Hello,
I'm trying to write a script that will find all of the expired and disabled AD accounts. So far I have that part working in my script.
The second part of the script needs to look at the extensionAttribute8 and see what the value is. If the value equals 1, 2, 3, or 51 then change it to equal 4. If there is any other value or if the value is blank, skip over it. This is the part of the script that I just can't seem to wrap my head around.
Here's my script:
# This variable finds all disabled and expired AD accounts.
$ExpiredUsers = Get-ADUser -filter {(Enabled -eq $False) -or (AccountExpired -eq $True)}
# This variable gets the extensionAttribute8 value
$GetAttribute = Get-ADUser -filter extensionAttribute8="*"
If (($ExpiredUsers -eq $true) -and ($GetAttribute -eq ((extensionAttribute8=1) -or (extensionAttribute8=2) -or (extensionAttribute8=3) -or (extensionAttribute8=51))))
{
ForEach-Object {Set-ADObject -replace @{"extensionAttibute8"="4"}}
}
I'm very new to Powershell so please go easy on me.
Thanks!
Kelly