The script can be used to generate a report that will include disabled user accounts that are managers of enabled user accounts. For information on creating reports, see the Create Report tutorial.
PowerShell
$Context.DirectorySearcher.AppendFilter("(&(sAMAccountType=805306368)(directReports=*)(userAccountControl:1.2.840.113556.1.4.803:=2))")
$Context.DirectorySearcher.SearchParameters.PropertiesToLoad.Add("distinguishedName")
try
{
$searchIterator = $Context.DirectorySearcher.ExecuteSearch()
$managerDNToSearchResult = @{}
while ($Context.MoveNext($searchIterator))
{
$searchResult = $searchIterator.Current
$managerDNToSearchResult.Add($searchResult.GetPropertyByName("distinguishedName").Values[0], $searchResult)
}
}
finally
{
# Release resources
if ($searchIterator) { $searchIterator.Dispose() }
}
# Search parameters
$searcher = New-Object Softerra.Adaxes.Adsi.Search.DirectorySearcher $NULL, $False
$searcher.VirtualRoot = $True
$searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SearchParameters.Filter = "(&(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(manager=*))"
$searcher.SearchParameters.PageSize = 500
$searcher.SetPropertiesToLoad(@("manager"))
try
{
# Execute search
$searchIterator = $searcher.ExecuteSearch()
while ($Context.MoveNext($searchIterator))
{
$searchResult = $searchIterator.Current
$managerDN = $searchResult.GetPropertyByName("manager").Values[0]
if ($managerDNToSearchResult.ContainsKey($managerDN))
{
$managerSearchResult = $managerDNToSearchResult[$managerDN]
$managerDNToSearchResult.Remove($managerDN)
$Context.Items.Add($managerSearchResult)
}
}
}
finally
{
# Release resources
if ($searchIterator) { $searchIterator.Dispose() }
}