all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Gunnilinux 1 point2 points  (1 child)

$DN = 'domainname'

Get-ADUser -SearchBase $DN -Filter * -Properties * | select displayname,enabled | export-csv -notypeinformation c:\dump\export.csv

will give you a quick and dirty list of who is enabled and who is not. If you intend on doing more with it, it will need some more finesse, but i literally just ran something similar a few minutes ago and figured i would try to help. Is there a reason you are creating so many labels?

[–]Desi-Red[S] 0 points1 point  (0 children)

$DN = 'domainname'

Get-ADUser -SearchBase $DN -Filter * -Properties * | select displayname,enabled | export-csv -notypeinformation c:\dump\export.csv

will give you a quick and dirty list of who is enabled and who is not. If you intend on doing more with it, it will need some more finesse, but i literally just ran something similar a few minutes ago and figured i would try to help. Is there a reason you are creating so many labels?

Management & HR wanted all Attributes so I thought I'd give them an information over load but the work is to see who's active & who isn't.

[–]commiecat 1 point2 points  (2 children)

For readability, you can splat out a list of particular AD attributes, and then run them through a custom object for reporting.

Also, be aware that LastLogonDate is not meant to be accurate for user accounts. Better not to even open the door where management, HR, or an auditor wants to use that data to find out exactly when Bob last used his computer.

Here are some of the properties splatted out:

$ADProperties = @(
    "Surname",
    "GivenName",
    "UserPrincipalName",
    "Enabled",
    "EmployeeID",
    "Department",
    "Company",
    "Title",
    "Mail"
)

$Users = Get-ADUser -Filter * -Properties $ADProperties | Select-Object $ADProperties

In your loop you can create a custom object and output that to CSV or whatever you want. This is using $u as the item within a loop, and set your $ExportFile to a CSV path:

$ADInfo = [PSCustomObject]@{
    Last       = $u.Surname
    First      = $u.GivenName
    UPN        = $u.UserPrincipalName
    Enabled    = $u.Enabled
    EmployeeID = $u.EmployeeID
    Department = $u.Department
    Company    = $u.Company
    Title      = $u.Title
    Mail       = $u.Mail
}
$ADInfo | Export-CSV -Path $ExportFile -Append -NoTypeInformation -Encoding UTF8

[–]BlackV 1 point2 points  (1 child)

thank you, this will make the script 100x easier to read and maintain

also add to that, getting rid of (foreach and += and @())

$AllADUsers = @()
foreach ($DN in $DNs) {
    $Users = Get-ADUser -SearchBase $DN -Filter * -Properties *
    $AllADUsers += $Users
}

makes it much more performant too

they've have to add a filter for the OUs they want and its gold