variable is not being reset correctly

Hi

I have this script to disable users in AD and do a couple of other things along the way

the issue that I’m having here is that $Manager is not being reset to nothing.
as result when disabling 1 user I get the manager from the previous disabled user

when disabling multiple users the first accounts get the manager of the last disabled user

and the 2nd user to be disabled is getting the manager from the 1st user in the list.
what do I need to do to correct this?
[pre]

#select CSV file that contains the people where the groups needs to be removed
#csv file needs to be a comma separated file
$users = import-csv c:\temp\toRemove.csv
$date= Get-Date -Format “yyyy-MM-dd”
$lastworkdate = (get-date).AddDays(-1).ToString(“yyyy-MM-dd”)
$DisabledOU = “OU=Disabled,OU=Regions,DC=test,DC=com”

foreach ($user in $users)
{
#get manager
$manager = (get-aduser (get-aduser $user.samAccountName -Properties manager).manager).Name

#get all the groups this user is member of an paste this in Note section
$groups =Get-ADPrincipalGroupMembership $user.SamAccountName
Set-ADUser $user.samAccountName -Replace @{info=$groups.name -join “rn”}

#remove department and Manager from user Add description and disable account
set-aduser $user.samAccountName -clear manager, department
set-aduser $user.SamAccountName -Description $description
get-ADUser $user.SamAccountName | Disable-ADAccount
$description = “Disabled by .adm on " + $date +” Last workingday " + $lastworkdate + " Manager: "+ $manager

#add date to extension attribute nr15
Set-ADUser –Identity $user.SamAccountName -add @{“extensionattribute15”= $((Get-Date).ToShortDateString())}

$adgroups = Get-ADPrincipalGroupMembership -Identity $user.SamAccountName
foreach ($singlegroup in $adgroups)
{ # removing all groups except the domain user group pay attention a given group as also 1 samaccountname
if ($singlegroup.SamAccountName -notlike “Domain Users”)

if ($singlegroup.SamAccountName -notlike “Domain Users” -and $singlegroup.SamAccountName -notlike “syncedToAzure”)

{
Remove-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $singlegroup.SamAccountName -confirm:$false

}

}
#move user to disabled
get-aduser $user.SamAccountName | move-adobject -targetpath $DisabledOU
$manager = $null
$user = $null
}

[/pre]

Any thoughts on this?

I don’t know if this is related, but when I pasted your code in to ISE the following line had a syntax error

Set-ADUser –Identity $user.SamAccountName -add @{“extensionattribute15″= $((Get-Date).ToShortDateString())}

 

I changed it to this and the code ran, however, i was unable to replicate the issue you are having.

Set-ADUser –Identity $user.SamAccountName -add @{'extensionattribute15'=(Get-Date).ToShortDateString()}

 

What happens if you put the $manager=$null as the first line of code inside the foreach loop instead of at the end of the loop?

I would recommend using the breakpoint feature on ISE and putting a breakpoint on the $manager = $null to see if the script actually hits the manager variable and nulls it.

If you are using VSCode you could also use the debugger and watch the $manager variable to see what happens to it.

 

As a work around you could do something before you set the manager like:

 

if($mamanger){
Remove-Variable Manager

}


This would remove the variable if its set.