Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET

Alert if user is disabled in AD

Home Forums Scripting PowerShell Alert if user is disabled in AD

Tagged: 

Viewing 1 post (of 1 total)
  • Author
    Posts

  • CaTBuS
    Member
    #615599

    I manage a small app with about 60 users, all managed internally. Because I don’t get alerts when users become “inactive” (quit, terminated, etc.), I wrote the below script to ensure users are deleted when they leave. The script a list of user id’s from a text file and 3 AD groups then does a compare. If there is a change, meaning one of the users is no longer in one of the three specified groups; an email is sent out and I know to delete them from the system. Here is my current script:

    $scriptDir = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent
    $base = Get-Content $scriptDir\Users.txt
    $groups = @("Corp_Employees","Corp_Contractors","Corp_Interns")
    
    foreach ($g in $groups) { 
       $diff += (Get-ADGroupMember -Identity $g).sAMAccountName
    } 
       
    $result = (Compare-Object -ReferenceObject $base -DifferenceObject $diff | Where-Object {$_.SideIndicator -eq "<="} | Select-Object -ExpandProperty InputObject) -join ", " 
    
    If ($result) { 
       $tolist = [email protected], [email protected] 
       $subject = "Alert - User Account Flagged" 
       $body = "Attention, nn The following users were not found in Active Directory: $result nn Please verify employment status and remove access if necessary." 
       Send-MailMessage -From [email protected] -To $tolist   -SmtpServer smtp.company.com -Subject $subject -Body $body -Priority High 
    } 
    Exit 
    

    Since writing this code, I’ve discovered the cmdlet, (Get-ADUser -Identity $user).Enabled

    I’m trying to modify the code above so for each user in the list, it checks if the “Enabled” status is true or false, if false; the users get sent to me via email. I’ve tried a bunch of things but can’t figure it out. I would appreciate any feedback/ideas.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: