Powershell脚本用于在删除帐户之前确认CSV中的帐户是否已禁用

huangapple go评论53阅读模式
英文:

Powershell script to confirm an account from a CSV is disabled before deleting the account

问题

抱歉,您要求只返回翻译好的部分,不包含其他内容。以下是您的内容的翻译:

"Hi I hope someone can help me, I'm not great at scripting and my issue is...

I have a medium estate of around 15,000 users which is in a bit of a mess. There are around 3000 user accounts which are disabled. Some user accounts are disabled due to the user being on long term sick, maternity, or suspended, these 'known' accounts are not to be touched so I cannot do a broad "find accounts that are disabled and just delete them" script.

Currently I have a script which exports all disabled accounts to a csv, I then manually manipulate that data within the csv to tag known accounts that cannot be deleted. I then take that file and run this script...

Import-Module ActiveDirectory
$list = Import-CSV C:\temp\deleteuser.csv

forEach ($item in $list) {
$samAccountName = $item.samAccountName

#Get DistinguishedName from SamAccountName
$DN = Get-ADuser -Identity $Samaccountname -Properties DistinguishedName |
    Select-Object -ExpandProperty DistinguishedName

try{
#Remove object using DN
Remove-ADObject -Identity $DN -Confirm:$false
"Remove successful for $SamAccountName" | Out-File 'C:\temp\Account Delete Success.txt' -Append }
Catch{
"Remove failed for $SamAccountName" | Out-File 'C:\temp\Account Delete Failed.txt' -Append
}
}

While this is great, I'd love to be able to check the user account is still disabled before the Remove-ADObject command is run and for it to skip the account and output the name of the skipped account to a txt file. Is that possible or am I over complicating things?"

请告诉我是否还需要其他帮助。

英文:

Hi I hope someone can help me, I'm not great at scripting and my issue is...

I have a medium estate of around 15,000 users which is in a bit of a mess. There are around 3000 user accounts which are disabled. Some user accounts are disabled due to the user being on long term sick, maternity, or suspended, these 'known' accounts are not to be touched so I cannot do a broad "find accounts that are disabled and just delete them" script.

Currently I have a script which exports all disabled accounts to a csv, I then manually manipulate that data within the csv to tag known accounts that cannot be deleted. I then take that file and run this script...

Import-Module ActiveDirectory
$list = Import-CSV C:\temp\deleteuser.csv

forEach ($item in $list) {
    $samAccountName = $item.samAccountName

    #Get DistinguishedName from SamAccountName
    $DN = Get-ADuser -Identity $Samaccountname -Properties DistinguishedName |
        Select-Object -ExpandProperty DistinguishedName
 try{
    #Remove object using DN
    Remove-ADObject -Identity $DN -Confirm:$false
    "Remove successful for $SamAccountName" | Out-File 'C:\temp\Account Delete Success.txt' -Append }
Catch{
     "Remove failed for $SamAccountName" | Out-File 'C:\temp\Account Delete Failed.txt' -Append
}
}

While this is great, I'd love to be able to check the user account is still disabled before the Remove-ADObject command is run and for it to skip the account and output the name of the skipped account to a txt file. Is that possible or am I over complicating things?

答案1

得分: 0

只需在删除用户之前检查 'Enabled' 属性,如下所示:

Import-Module ActiveDirectory
$list = Import-CSV C:\temp\deleteuser.csv

forEach ($item in $list) {
    $samAccountName = $item.samAccountName

    # 从 SamAccountName 获取 DistinguishedName
    $DN = Get-ADuser -Identity $Samaccountname -Properties DistinguishedName, Enabled |
    Select-Object -ExpandProperty DistinguishedName
    try {
        # 使用 DN 删除对象
        if (!$DN.Enabled) {
            Remove-ADObject -Identity $DN -Confirm:$false
            "Remove successful for $SamAccountName" | Out-File 'C:\temp\Account Delete Success.txt' -Append
        } else {
            "Remove aborted for $SamAccountName" | Out-File 'C:\temp\Account Delete aborted.txt' -Append
        }
    }
    Catch {
        "Remove failed for $SamAccountName" | Out-File 'C:\temp\Account Delete Failed.txt' -Append
    }
}
英文:

simply test 'Enabled' property before deleting user like this :

Import-Module ActiveDirectory
$list = Import-CSV C:\temp\deleteuser.csv

forEach ($item in $list) {
    $samAccountName = $item.samAccountName
	
    #Get DistinguishedName from SamAccountName
		
	$DN = Get-ADuser -Identity $Samaccountname -Properties DistinguishedName, Enabled |
	Select-Object -ExpandProperty DistinguishedName
	try{
		#Remove object using DN
		if (!$DN.Enabled){
			Remove-ADObject -Identity $DN -Confirm:$false
		"Remove successful for $SamAccountName" | Out-File 'C:\temp\Account Delete Success.txt' -Append }
		else {
		"Remove aborted for $SamAccountName" | Out-File 'C:\temp\Account Delete aborted.txt' -Append }
			}
	}
	Catch{
		"Remove failed for $SamAccountName" | Out-File 'C:\temp\Account Delete Failed.txt' -Append
	}
}

huangapple
  • 本文由 发表于 2023年2月8日 23:50:51
  • 转载请务必保留本文链接:https://go.coder-hub.com/75388333.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定