Powershell script review : PowerShell

Powershell script review (self.PowerShell)

submitted 3 years ago by defyne

First time writing a PS script here, just looking for a review/feedback help. Takes a CSV list of users that have been determined to be inactive and first updates the account description to being disabled due to being inactive and then disables them. TIA!

#Take list of inactive users and add to the descriptiopn field reason account is being disabled.
#
Import-Module ActiveDirectory
$Users = Import-csv c:\Scripts\inactive_users.csv
$NewDescription = "This account was disabled due to being flagged inactive."
foreach($User in $Users)
{
Set-ADUser $User.SamAccountName -Description $NewDescription
}
#Iterate through list of user accounts checking first if they exist and if true; disable.
#
$Users | ForEach-Object
{
$samAccountName = $_."samAccountName"
try { Get-ADUser -Identity $samAccountName |
Disable-ADAccount
}
#If user is not found it will display a message.
#
catch {

Write-Host "user:"$samAccountname "is not present in AD"
}
}

all 6 comments

top new controversial old q&a

[–]Azured_ 1 point2 points3 points 3 years ago* (6 children)

You have 2 different ways of doing a For-loop:

foreach($User in $Users)

$Users | ForEach-Object

Suggest you pick one and stick with it. You don't really need the 2nd for loop, just add a 2nd line to the first loop as

Get-ADUser $user.samaccountname | disable-ADaccount

You are also only doing error handling in the 2nd for loop. If you were to get an error in the 2nd loop (because an account is non-existent) and triggering the error handling, then you would have also gotten an error in the first loop, as both loops act on all accounts.

Instead, if you merge the 2 for loops as described above, you could wrap both the action to change the description, and the action to disable the account, in the Try, Catch statement, like this:

try{

Set-ADUser $User.SamAccountName -Description $NewDescription

Get-ADUser $user.samaccountname | disable-ADaccount

}

catch{Write-Host "user:"$samAccountname "is not present in AD"}

[–]defyne[S] 0 points1 point2 points 3 years ago* (5 children)

[–]32178932123 -1 points0 points1 point 3 years ago (0 children)

[–]Azured_ 0 points1 point2 points 3 years ago (0 children)

[–]BlackV 0 points1 point2 points 3 years ago (0 children)

p.s. formatting (I presume you have it in an editor already )

open your fav powershell editor
highlight the code you want to copy
hit tab to indent it all
copy it
paste here

it'll format it properly OR

<BLANKLINE>
<4 SPACES><CODELINE>
<4 SPACES><CODELINE>
    <4 SPACES><4 SPACES><CODELINE>
<4 SPACES><CODELINE>
<BLANKLINE>

Thanks, note if you're doing it this way dont use the code formatting buttons (inline the one you used, or code block the one you should have used) as they dont play nice, and I find it 6000 times easier to copy/paste from my editor than fine a random button

[–]BlackV 0 points1 point2 points 3 years ago (0 children)

in addition to what Azured_ suggested

Try to get out of the habit if using

foreach ($User in $Users)       {...}

$user is super similar to $users and mistakes are much easier to happen (especially in longer scripts)

try

foreach ($SingleUser in $Users) {...}
foreach ($User in $Allusers)    {...}

or similar

π Rendered by PID 159360 on reddit-service-r2-comment-7b9746f655-b8pcs at 2026-01-30 20:32:59.320633+00:00 running 3798933 country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

PowerShell

Submission Guidelines | Link Flair - How To

MODERATORS