1

I have a CSV file I downloaded from my company's Duo Admin Portal of over 4k "Inactive Users".

I am trying to write a PowerShell script that I can export the results as such:

  • For users found still in Active Directory = User - Email - Enabled
  • For users not found in Active Directory = User " not found."

The closest code that I have come up with is:

$InputFile = C:\Users\name\desktop\TestingSample1.csv
$CheckADUser = Import-CSV $InputFile | ForEachObject {GetADUser -f "samAccountName -eq $($_.)"}
$OutputFile = C:\Users\name\desktop\DuoInactiveUser.csv

$Result = 
if ($CheckADUser -ne $null) {
-Properties samAccountName,mail,enabled | select @{name= '$DuoInactiveUsers.Username';expression= {$_.samAccountName}},@{name= '$DuoInactiveUsers.Email';expression={$_.mail}},@{name= 'DuoInactiveUsers.Enabled';expression={$_.Enabled}}}
else {
@{name= 'DuoInactiveUsers.Username';expression="{$_.samAccountName} not found!"

$Result | Export-CSV $OutputFile -Append

The problems I am running into are:

  1. Not all listed user names in the exported CSV, are in the samAccountName format. Some are in logon name format.
  2. I keep getting the error "ObjectNotFound: ((name):ADUser) [Get-ADUser], ADIdentityNotFoundException" instead of producing the else statement.

I have tried looking up the error for ways to fix the issue, and found a few options, but none of them appear to be working.

I have tried to catch the error but I do not have the permissions with my work profile to add PowerShell modules that I have found elsewhere that are supposed to work.

Improve this question
5
  • 2
    Whats the column name (header) of your Csv having the users ? Commented Sep 30, 2023 at 21:41
  • the header column of the input file where the users are being pulled from is "Username". Commented Sep 30, 2023 at 21:48
  • 2
    I see, and, can you clarify on what you mean by "Not all listed user names in the exported CSV, are in the samAccountName format. Some are in logon name format." ? the logon name IS the samAccountName. Do you mean some rows have a userPrincipalName instead of a SAM? Commented Sep 30, 2023 at 21:51
  • "the logon name IS the samAccountName. Do you mean some rows have a userPrincipalName instead of a SAM? " I am sorry for the confusion my mislabeling caused. The names in the "Username" Column are either samAccountName or userPrincipleName format. Commented Oct 1, 2023 at 0:49
  • gotcha, just saw this, remember if you want someone to see your response in a comment, you can @ them i.e. @Santiago would make me see the notification Commented Oct 1, 2023 at 1:42

1 Answer 1

Reset to default
0

Your current code has many syntax errors, leaving that aside, if your CSV values can have samAccountName or UserPrincipalName you can change your filter to target both possibilities. I added some inline comments to help you follow the logic of the code. An important thing to note, it seems like you're trying to have dynamic properties depending on if the user was found or not, this is not possible with Export-Csv, you must create uniform objects (objects that will have the same structure, same property names) otherwise you will lose data.

$InputFile = 'C:\Users\name\desktop\TestingSample1.csv'
Import-Csv $InputFile | ForEach-Object {
    $value = $_.Username
    # if the CSV has an empty value here,
    if ([string]::IsNullOrWhiteSpace($value)) {
        # this is the only way to make the LDAPFilter throw an error
        # we must skip, go next..
        return
    }

    $getADUserSplat = @{
        LDAPFilter = "(|(samAccountName=$value)(userPrincipalName=$value))"
        Properties = 'mail'
    }

    $user = Get-ADUser @getADUserSplat
    $samAccountName = $user.samAccountName
    $status = 'Found'

    # if the user was not found in AD
    if (-not $user) {
        # use the value we have from the CSV here
        $samAccountName = $_.Username
        $status = 'Not Found'
    }

    # `$user.Enabled` and `$user.Mail` will be null if the user was not found
    # we don't need to worry about those

    [pscustomobject]@{
        SamAccountName = $samAccountName
        Status         = $status
        Enabled        = $user.Enabled
        Mail           = $user.Mail
    }
} | Export-Csv 'C:\Users\name\desktop\DuoInactiveUser.csv' -NoTypeInformation
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

@RichardDiring glad it did, you can consider accepting the answer then

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.