英文:
Powershell script to confirm an account from a CSV is disabled before deleting the account
问题
抱歉,您要求只返回翻译好的部分,不包含其他内容。以下是您的内容的翻译:
"Hi I hope someone can help me, I'm not great at scripting and my issue is...
I have a medium estate of around 15,000 users which is in a bit of a mess. There are around 3000 user accounts which are disabled. Some user accounts are disabled due to the user being on long term sick, maternity, or suspended, these 'known' accounts are not to be touched so I cannot do a broad "find accounts that are disabled and just delete them" script.
Currently I have a script which exports all disabled accounts to a csv, I then manually manipulate that data within the csv to tag known accounts that cannot be deleted. I then take that file and run this script...
Import-Module ActiveDirectory
$list = Import-CSV C:\temp\deleteuser.csv
forEach ($item in $list) {
$samAccountName = $item.samAccountName
#Get DistinguishedName from SamAccountName
$DN = Get-ADuser -Identity $Samaccountname -Properties DistinguishedName |
Select-Object -ExpandProperty DistinguishedName
try{
#Remove object using DN
Remove-ADObject -Identity $DN -Confirm:$false
"Remove successful for $SamAccountName" | Out-File 'C:\temp\Account Delete Success.txt' -Append }
Catch{
"Remove failed for $SamAccountName" | Out-File 'C:\temp\Account Delete Failed.txt' -Append
}
}
While this is great, I'd love to be able to check the user account is still disabled before the Remove-ADObject command is run and for it to skip the account and output the name of the skipped account to a txt file. Is that possible or am I over complicating things?"
请告诉我是否还需要其他帮助。
英文:
Hi I hope someone can help me, I'm not great at scripting and my issue is...
I have a medium estate of around 15,000 users which is in a bit of a mess. There are around 3000 user accounts which are disabled. Some user accounts are disabled due to the user being on long term sick, maternity, or suspended, these 'known' accounts are not to be touched so I cannot do a broad "find accounts that are disabled and just delete them" script.
Currently I have a script which exports all disabled accounts to a csv, I then manually manipulate that data within the csv to tag known accounts that cannot be deleted. I then take that file and run this script...
Import-Module ActiveDirectory
$list = Import-CSV C:\temp\deleteuser.csv
forEach ($item in $list) {
$samAccountName = $item.samAccountName
#Get DistinguishedName from SamAccountName
$DN = Get-ADuser -Identity $Samaccountname -Properties DistinguishedName |
Select-Object -ExpandProperty DistinguishedName
try{
#Remove object using DN
Remove-ADObject -Identity $DN -Confirm:$false
"Remove successful for $SamAccountName" | Out-File 'C:\temp\Account Delete Success.txt' -Append }
Catch{
"Remove failed for $SamAccountName" | Out-File 'C:\temp\Account Delete Failed.txt' -Append
}
}
While this is great, I'd love to be able to check the user account is still disabled before the Remove-ADObject command is run and for it to skip the account and output the name of the skipped account to a txt file. Is that possible or am I over complicating things?
答案1
得分: 0
只需在删除用户之前检查 'Enabled' 属性,如下所示:
Import-Module ActiveDirectory
$list = Import-CSV C:\temp\deleteuser.csv
forEach ($item in $list) {
$samAccountName = $item.samAccountName
# 从 SamAccountName 获取 DistinguishedName
$DN = Get-ADuser -Identity $Samaccountname -Properties DistinguishedName, Enabled |
Select-Object -ExpandProperty DistinguishedName
try {
# 使用 DN 删除对象
if (!$DN.Enabled) {
Remove-ADObject -Identity $DN -Confirm:$false
"Remove successful for $SamAccountName" | Out-File 'C:\temp\Account Delete Success.txt' -Append
} else {
"Remove aborted for $SamAccountName" | Out-File 'C:\temp\Account Delete aborted.txt' -Append
}
}
Catch {
"Remove failed for $SamAccountName" | Out-File 'C:\temp\Account Delete Failed.txt' -Append
}
}
英文:
simply test 'Enabled' property before deleting user like this :
Import-Module ActiveDirectory
$list = Import-CSV C:\temp\deleteuser.csv
forEach ($item in $list) {
$samAccountName = $item.samAccountName
#Get DistinguishedName from SamAccountName
$DN = Get-ADuser -Identity $Samaccountname -Properties DistinguishedName, Enabled |
Select-Object -ExpandProperty DistinguishedName
try{
#Remove object using DN
if (!$DN.Enabled){
Remove-ADObject -Identity $DN -Confirm:$false
"Remove successful for $SamAccountName" | Out-File 'C:\temp\Account Delete Success.txt' -Append }
else {
"Remove aborted for $SamAccountName" | Out-File 'C:\temp\Account Delete aborted.txt' -Append }
}
}
Catch{
"Remove failed for $SamAccountName" | Out-File 'C:\temp\Account Delete Failed.txt' -Append
}
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论