$object.DistinguishedName = $Usr2.Dn
$object.AccountExpires = $Usr2.accountExpires
$object.Email = $Usr2.email
if ($usr.Description -like “technical*”)
{$object.AccountType = “Technical Account”}
if ($usr.Description -like “functional*”)
{$object.AccountType = “Functional Account”}

Get Today for something to compare against

$Today=get-date

Find out when account is supposed to expire

$ExpireDate=$usr2.accountExpires -as [datetime]

How many days left before account expires

$AccountAgeLeft=$ExpireDate-$Today

Get the value in days

$DaysLeft=$AccountAgeLeft.days

If ($usr2.accountExpires -ne $null)
{
Write-host “Please REMOVE Expire date for Account $name2” -fore Cyan
#$DN2 = $usr2.DN
#RemExpDate $DN2
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\Tech-Func_Acc_Auto_REMOVE_exp.csv -encoding unicode -notypeinformation -Append
}
}
#Rename inputfiles
Rename-Item $LogDir\PAA_Acc.csv PAA_Acc_$domain.csv
Rename-Item $LogDir\Unique_PAA_Acc.csv Unique_PAA_Acc_$domain.csv
Rename-Item $LogDir\Tech-Func_Acc.csv Tech-Func_Acc_$domain.csv
}
Catch
{
$ErrorMessage = $.Exception.Message
$FailedItem = $
.Exception.ItemName
“We failed to connect to $domain. The error message was $ErrorMessage”| out-file $LogDir\ErrorLog33.log -append
}

}

Connect-QADService MAIN.DOMAIN.net -ConnectionAccount MAIN.DOMAIN.net\HJG008-a -ConnectionPassword $pw
Get-QADUser * -searchroot “MAIN.DOMAIN.net/MAINDOMAIN Customers/Users/Personal” -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\MAINDOMAINPA_Acc.csv -encoding unicode -notypeinformation -Append
Get-QADUser * -searchroot “MAIN.DOMAIN.net/IAM/Accounts” -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\MAINDOMAINPA_Acc.csv -encoding unicode -notypeinformation -Append
$x=Import-csv $LogDir\MAINDOMAINPA_Acc.csv|Sort name -Unique
$x|export-csv $LogDir\Unique_MAINDOMAINPA_Acc.csv -encoding unicode -notypeinformation #-Append
$Users3=$x
foreach ($user3 in $users3)
{$name3 =$user3.name
$usr3=Get-QADUser $name3 -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires
$object.Domain = $Usr3.domain
$object.LogonName = $Usr3.name
$object.Displayname = $Usr3.displayname
$object.Description = $Usr3.Description
$object.DistinguishedName = $Usr3.Dn
$object.AccountExpires = $Usr3.accountExpires
$object.Email = $Usr3.email

Get Today for something to compare against

$Today=get-date

Find out when account is supposed to expire

$ExpireDate=$usr3.accountExpires -as [datetime]

How many days left before account expires

$AccountAgeLeft=$ExpireDate-$Today

Get the value in days

$DaysLeft=$AccountAgeLeft.days

If ($usr3.accountExpires -ne $null)
{
Write-host “Please REMOVE Expire date for Account $name3” -fore Cyan
#$DN3 = $usr3.DN
#RemExpDate $DN3
$object.AccountType = “Personal Account”
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\MAINDOMAINPA_Acc_Auto_REMOVE_exp.csv -encoding unicode -notypeinformation -Append
}
}

##############

Repporting

##############

$csv1=Import-csv “$LogDir\MAINDOMAINPA_Acc_Auto_REMOVE_exp.csv”
$csv1| Add-Member -MemberType NoteProperty “Action” -Value “REMOVED Expire date”
$csv1|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append
$table += $csv1

$csv2=Import-csv “$LogDir\Tech-Func_Acc_Auto_REMOVE_exp.csv”
$csv2| Add-Member -MemberType NoteProperty “Action” -Value “REMOVED Expire date”
$csv2|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append
$table += $csv2

$csv3=Import-csv “$LogDir\MAINDOMAIN_PAA_Acc_Auto_set_exp.csv”
$csv3| Add-Member -MemberType NoteProperty “Action” -Value “Expiry Date EXTENDED”
$csv3|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append
$table += $csv3

$csv4=Import-csv “$LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv”
$csv4| Add-Member -MemberType NoteProperty “Action” -Value “Non Auto extended users : CHECK!”
$csv4|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append
$table += $csv4

$Header = @"

TABLE {border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}
TH {border-width: 1px;padding: 3px;border-style: solid;border-color: black;background-color: #6495ED;}
TD {border-width: 1px;padding: 3px;border-style: solid;border-color: black;}

Expiry Date Report

"@
$Pre = “This is a BETA Version of the report BE AWARE NO ACTION HAS BEEN DONE YET”
$Post ="This is an automaticly generated repport created by "

$table | ConvertTo-HTML -Head $Header -body “Expiry Date Report created on $LogTime” -PreContent $Pre -PostContent $Post| Out-File c:\temp\report3.html

Sorry to say, but it’s incredibly hard to read this script. Please follow the forum guideline on how to format code: https://powershell.org/forums/topic/how-to-format-code-in-the-forums/

Furthermore, can you specify exactly from which part of the script you expect a particular output, but is generated differently?

if ( (Get-PSSnapin -Name quest.activeroles.admanagement -ErrorAction SilentlyContinue) -eq $null ) { Add-PsSnapin quest.activeroles.admanagement }

############################
# Declaration of Constants #
############################

$pw = read-host "Enter password" -AsSecureString
$Domains = gc "E:\Input\test.txt"

###########
# Logging #
###########

# Log Dir time stamp:
$LogTime = Get-Date -Format "yyyy-MM-dd"
$LogDir = "E:\Output\"+$LogTime+"_ExpireScript"

#Remove LogDir if allready existant
if (Test-Path $LogDir)
{
Remove-Item $LogDir -recurse -Force -confirm:$false
}
#Create New Logdir
New-Item -ItemType Directory -Force -Path $LogDir

#Creation of CUSTOM object to parse to Csv

$objectCollection=@()

$object = New-Object PSObject
Add-Member -InputObject $object -MemberType NoteProperty -Name Domain -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name LogonName -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name Displayname -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name Description -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name Email -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name DistinguishedName -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name AccountExpires -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name AccountType -Value ""
Add-Member -InputObject $object -MemberType NoteProperty -Name DaysLeft -Value ""

#################
# FunctionBlock #
#################

Function AddExpDate

{
$InOneYear = (Get-Date).AddDays(365)
# $User.DN holds the DN user
Set-QADUser -identity $User -AccountExpires $InOneYear
}

Function RemExpDate

{#Remove Expiration date (PA TA FA)
Set-QADUser -identity $User -accountexpires $null
}

###############
# ScriptBlock #
###############

foreach ($domain in $Domains)
{

Try
{

Connect-QADService $domain -ConnectionAccount $domain\HJG008-a -ConnectionPassword $pw

Get-QADUser -LdapFilter '(Samaccountname=*-A)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\PAA_Acc.csv -encoding unicode -notypeinformation -Append
Get-QADUser -LdapFilter '(description=admin*)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\PAA_Acc.csv -encoding unicode -notypeinformation -Append
Get-qaduser -LdapFilter '(description=technical*)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\Tech-Func_Acc.csv -encoding unicode -notypeinformation -Append
Get-qaduser -LdapFilter '(description=functional*)' -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\Tech-Func_Acc.csv -encoding unicode -notypeinformation -Append

$a=Import-csv $LogDir\PAA_Acc.csv|Sort name -Unique
$a|export-csv $LogDir\Unique_PAA_Acc.csv -encoding unicode -notypeinformation #-Append
$a|export-csv $LogDir\Unique_PAA_Full_Acc.csv -encoding unicode -notypeinformation -Append
$Users=$a
$b=Import-csv $LogDir\Tech-Func_Acc.csv
$b|export-csv $LogDir\All_Tech-Func_Acc.csv -encoding unicode -notypeinformation -Append
$Users2=$b

foreach ($user in $users)
{
$name =$user.name
$usr=Get-QADUser $name -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires

$object.Domain = $Usr.domain
$object.LogonName = $Usr.name
$object.Displayname = $Usr.displayname
$object.Description = $Usr.Description
$object.DistinguishedName = $Usr.Dn
$object.AccountExpires = $Usr.accountExpires
$object.Email = $Usr.email
$objectCollection += $object
$name =$user.name
# Get Today for something to compare against
$Today=get-date
# Find out when account is supposed to expire
$ExpireDate=$usr.accountExpires -as [datetime]
# How many days left before account expires
$AccountAgeLeft=$ExpireDate-$Today
# Get the value in days
$DaysLeft=$AccountAgeLeft.days
Write-host "$name has $daysleft days left"-fore DarkRed

If ($usr.accountExpires -eq $null)
{ if ($domain -eq 'MAIN.DOMAIN.net')
{
Write-host "Please Set Expire date for PAA Account $name" -fore Cyan
#$DN = $usr.DN
#AddExpDate $DN
$object.AccountType = "Personal Admin Account"
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\MAINDOMAIN_PAA_Acc_Auto_set_exp.csv -encoding unicode -notypeinformation -Append
}
else
{
Write-host "Logging PAA Account $name" -fore Cyan
$object.AccountType = "Personal Admin Account"
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\PAA_Acc_No_exp.csv -encoding unicode -notypeinformation -Append
}
}

If ($DaysLeft -le 1) #-and ($DaysLeft -ge 0) )
{
Write-host "Account $name has expired >> EXTEND" -fore Red
if ($domain -eq 'MAIN.DOMAIN.net')
{
$UserGroups= Get-QADMemberOf -identity $name | Foreach-Object {$_.Name}
if($UserGroups -like 'G100.*' -OR $UserGroups -like 'G205.*' -OR $UserGroups -like 'G207.*' -OR $UserGroups -like 'G208.*' )
{
Write-host "$name is member of one of the groups groups,with expiredate $exp" -fore Green
#$DN = $usr.DN
#AddExpDate $DN
$object.AccountType = "Personal Admin Account"
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\MAINDOMAIN_PAA_Acc_Auto_set_exp.csv -encoding unicode -notypeinformation -Append
#$usr2=import-csv $LogDir\MAINDOMAIN_PAA_Acct_Auto_set_exp.csv
#$usr2| Add-Member -MemberType NoteProperty "days left" -Value $daysleft
#$usr2| Add-Member -MemberType NoteProperty "Account Type" -Value "Personal ADMIN account"
#$usr2|export-csv $LogDir\MAINDOMAIN_PAA_Acct_Auto_set_exp2.csv -encoding unicode -notypeinformation -Append

}
else
{
Write-host "$name user has to be reported" -fore Yellow
$object.AccountType = "Personal Admin Account"
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv -encoding unicode -notypeinformation -Append
#$usr2=import-csv $LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv
#$usr2| Add-Member -MemberType NoteProperty "days left" -Value $daysleft
#$usr2| Add-Member -MemberType NoteProperty "Account Type" -Value "Personal ADMIN account"
#$usr2|export-csv $LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv -encoding unicode -notypeinformation -Append

}
}
}
}

#Looping trough Technical & Functional accounts

foreach ($user2 in $users2)
{$name2 =$user2.name
$usr2=Get-QADUser $name2 -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires
$object.Domain = $Usr2.domain
$object.LogonName = $Usr2.name
$object.Displayname = $Usr2.displayname
$object.Description = $Usr2.Description
$object.DistinguishedName = $Usr2.Dn
$object.AccountExpires = $Usr2.accountExpires
$object.Email = $Usr2.email
if ($usr.Description -like "technical*")
{$object.AccountType = "Technical Account"}
if ($usr.Description -like "functional*")
{$object.AccountType = "Functional Account"}
# Get Today for something to compare against
$Today=get-date
# Find out when account is supposed to expire
$ExpireDate=$usr2.accountExpires -as [datetime]
# How many days left before account expires
$AccountAgeLeft=$ExpireDate-$Today
# Get the value in days
$DaysLeft=$AccountAgeLeft.days

If ($usr2.accountExpires -ne $null)
{
Write-host "Please REMOVE Expire date for Account $name2" -fore Cyan
#$DN2 = $usr2.DN
#RemExpDate $DN2
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\Tech-Func_Acc_Auto_REMOVE_exp.csv -encoding unicode -notypeinformation -Append
}
}
#Rename inputfiles
Rename-Item $LogDir\PAA_Acc.csv PAA_Acc_$domain.csv
Rename-Item $LogDir\Unique_PAA_Acc.csv Unique_PAA_Acc_$domain.csv
Rename-Item $LogDir\Tech-Func_Acc.csv Tech-Func_Acc_$domain.csv
}
Catch
{
$ErrorMessage = $_.Exception.Message
$FailedItem = $_.Exception.ItemName
"We failed to connect to $domain. The error message was $ErrorMessage"| out-file $LogDir\ErrorLog33.log -append
}

}

Connect-QADService MAIN.DOMAIN.net -ConnectionAccount MAIN.DOMAIN.net\HJG008-a -ConnectionPassword $pw
Get-QADUser * -searchroot "MAIN.DOMAIN.net/MAINDOMAIN Customers/Users/Personal" -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\MAINDOMAINPA_Acc.csv -encoding unicode -notypeinformation -Append
Get-QADUser * -searchroot "MAIN.DOMAIN.net/IAM/Accounts" -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires |export-csv $LogDir\MAINDOMAINPA_Acc.csv -encoding unicode -notypeinformation -Append
$x=Import-csv $LogDir\MAINDOMAINPA_Acc.csv|Sort name -Unique
$x|export-csv $LogDir\Unique_MAINDOMAINPA_Acc.csv -encoding unicode -notypeinformation #-Append
$Users3=$x
foreach ($user3 in $users3)
{$name3 =$user3.name
$usr3=Get-QADUser $name3 -DontUseDefaultIncludedProperties -IncludedProperties domain,name,displayname,Description,email,Dn,accountExpires -Enabled -SizeLimit 0 | select domain,name,displayname,Description,email,Dn,accountExpires
$object.Domain = $Usr3.domain
$object.LogonName = $Usr3.name
$object.Displayname = $Usr3.displayname
$object.Description = $Usr3.Description
$object.DistinguishedName = $Usr3.Dn
$object.AccountExpires = $Usr3.accountExpires
$object.Email = $Usr3.email

# Get Today for something to compare against
$Today=get-date
# Find out when account is supposed to expire
$ExpireDate=$usr3.accountExpires -as [datetime]
# How many days left before account expires
$AccountAgeLeft=$ExpireDate-$Today
# Get the value in days
$DaysLeft=$AccountAgeLeft.days

If ($usr3.accountExpires -ne $null)
{
Write-host "Please REMOVE Expire date for Account $name3" -fore Cyan
#$DN3 = $usr3.DN
#RemExpDate $DN3
$object.AccountType = "Personal Account"
$object.Daysleft = $DaysLeft
$objectCollection += $object
$objectCollection|export-csv $LogDir\MAINDOMAINPA_Acc_Auto_REMOVE_exp.csv -encoding unicode -notypeinformation -Append
}
}

##############
# Repporting #
##############

$csv1=Import-csv "$LogDir\MAINDOMAINPA_Acc_Auto_REMOVE_exp.csv"
$csv1| Add-Member -MemberType NoteProperty "Action" -Value "REMOVED Expire date"
$csv1|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append
$table += $csv1

$csv2=Import-csv "$LogDir\Tech-Func_Acc_Auto_REMOVE_exp.csv"
$csv2| Add-Member -MemberType NoteProperty "Action" -Value "REMOVED Expire date"
$csv2|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append
$table += $csv2

$csv3=Import-csv "$LogDir\MAINDOMAIN_PAA_Acc_Auto_set_exp.csv"
$csv3| Add-Member -MemberType NoteProperty "Action" -Value "Expiry Date EXTENDED"
$csv3|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append
$table += $csv3

$csv4=Import-csv "$LogDir\MAINDOMAIN_PAA_Acc_expired_VERIFYGROUPS.csv"
$csv4| Add-Member -MemberType NoteProperty "Action" -Value "Non Auto extended users : CHECK!"
$csv4|export-csv $LogDir\GlobalRepport.csv -encoding unicode -notypeinformation -Append
$table += $csv4

$Header = @"

TABLE {border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}
TH {border-width: 1px;padding: 3px;border-style: solid;border-color: black;background-color: #6495ED;}
TD {border-width: 1px;padding: 3px;border-style: solid;border-color: black;}

Expiry Date Report

"@
$Pre = "This is a BETA Version of the report BE AWARE NO ACTION HAS BEEN DONE YET"
$Post ="This is an automaticly generated repport created by "

$table | ConvertTo-HTML -Head $Header -body "Expiry Date Report created on $LogTime" -PreContent $Pre -PostContent $Post| Out-File c:\temp\report3.html

I want everything to be logged…
Fact is that my superior wants an overvieuw on each of his accounts , actions done, days left to expire, expirey date, email , sort of account , description, domain , etc …

I also performed an overview to a html page, for having a proper view of the output at his side, also loging of each different step, so an operator could use the csv files per step to perform any needed action

It does look like each loop I perform in the Foreach, the output gets duplicated more and more
+= on foreach loop is adding duplicate entry’s in my file, causing report files of 2 gB and more… script runtime also not performant.

PLEASE HELP… I’m running out of time and diskspace …

I found the error …
In fact it was TOO obvious, silly me :frowning:

$objectCollection += $object
$objectCollection|export-csv $LogDir\MAINDOMAINPA_Acc_Auto_REMOVE_exp.csv -encoding unicode -notypeinformation -Append
$objectCollection += $object

And

$objectCollection|export-csv $LogDir\MAINDOMAINPA_XXXX.csv -encoding unicode -notypeinformation -Append

Are the 2 reasons why my foreach loops created more and more duplicates per run…
Fact is that $objectCollection += $object & having the -Append set as parameter are creating this occurence.
after havint removed the + in the lines


$objectCollection += $object
my outup did not generate any duplicate/run :slight_smile:
Now I just have to sort out the issue on accounts that never expire having a value on -736XX in reporting.