Powershell Active Directory 脚本 - 通过更改显示名称批量禁用

Question

I am looking for assistance in creating/completing a Powershell script that grabs a user's samAccountName from a .csv file, disables that user in a specific domain, eg "foo.bar", and then prepends their AD display name with a single character. This is a bulk disable script, and it has to add that single character to the front/beginning of their display name.

What I have so far is:

Import-Module ActiveDirectory 

$Server = read-host "Enter Domain to query/domain controller" 

Import-Csv "C:\Temp\samAccountNames.csv" | ForEach-Object { 

     $samAccountName = $_."samAccountName" 

     Get-ADUser -Server $Server -Identity $samAccountName | Disable-ADAccount
} 

Now, what I need to do is to prepend the display name with the '#' character.

(eg "Doe, John" becomes "#Doe, John")

Answer 1

You need to check if the user can be found at all first, then update the displayname and disable the account

Import-Module ActiveDirectory 

$characterToPrepend = '#'  # the character you want to prepend the DisplayName with

$Server = Read-Host "Enter Domain to query/domain controller" 

Import-Csv "C:\Temp\samAccountNames.csv" | ForEach-Object { 
    $ADUser = Get-ADUser -Server $Server -Filter "SamAccountName -eq '$($_.samAccountName)'" -Properties DisplayName -ErrorAction SilentlyContinue
    if ($ADUser) {
        # test if the user is not already disabled
        if (!$ADUser.Enabled) {
            Write-Host "User '$($_.samAccountName)' is already disabled"
        }
        else {
            $newDisplayName = $characterToPrepend + $ADUser.DisplayName
            # set the new displayname and disable the user
            $ADUser | Set-ADUser -DisplayName $newDisplayName -Enabled $false
        }
    }
    else {
        Write-Warning "User '$($_.samAccountName)' does not exist"
    }
} 

^{I'm using -Filter to get the user rather than the -Identity parameter because the latter will throw an exception when a user with that SamAccountName could not be found}