Get-ADuser脚本问题

Question

I would like to compare a list of email addresses that I have in a CSV file against our Active Directory. I am having difficulties with putting all the pieces together.

Psuedo-Code:

• Import list of email addresses into a query of my company's active directory.
• Join on the email address.
• Return only those records where the account is enabled in AD.

Code:

Import-Csv users.csv |
     Get-ADUser -Filter {mail -eq $_.mail } |
     where {$_.enabled -eq $true} |
     Select-Object -Property DistinguishedName, samaccountname, mail, enabled

I think I need to add additional information for the SearchBase, but I can't figure out how to add it.

eg: -SearchBase "DC=na,DC=corp,DC=<company name>,DC=com"

In the CSV file is one column. Column name is mail. AD attribute I am trying to do a join on is mail.

Answer 1

You could store the csv import in one variable, and a Get of all the email addresses in AD you have, use Compare-Object between the lists, then use foreach against the result.

$matchingUsers = New-Object System.Collections.ArrayList
$csv = import-csv users.csv 
$emails = $(get-aduser -filter * -Properties mail,Enabled | ? {$_.Enabled -eq $True} | select mail).mail
$comparison = $($(compare-object -ReferenceObject $a -DifferenceObject $b -IncludeEqual)| ? {$_.SideIndicator -eq '=='}).InputObject
foreach($object in $comparison) {
     $user = Get-ADUser -Filter {mail -eq $object} -SearchBase "DC=na,DC=corp,DC=,DC=com" -Properties DistinguishedName,samaccountname,mail,enabled
     $matchingUsers.Add($user)
}

Then export $matchingUsers , format to a table, whatever you need after that

Answer 2

To streamline or shorten trebleCode's suggestion a little bit you could start with something like this:

$MailAddressList = Import-Csv -Path users.csv
$AllUsersList = Get-ADUser -Filter * -SearchBase 'DC=na,DC=corp,DC=,DC=com' -Properties DistinguishedName,samaccountname,mail,enabled | Where-Object {$_.enabled}
Compare-Object -ReferenceObject $MailAddressList -DifferenceObject $AllUsersList -Property 'Mail' -PassThru -IncludeEqual -ExcludeDifferent

You can exchange the -ReferenceObject with the -DifferenceObject if needed. I don't have an Active Directory at the moment to test.

Answer 3

Get the csv emails as an array of strings ($array). Select -expand is your friend.

Grab users from AD, pipe to foreach-object, and ask if $array.Contains(the email address property of the piped in object).

How you process the result of that conditional is up to you; many ways to handle it. But you need to see a no-nonsense way to get what you're asking, and that's what I provided.

Answer 4

I would probably do something like this:

# enter the DistinghuishedName of the OU where the users to check are in
$SearchBase = 'DC=na,DC=corp,DC=,DC=com'
$CsvPath    = 'PATH TO THE USERS.CSV FILE'

$UserList   = Import-Csv -Path $CsvPath
# for fast lookup, best use a Hashtable
$MailLookup = @{}
foreach ($user in $UserList) {
    $MailLookup[$user.mail] = $true   # the value is not important here
}

# in fact, the properties DistinguishedName,SamAccountName and Enabled are returned by default
Get-ADUser -Filter * -SearchBase $SearchBase -Properties DistinguishedName,SamAccountName,EmailAddress,Enabled | 
     Where-Object {$_.Enabled -and $MailLookup.ContainsKey($_.EmailAddress) }

Hope this helps