Script Repository

Active, disabled and expired users with specific Employee Type

September 16, 2015

The script emails an HTML report containing users with a specific value of the Employee Type attribute of their accounts. 3 separate tables are created for active, expired and disabled users.

Note: The script uses the $Context variable available on the server side only. This means that the script can be executed only by Business Rules, Custom Commands, and Scheduled Tasks. For example, to schedule the report, you can create a Scheduled Task configured for the Domain-DNS object type. To add the script to a Scheduled Task, use the Run a program or PowerShell script action.


  • $employeeType - specifies the value of the Employee Type property of users included in the report;
  • $domain - specifies the fully qualified domain name (FQDN) of the AD domain to look in;
  • $reportProperties - specifies the properties of the user accounts to include in the report;
  • $to - specifies email addresses of the recipient(s) of the report;
  • $subject - specifies the email message subject;
  • $reportHeader - specifies the email message header;
  • $reportFooter - specifies the email message footer;
  • $tableHeader - specifies the header for tables with the report entries.
Edit Remove
Import-Module Adaxes

$employeeType = "extSharePoint" # TODO: modify me
$domain = "" # TODO: modify me
$reportProperties = @("accountExpirationDate", "accountExpires","company", "displayName", "mail", 
    "telephoneNumber", "mobile", "title", "adm-CustomAttributeText10", "adm-CustomAttributeText11", 
    "adm-CustomAttributeText12", "whenCreated", "whenChanged") # TODO: modify me

# Email message settings
$to = "" # TODO: modify me
$subject = "List of users in $domain" # TODO: modify me
$reportHeader = "<h3><b>List of users in $domain</b></h3><br/>" # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me
$tableHeader = @"
<table border="1">
        <th>Company Name</th>
        <th>Name (DisplayName)</th>
        <th>Email address</th>
        <th>User expiration date</th>
        <th>Created Date</th>
        <th>Modified Date</th>
"@ # TODO: modify me

$members = Get-AdmUser -Filter 'employeeType -like $employeeType' -AdaxesService localhost -Server $domain `
    -Properties $reportProperties

# Create HTML tables for active, disabled and expired accounts
$activeAccounts = "<b>Active Accounts</b><br/>$tableHeader"
$disabledAccounts = "<b>Disabled Accounts</b><br/>$tableHeader"
$expiredAccounts = "<b>Expired Accounts</b><br/>$tableHeader"

# Find users
$currentDate = Get-Date
foreach ($member in $members)
    # Parse the Account Expires property
    $accountExpired = $False
    switch ($member.accountExpires)
            $expirationDate = "never"
            $expirationDate = "unspecified"
            $expirationDate = $member.AccountExpirationDate
            if ([datetime]$expirationDate -lt $currentDate)
                $accountExpired = $True
    # Create table entry for user
    $tableEntry = "<tr valign='top'><td>$($</td><td>$($member.Name) ($($member.displayName))</td>
    # Add user to appropriate table
    if (!$member.Enabled)
        $disabledAccounts += $tableEntry
    elseif ($accountExpired)
        $expiredAccounts += $tableEntry
        $activeAccounts += $tableEntry

# Build report
$disabledAccounts += "</table></br>"
$expiredAccounts += "</table></br>"
$activeAccounts += "</table></br>"
$htmlBody = $reportHeader + $activeAccounts + $expiredAccounts + $disabledAccounts + $reportFooter

# Send mail
$Context.SendMail($to, $subject, $NULL, $htmlBody)

Comments ( 0 )
No results found.
Leave a comment