[XtaZee]

Hi,
Looking for a script that enable or disable a user account via PowerShell v1

the script should be given 2 parameters username and state (enable/disable)

so far I have a little code that will search for the user in ldap

Code:

function get-dn ($SAMName)
{
 	$root = [ADSI]''
 	$searcher = new-object     System.DirectoryServices.DirectorySearcher($root)
	$searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMName))"
	$user = $searcher.findall()

	if ($user.count -gt 1)
      {     
            $count = 0
            foreach($i in $user)
            { 
			write-host $count ": " $i.path 
                  $count = $count + 1
            }

            $selection = Read-Host "Please select item: "

return $user[$selection].path

      }
      else
      { 
	  	return $user[0].path
      }
}

$Name = $args[0]
$path = get-dn $Name
"'" + $path + "'"

your 2 cents will be mostly welcome...

[XtaZee]

figured it out
here is the code:

Code:

 
function get-dn ($SAMName)
{
 	$root = [ADSI]''
 	$searcher = new-object     System.DirectoryServices.DirectorySearcher($root)
	$searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMName))"
	$user = $searcher.findall()

	if ($user.count -gt 1)
      {     
            $count = 0
            foreach($i in $user)
            { 
			write-host $count ": " $i.path 
                  $count = $count + 1
            }

            $selection = Read-Host "Please select item: "

return $user[$selection].path

      }
      else
      { 
	  	return $user[0].path
      }
}

$Name = $args[0]
$status = $args[1]
$path = get-dn $Name
"'" + $path + "'"  

if ($status -match "enable") 
	{
		# Enable the account
		$account=[ADSI]$path
		$account.psbase.invokeset("AccountDisabled", "False")
		$account.setinfo()
	}
else
	{
		# Disable the account
		$account=[ADSI]$path
		$account.psbase.invokeset("AccountDisabled", "True")
		$account.setinfo()
	}

[tonyyeb]

Thanks for posting the corrected code.

[58sniper]

I played around with this a little. I added some minor error checking in case no users are found, and added automatically hiding/showing in the Exchange Global Address List. Save it as Disable-User.ps1

Code:

# http://www.petri.co.il/forums/showthread.php?p=109975 
# usage: Disable-User [accountname] [enable/disable]

function get-dn ($SAMName)    {
    $root = [ADSI]''
     $searcher = new-object System.DirectoryServices.DirectorySearcher($root)
    $searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMName))"
    $user = $searcher.findall()

    if ($user.count -gt 1)      {     
            $count = 0
                foreach($i in $user)            { 
            write-host $count ": " $i.path 
                    $count = $count + 1
                }

            $selection = Read-Host "Please select item: "
        return $user[$selection].path

          }      else      { 
          return $user[0].path
          }
}

$Name = $args[0]
$status = $args[1]
$path = get-dn $Name

if ($path -ne $null)    {

    "'" + $path + "'"  
    if ($status -match "enable")     {
        # Enable the account
        $account=[ADSI]$path
        $account.psbase.invokeset("AccountDisabled", "False")
        $account.setinfo()
        Set-Mailbox "$Name" -HiddenFromAddressListsEnabled $False
    }    else    {
        # Disable the account
        $account=[ADSI]$path
        $account.psbase.invokeset("AccountDisabled", "True")
        $account.setinfo()
        Set-Mailbox "$Name" -HiddenFromAddressListsEnabled $True
    }
}    else    {
    write-host "No user account found!" -foregroundcolor white -backgroundcolor red
}

Quote:

Originally Posted by XtaZee

figured it out
here is the code:

Code:

 
function get-dn ($SAMName)
{
     $root = [ADSI]''
     $searcher = new-object     System.DirectoryServices.DirectorySearcher($root)
    $searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMName))"
    $user = $searcher.findall()

    if ($user.count -gt 1)
      {     
            $count = 0
            foreach($i in $user)
            { 
            write-host $count ": " $i.path 
                  $count = $count + 1
            }

            $selection = Read-Host "Please select item: "

return $user[$selection].path

      }
      else
      { 
          return $user[0].path
      }
}

$Name = $args[0]
$status = $args[1]
$path = get-dn $Name
"'" + $path + "'"  

if ($status -match "enable") 
    {
        # Enable the account
        $account=[ADSI]$path
        $account.psbase.invokeset("AccountDisabled", "False")
        $account.setinfo()
    }
else
    {
        # Disable the account
        $account=[ADSI]$path
        $account.psbase.invokeset("AccountDisabled", "True")
        $account.setinfo()
    }

[AndyJG247]

Much respect Pat

[58sniper]

I'd be willing to add more if anyone has requirements.

[apperrault]

This is exactly what i have been looking for. Is there any way to get it to read from a file? I have a list of about 40 users that i need to disable, and hide from Exchange in one fell swoop if possible. Having a script to do that would be ideal!!!

Thanks much

app

[Damianini]

There is an easier way to do this using quest active roles tool for active directory if your organization is a windows domain. It is a free download for your use and very powerful: http://www.quest.com/powershell/activeroles-server.aspx

This will need to be install wherever you are running your exchange tasks from. I run all this from my local system. I have powershell, quest active roles for powershell and the exchange managment console. Mostly everyone managing exchange 2007 already has 2 of these items installed.

There are two scripts below. The top one asks you the samaccountname of the user and then takes that name hides it from the address list and disables the user. The second script imports a csv file using the samaccount names of the individuals then goes through each user setting their GAL setting and disabling. Enjoy!

#Two Scripts- Contents of script between pound sign
################################################## ##############
#Single User

Add-PSSnapin Quest.ActiveRoles*
Add-PSSnapin Microsoft.Exchange*

$samaccountName = Read-Host "What is the shortname of the person you want to disable?"

Set-Mailbox $samaccountName -HiddenFromAddressListsEnabled $true
Disable-QADUser $samaccountName

################################################## ###############
#CSV file for importing.
#CSV file in the following format -Header Row !!!!!Make sure there are no empty carriage returns at the end of your csv otherwise it will throw an error
#Name
#John
#Mike
#Louie

Add-PSSnapin Quest.ActiveRoles*
Add-PSSnapin Microsoft.Exchange*

Import-Csv C:\New.txt | foreach {
Set-Mailbox $_.Name -HiddenFromAddressListsEnabled $true
Disable-QADUser $_.Name
}
################################################## ###############

If you want to make either one of these a function simply wrap in a function like this:

Function DisableUser ($samaccountname) {
Enter either script here
}

The add-pssnapin is for adding those modules to powershell. If you launch powershell by start--programs--WindowsPowershell this works. If you launch the exchange powershell managment console it will not without an error.

Viola....Enjoy!

[shiapi]

amn a v.new user of powershell but the bellow solution is what i have actually been looking for. pls can any one help with the finished codes using a double domain structure and multiple users in an OU. cheers