Moving disabled users to a OU in the AD through Powershell by Exporting a .csv file

Question

The following are all my parameters in my .csv file.

last logon date, First name, Last name, Display name, User logon name, Account status, User principal name, Job Title, Department, Description, Office, Telephone number, E-mail, Mobile

I have a list of disabled users in a .csv file. I want to move them to a new OU which I have created for suspended users as part of tidying up the AD.

I found the following script for moving the disabled accounts using sAMAccountNames , but I don't have the sAMAccountNames in my parameter. Can I use the following script by by replacing the sAMAccountNames with anyone of the above parameters.

Can I use the following script by by replacing the sAMAccountNames with userlogon name, or user principal name or anyone of the parameters in the list. I don't want to user the paramenters which is not unique.

# Specify target OU.

$TargetOU = "ou=NewUsers,ou=West,dc=MyDomain,dc=com,dc=au"

# Read user sAMAccountNames from csv file (field labeled "Name").

Import-Csv -Path Users.csv | ForEach-Object {

# Retrieve DN of User.

$UserDN = (Get-ADUser -Identity $_.Name).distinguishedName

# Move user to target OU.

Move-ADObject -Identity $UserDN -TargetPath $TargetOU

}

# Read user LoginName (E-mail) from csv file (Label your fields Name and OU).
Import-Csv -Path "C:\---------------------------.csv " | ForEach-Object {
    # Retrieve DN of User, set target OU from list
    $UserDN = (Get-ADUser -Identity $_.E-mail).distinguishedName
    $TargetOU = $_.MoveTOOU
    # Move user to target OU.
    Move-ADObject -Identity $UserDN -TargetPath $TargetOU
}

This is the error that occurs:

Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null or an element of the 
argument collection contains a null value.
At line:7 char:37
+     $UserDN = (Get-ADUser -Identity $_.E-mail).distinguishedName
+                                     ~~~~
    + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser

I am getting the error when I use the email as the parameter.

Answer 1

In your case, looking at the fields you have in the CSV file, I would use the User principal name or E-mail field as these are unique in the domain.

Since you do not specify the target OU in the CSV, set it in a variable above the loop:

$TargetOU = 'OU=NewUsers,OU=West,DC=MyDomain,DC=com,DC=au'  # the DN of the OU to move the users to

Import-Csv -Path 'C:\Users\VedhaiyK\Desktop\HPA CleanUP\Upto2020OnlydisabledHPA.csv' | ForEach-Object {
    # Retrieve the UserPrincipalName from the CSV
    $userUPN = $_.'User principal name'
    # try and get an ADUser object using the UPN
    $User = Get-ADUser -Filter "UserPrincipalName -eq '$userUPN'" -ErrorAction SilentlyContinue
    if ($User) {
        # If found, move the user to the target OU.
        Move-ADObject -Identity $User.DistinguishedName -TargetPath $TargetOU
    }
    else {
        Write-Warning "User '$userUPN' does not exist"
    } 
}