Powershell Help - Moving disabled accounts

Came across this script posted a while back that is what I am looking for to remove disabled accounts.  However I am trying to tweak it so that I can move disabled accounts after 30 days of disabling/no activiity into it's own OU.  Here's the original link...

https://gallery.technet.microsoft.com/scriptcenter/Disabled-AD-Account-8cc92a7d#content

I'm stuck on moving the user object, ANY help would be appreciated.  Thanks!


#load AD module 
import-module activedirectory 
 
$oldDate = [DateTime]::Today.AddDays(-30) 
$warnDate = [DateTime]::Today.AddDays(-23) 
$AMSearchBase = "OU=Users,OU=Accounts,DC=Corp,DC=Com" 
$ShortRegion = "IT" 
$Region = "Information Technology" 
$disabledUsers = @() 
$warnUsers = @() 
$wlistUsers = @() 
$30daysUsers = @() 
 
##AM Section## 
##Retrieves disabled user accounts and stores in an array 
$disabledUsers = Get-ADUser -filter {(Enabled -eq $False)} -Searchbase $AMSearchBase -Searchscope 1 -Properties Name,SID,Enabled,LastLogonDate,Modified,info,description 
 
foreach ($name in $disabledUsers) { 
    if ($name.info -ne "WHITELIST" -and $name.modified -le $oldDate) { 
        Get-ADUser -Filter $disabledUsers | Move-ADObject -targetpath "OU=Disabled Accounts,OU=Users,OU=Accounts,DC=Corp,DC=Com"
        $disabledUsers = $disabledUsers + $name 
        } 
    elseif ($name.info -eq "WHITELIST") { 
        #Write-Host $name.name " is Whitelisted" 
        $wlistUsers = $wlistUsers + $name 
        } 
        elseif ($name.info -ne "WHITELIST"-and $name.modified -le $warnDate) { 
        #Write-Host $name.name " is will be deleted in the next run" 
        $warnUsers = $warnUsers + $name 
        } 
    else {
        #Write-Host $name.name " was modified less than 30 days ago" 
        $30daysUsers = $30daysUsers + $name 
        } 

 
$report = "c:\Scripts\Reports\DisabledAccounts30Days.htm"  
##Clears the report in case there is data in it 
Clear-Content $report 
##Builds the headers and formatting for the report 
Add-Content $report "<html>"  
Add-Content $report "<head>"  
Add-Content $report "<meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'>"  
Add-Content $report '<title>COMPANY Terminated User Cleanup Script</title>'  
add-content $report '<STYLE TYPE="text/css">'  
add-content $report  "<!--"  
add-content $report  "td {"  
add-content $report  "font-family: Tahoma;"  
add-content $report  "font-size: 11px;"  
add-content $report  "border-top: 1px solid #999999;"  
add-content $report  "border-right: 1px solid #999999;"  
add-content $report  "border-bottom: 1px solid #999999;"  
add-content $report  "border-left: 1px solid #999999;"  
add-content $report  "padding-top: 0px;"  
add-content $report  "padding-right: 0px;"  
add-content $report  "padding-bottom: 0px;"  
add-content $report  "padding-left: 0px;"  
add-content $report  "}"  
add-content $report  "body {"  
add-content $report  "margin-left: 5px;"  
add-content $report  "margin-top: 5px;"  
add-content $report  "margin-right: 0px;"  
add-content $report  "margin-bottom: 10px;"  
add-content $report  ""  
add-content $report  "table {"  
add-content $report  "border: thin solid #000000;"  
add-content $report  "}"  
add-content $report  "-->"  
add-content $report  "</style>"  
Add-Content $report "</head>"  
add-Content $report "<body>"  
 
##This section adds tables to the report with individual content 
##Table 1 for deleted users 
add-content $report  "<table width='100%'>"  
add-content $report  "<tr bgcolor='#CCCCCC'>"  
add-content $report  "<td colspan='7' height='25' align='center'>"  
add-content $report  "<font face='tahoma' color='#003399' size='4'><strong>The following users have been moved to the Disabled OU (Report Only)</strong></font>"  
add-content $report  "</td>"  
add-content $report  "</tr>"  
add-content $report  "</table>"  
add-content $report  "<table width='100%'>"  
Add-Content $report "<tr bgcolor=#CCCCCC>"  
Add-Content $report  "<td width='20%' align='center'>Account Name</td>"  
Add-Content $report "<td width='10%' align='center'>Modified Date</td>"   
Add-Content $report "<td width='50%' align='center'>Description</td>"   
Add-Content $report "</tr>"  
if ($disabledUsers -ne $null){ 
    foreach ($name in $disabledUsers) { 
        $AccountName = $name.name 
        $LastChgd = $name.modified 
        $UserDesc = $name.Description 
        Add-Content $report "<tr>"  
        Add-Content $report "<td>$AccountName</td>"  
        Add-Content $report "<td>$LastChgd</td>"  
        add-Content $report "<td>$UserDesc</td>" 
    } 

else { 
    Add-Content $report "<tr>"  
    Add-Content $report "<td>No Accounts match</td>"  

Add-content $report  "</table>"  
 
##Table 2 for warning users 
add-content $report  "<table width='100%'>"  
add-content $report  "<tr bgcolor='#CCCCCC'>"  
add-content $report  "<td colspan='7' height='25' align='center'>"  
add-content $report  "<font face='tahoma' color='#003399' size='4'><strong>The following users will be moved to the Disabled OU next week</strong></font>"  
add-content $report  "</td>"  
add-content $report  "</tr>"  
add-content $report  "</table>"  
add-content $report  "<table width='100%'>"  
Add-Content $report "<tr bgcolor=#CCCCCC>"  
Add-Content $report  "<td width='20%' align='left'>Account Name</td>"  
Add-Content $report "<td width='10%' align='center'>Modified Date</td>"   
Add-Content $report "<td width='50%' align='center'>Description</td>"   
Add-Content $report "</tr>" 
if ($warnUsers -ne $null){ 
    foreach ($name in $warnUsers) { 
        $AccountName = $name.name 
        $LastChgd = $name.modified 
        $UserDesc = $name.Description 
        Add-Content $report "<tr>"  
        Add-Content $report "<td>$AccountName</td>"  
        Add-Content $report "<td>$LastChgd</td>"  
        add-Content $report "<td>$UserDesc</td>" 
    } 

else { 
    Add-Content $report "<tr>"  
    Add-Content $report "<td>No Accounts match</td>"  

Add-content $report  "</table>"  
 
##Table 3 for whitelisted users 
add-content $report  "<table width='100%'>"  
add-content $report  "<tr bgcolor='#CCCCCC'>"  
add-content $report  "<td colspan='7' height='25' align='center'>"  
add-content $report  "<font face='tahoma' color='#003399' size='4'><strong>The following users are whitelisted</strong></font>"  
add-content $report  "</td>"  
add-content $report  "</tr>"  
add-content $report  "</table>"  
add-content $report  "<table width='100%'>"  
Add-Content $report "<tr bgcolor=#CCCCCC>"  
Add-Content $report  "<td width='20%' align='left'>Account Name</td>"  
Add-Content $report "<td width='10%' align='center'>Modified Date</td>"   
Add-Content $report "<td width='50%' align='center'>Description</td>"   
Add-Content $report "</tr>" 
if ($wlistUsers -ne $null){ 
    foreach ($name in $wlistUsers) { 
        $AccountName = $name.name 
        $LastChgd = $name.modified 
        $UserDesc = $name.Description 
        Add-Content $report "<tr>"  
        Add-Content $report "<td>$AccountName</td>"  
        Add-Content $report "<td>$LastChgd</td>"  
        add-Content $report "<td>$UserDesc</td>" 
    } 

else { 
    Add-Content $report "<tr>"  
    Add-Content $report "<td>No Accounts match</td>"  

Add-content $report  "</table>"  
 
##Table 4 for recently modified users 
add-content $report  "<table width='100%'>"  
add-content $report  "<tr bgcolor='#CCCCCC'>"  
add-content $report  "<td colspan='7' height='25' align='center'>"  
add-content $report  "<font face='tahoma' color='#003399' size='4'><strong>The following disabled users were modified in the last 30 days</strong></font>"  
add-content $report  "</td>"  
add-content $report  "</tr>"  
add-content $report  "</table>"  
add-content $report  "<table width='100%'>"  
Add-Content $report "<tr bgcolor=#CCCCCC>"  
Add-Content $report  "<td width='20%' align='left'>Account Name</td>"  
Add-Content $report "<td width='10%' align='center'>Modified Date</td>"   
Add-Content $report "<td width='50%' align='center'>Description</td>"   
Add-Content $report "</tr>"  
if ($30daysUsers -ne $null){ 
    foreach ($name in $30daysUsers) { 
        $AccountName = $name.name 
        $LastChgd = $name.modified 
        $UserDesc = $name.Description 
        Add-Content $report "<tr>"  
        Add-Content $report "<td>$AccountName</td>"  
        Add-Content $report "<td>$LastChgd</td>"  
        add-Content $report "<td>$UserDesc</td>" 
    } 

else { 
    Add-Content $report "<tr>"  
    Add-Content $report "<td>No Accounts match</td>"  

Add-content $report  "</table>"  
 
##This section closes the report formatting 
Add-Content $report "</body>"  
Add-Content $report "</html>"  
 
##Assembles and sends completion email with DL information## 
$emailFrom = "ADManagement@corp.com" 
$emailTo = "test@corp.com" 
$subject = "Corp $Region Disabled User Cleanup Script Complete" 
$smtpServer = "ismtp.corp.com" 
$body = Get-Content $report | Out-String 
 
Send-MailMessage -To $emailTo -From $emailFrom -Subject $subject -BodyAsHtml -Body $body -SmtpServer $smtpServer 

August 28th, 2015 6:09pm

Either ask the author of the script for help or ask a specific question.  We do not fix scripts that you havefound on the Internet.

The script has a support page here: https://gallery.technet.microsoft.com/scriptcenter/Disabled-AD-Account-8cc92a7d/view/Discussions#content

If you have a specific error or issue then ask that.  Don't just post 100+ lines of spaghetti code and ask someone to fix an arbitrary problem.

Free Windows Admin Tool Kit Click here and download it now
August 28th, 2015 6:53pm

Here I through out all of the non usable code and simplified your code.  Start with this and debug it until you have what you are looking for.  YOu have a number of logic and syntax errors and only you know what you are trying to do.

import-module activedirectory 
 
$oldDate = [DateTime]::Today.AddDays(-30) 
$warnDate = [DateTime]::Today.AddDays(-23) 
$AMSearchBase = "OU=Users,OU=Accounts,DC=Corp,DC=Com" 
$warnUsers = @() 
$wlistUsers = @() 
$30daysUsers = @() 
 
$disabledUsers = Get-ADUser -filter {Enabled -eq $False} -Searchbase $AMSearchBase -Properties Name,SID,Enabled,LastLogonDate,Modified,info,description 
foreach ($name in $disabledUsers) {

    if ($name.info -ne "WHITELIST" -and $name.modified -le $oldDate) { 
        Get-ADUser -Filter $disabledUsers | Move-ADObject -targetpath "OU=Disabled Accounts,OU=Users,OU=Accounts,DC=Corp,DC=Com"
        $disabledUsers = $disabledUsers + $name 
     }elseif($name.info -eq "WHITELIST"){
         #Write-Host $name.name " is Whitelisted" 
         $wlistUsers = $wlistUsers + $name 
     }elseif($name.info -ne "WHITELIST"-and $name.modified -le $warnDate){
         #Write-Host $name.name " is will be deleted in the next run" 
         $warnUsers = $warnUsers + $name
     }else{
         #Write-Host $name.name " was modified less than 30 days ago" 
         $30daysUsers = $30daysUsers + $name 
     } 
}
 
$warnUsers
pause
$wlistUsers
Pause
$30daysUsers

 

 
August 28th, 2015 7:02pm

I have created a script to accomplish this with a little more detail on the account side. Check it out on my siite.

http://www.wsit.ca/how-tos/powershell/active-directory-user-account-cleanup-automation-with-powershell/

Will.

Free Windows Admin Tool Kit Click here and download it now
August 31st, 2015 9:15am

My bad, I'll be sure to use code blocks and post my error next time.
September 1st, 2015 6:39pm

Thanks for the help, I keep getting the following error when the script tries to move the user...

Get-ADUser : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'Filter'. Specified method is not supported.
At W:\Powershell\MoveDisabledAccounts90DaysV2.ps1:23 char:28
+         Get-ADUser -Filter $disabledUsers | Move-ADObject -targetpath "OU=Test,O ...
+                            ~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.GetADUser

Free Windows Admin Tool Kit Click here and download it now
September 1st, 2015 6:42pm

$disabledUsers is an array. You cannot copy an array to a filter.

Look at help for how to use the filter syntax.

September 1st, 2015 7:01pm

Thanks for the help , i was able to get the following working... Please close this thread.

#load AD module
import-module activedirectory

$oldDate = [DateTime]::Today.AddDays(-90)
$warnDate = [DateTime]::Today.AddDays(-83)
$moveDate = [DateTime]::Today.AddDays(-31)
$MoveSearchBase = "OU=Test,OU=Users,OU=Accounts,DC=Corp"
$DelSearchBase = "OU=Disabled Accounts,OU=Users,OU=Accounts,DC=Corp" 
$delUsers = @()
$warnUsers = @()
$moveUsers = @()

##Move Users Section##
##Moves disabled accounts after 31 days into disabled account OU
$moveUsers = Get-ADUser -SearchBase $MoveSearchBase -filter {(lastlogondate -le $moveDate) -AND (enabled -eq $false) -AND (passwordlastset -le $oldDate)} -Properties Name,SID,Enabled,LastLogonDate,Modified,info,description
Get-ADUser -SearchBase $MoveSearchBase -filter {(lastlogondate -le $moveDate) -AND (enabled -eq $false) -AND (passwordlastset -le $oldDate)}| Move-ADObject -targetpath "OU=Disabled Accounts,OU=Users,OU=Accounts,DC=corp" 

##Delete Users Section##
##Retrieves disabled user accounts and stores in an array
$disabledUsers = Get-ADUser -filter {(Enabled -eq $False)} -Searchbase $DelSearchBase -Searchscope 1 -Properties Name,SID,Enabled,LastLogonDate,Modified,info,description

foreach ($name in $disabledUsers) {
	if ($name.modified -le $oldDate) {
		Remove-ADUser -id $name.SID -confirm:$false
		$delUsers = $delUsers + $name
		}
elseif ($name.modified -le $warnDate) {
		#Write-Host $name.name " is will be deleted in the next run"
		$warnUsers = $warnUsers + $name
		}
}

Free Windows Admin Tool Kit Click here and download it now
September 8th, 2015 10:24am

Thanks for the help , i was able to get the following working... Please close this thread.

#load AD module
import-module activedirectory

$oldDate = [DateTime]::Today.AddDays(-90)
$warnDate = [DateTime]::Today.AddDays(-83)
$moveDate = [DateTime]::Today.AddDays(-31)
$MoveSearchBase = "OU=Test,OU=Users,OU=Accounts,DC=Corp"
$DelSearchBase = "OU=Disabled Accounts,OU=Users,OU=Accounts,DC=Corp" 
$delUsers = @()
$warnUsers = @()
$moveUsers = @()

##Move Users Section##
##Moves disabled accounts after 31 days into disabled account OU
$moveUsers = Get-ADUser -SearchBase $MoveSearchBase -filter {(lastlogondate -le $moveDate) -AND (enabled -eq $false) -AND (passwordlastset -le $oldDate)} -Properties Name,SID,Enabled,LastLogonDate,Modified,info,description
Get-ADUser -SearchBase $MoveSearchBase -filter {(lastlogondate -le $moveDate) -AND (enabled -eq $false) -AND (passwordlastset -le $oldDate)}| Move-ADObject -targetpath "OU=Disabled Accounts,OU=Users,OU=Accounts,DC=corp" 

##Delete Users Section##
##Retrieves disabled user accounts and stores in an array
$disabledUsers = Get-ADUser -filter {(Enabled -eq $False)} -Searchbase $DelSearchBase -Searchscope 1 -Properties Name,SID,Enabled,LastLogonDate,Modified,info,description

foreach ($name in $disabledUsers) {
	if ($name.modified -le $oldDate) {
		Remove-ADUser -id $name.SID -confirm:$false
		$delUsers = $delUsers + $name
		}
elseif ($name.modified -le $warnDate) {
		#Write-Host $name.name " is will be deleted in the next run"
		$warnUsers = $warnUsers + $name
		}
}

September 8th, 2015 2:23pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics