This is part of my ‘Finding all Disabled users in AD’ from an earlier post. The backstory is, I used some powershell to import about 1100 dummy users into a newly created AD.

Out of 1100 users, 300+ became disabled due to non-compliant passwords (too short, didn’t meet requirements). My end goal was to have all disabled users re-enabled, which meant I had to give them all proper passwords. In the meantime, I decided to create this script to move all disabled users into a separate OU.

The steps for this script are pretty simple:

  • 1. Create a list of all the disabled users (done in last post)
  • 2. Export list of disabled users, taking all the unique values (samAccountName) into .CSV Format (done in last post)
  • 3. Retrieving the list with powershell, and moving all the users in the CSV list into another AD OU container

This does of course require a list of users in CSV format, just SamAccountName since each user has as unique value.

like so:

SamAccountName
“Codie.Youthead”
“Bellina.Kobierski”
“Melitta.Marcum”
“Marietta.Caverhill”
Sample CSV file contents

Now the code:

import-module ActiveDirectory
#Store CSV into $Movelist variable
$MoveList = Import-Csv -Path "C:\Path_AD_users_to_move.csv"

#Specify target OU to move users in that CSV file
$TargetOU = "OU=Disabled-Users,OU=contoso,DC=contonso,DC=org"

#Import the data from CSV file and assign it to variable 
$Imported_csv = Import-Csv -Path "C:\C:\Path_AD_users_to_move.csv"

$Imported_csv | ForEach-Object {
     # Retrieve Distinguised Name of Users
     $UserDN  = (Get-ADUser -Identity $_.SamAccountName).distinguishedName
     Write-Host " Moving Accounts ..... "
     # Move user to target OU.
     Move-ADObject  -Identity $UserDN -TargetPath $TargetOU #-Whatif
     
 }
 Write-Host " Completed move " 
 $total = ($MoveList).count
 $total
 Write-Host "Accounts have been moved successfully..."

Showing the Results

Typically, Get-ADUser relies on the -DistinguishedName Property. Which really is quite long, and not entirely human readable. Sample code which works, but not in a very pretty manner:


Get-ADUser -Filter * -Properties * | select samaccountname,DistinguishedName|sort-object -descending DistinguishedName

Not really the best use of screen real estate

The distinguishename property by itself is a string, separated by a comma “,”. Which means, we can actually split the contents by still using one line of code within powershell. Like so:


Get-ADUser -filter * -Properties samaccountname,distinguishedname | select samaccountname, @{l='OU';e={$_.DistinguishedName.split(',')[1].split('=')[1]}}

Results show like so:

I can’t seem to get the sort-object code to sort by distinguishedname. If someone out there knows how, I’d be happy to include it in here.