The Multifunctioning DBA

Sep 24 2009   8:30PM GMT

AD Audit in Powershell Script Part 3

Colin Smith Colin Smith Profile: Colin Smith

Now that we have the main part of the script setup it is time to look at the first function that we call. This is the Get_users function. Now this function gets a listing of all the DC’s and does a get-qaduser on all of them looking at the lastlogon property to determine what DC has the latest information on that user object. It will then use that DC to write that users information out the the file for me.

function get_users { foreach($company in $companies) { #Echo "Company is $company" Clear-Content "c:\90-180\$company.csv" Clear-Content "c:\90-180\$company.disabled.txt" echo "enabled, LogonName, firstname, lastname, dn, lastlogon, createddate" >> "c:\90-180\$company.csv" $dcs = Get-QADComputer -ComputerRole DomainController $users = Get-QADUser -SizeLimit 0 -searchroot "$company/Users" | where{(($_.dn -notlike "*disabled*") -and ($_.dn -notlike "*Generic*") -and ($_.dn -notlike "*Vendors*") -and ($_.dn -notlike "*mail-in*") -and ($_.dn -notlike "*shared calendars*"))} foreach($user in $users) { $lastlogon = $null foreach($dc in $dcs) { $dclogon = Get-QADUser -Service $dc.Name -SamAccountName $user.samaccountname | select lastlogon $dclogon = $dclogon.lastlogon.value if ($dclogon -ne $null) { if($lastlogon -lt $dclogon) { $lastlogon = $dclogon } } } if ($lastlogon -eq $Null) { $lastlogon = [datetime]::Now.AddDays(-500000) } $o = New-Object PSObject $o | Add-Member NoteProperty "User" $user.Name $o | Add-Member NoteProperty "LastLogin" $lastlogon $o | Add-Member NoteProperty "DisplayName" $user.DisplayName $o | Add-Member NoteProperty "Disabled" $user.accountisdisabled $o | Add-Member NoteProperty "DistinguishedName" $user.DN $o | Add-Member NoteProperty "Created" $user.CreationDate $o | Add-Member NoteProperty "SamAccountName" $user.SamAccountName $o | Add-Member NoteProperty "LastName" $user.LastName $o | Add-Member NoteProperty "FirstName" $user.FirstName if($o.disabled -eq "False") { $enabled = "DISABLED"} else { $enabled = "ENABLED"} $Fname = $o.FirstName $lname = $o.LastName $lastlogon = $o.LastLogin $created = $o.Created $samname = $o.samaccountname $dn = $o.DistinguishedName $dn = $dn.replace(",", ":") echo "$enabled, $samname, $fname, $lname, $DN, $lastlogon, $created" >> "c:\90-180\$company.csv" } } }

So lets break this down a bit and if you need more explanation just let me know.
Like I said in Part 2 I have multiple companies that are designated by OU’s in the forest. That is why you see the foreach loop. I am breaking it down by company. You do not have to do this if you do not need to.
Now I loop thru and get user info from all DC’s and determine what info to use. You will also notice that I have a
if ($lastlogon -eq $null){$lastlogon = [datetime]::now.adddays(-50000)}
That is so that when I compare to the lastlogon time if the user has never logged on I still get a date but it is a date that will always be less than my 90 or 180 day criteria.
Then I create a new-psobject and define all the fields that I want each object to have. Then I write that out to a csv file. You will notice that I am doing a replace on the DN field. That is because I want to use a csv file and if that field has items separated by commas it will mess things up when I import-csv that file later.

Well that is it for now. Until next time….

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • RobDolfijn
    Hi Colin, This is just what I need so I'm looking forward to the whole script! I'm getting stuc on Get_Users because it is not recognized as a cmdlet, please help me?
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: