Powershell Script Help - AD modules

jacobdurham · 2017-08-07T13:00:12.000Z

Hey all,

I’m trying to use the script to take a list of terminated employees and disabled them/remove them from all groups. It’s not working.

I’m not sure why. The error I’m getting is cannot validate argument on parameter “Identity.”

Any help is appreciated.

$csvFile = "pathtocsv.xlsx"
$disabledUsersOU = "OU=Disabled Users,DC=internal,DC=contoso,DC=com"

Import-Csv $csvFile | ForEach-Object {
	# Disable the account
	Disable-ADAccount -Identity $_.UserName
	# Retrieve the user object and MemberOf property
	$user = Get-ADUser -Identity $_.UserName -Properties MemberOf
	# Move user object to disabled users OU
	$user | Move-ADObject -TargetPath $disabledUsersOU
	# Remove all group memberships (will leave Domain Users as this is NOT in the MemberOf property returned by Get-ADUser)
	foreach ($group in ($user | Select-Object -ExpandProperty MemberOf))
	{
		Remove-ADGroupMember -Identity $group -Members $user
	}
    
}

jacobdurham · 2017-08-07T13:04:29.000Z

Forgot to save it as a CSV.

Evan7191 · 2017-08-07T13:04:57.000Z

What is the exact error message that you get? The error message usually will list the line in the script where the error occurred. That will tell you which command had the error.

What does the formatting of your csv file look like? Does the csv file have headers?

DoctorDNS · 2017-08-07T13:05:47.000Z

It sounds like $group is invalid.

jacobdurham · 2017-08-07T13:07:18.000Z

It was grabbing info from the .xlsx instead of the .csv.

Rookie move.

DoctorDNS · 2017-08-07T13:09:10.000Z

That might be why $group was invalid. But I do not see where you set $group - did you mean $_.group?

Evan7191 · 2017-08-07T13:15:56.000Z

tfl:

That might be why $group was invalid. But I do not see where you set $group - did you mean $_.group?

It looks like he set $group dynamically in the ForEach loop:

foreach ($group in ($user | Select-Object -ExpandProperty MemberOf))