Script Repository

Users whose AD attribute is blank

April 24, 2018

The script creates and emails a list of all users who don't have a certain AD attribute set.

To generate a list upon request, you can create a Custom Command that runs the script. To schedule generation of such lists, you need to create a Scheduled Task. When creating a Custom Command or a Scheduled Task, configure it to be executed on the type of Active Directory objects in which you want to search for users. For example, if you want to search for users located in an Organizational Unit, configure a command or task for the Organizational Unit objects, and execute them on the OU you need.

To add the script to a Custom Command or Scheduled Task, use the Run a program or PowerShell script action.


  • $attributeName - specifies the LDAP name of the property that will be checked;
  • $to - specifies email addresses of the recipient(s) of the report;
    You can use value references in the addresses. For example, if you specify %adm-InitiatorEmail%, the report will be sent to the user who executes the Custom Command.
  • $subject - specifies the email message subject;
  • $reportHeader - specifies the email message header;
  • $table - specifies a header for the HTML table that the report consists of;
  • $reportFooter - specifies the email message footer.
Edit Remove
$attributeName = "employeeID" # TODO: modify me

# Email message settings
$to = "%adm-InitiatorEmail%" # TODO: modify me
$subject = "Users whose '$attributeName' attribute is empty" # TODO: modify me
$reportHeader = "<h1><b>Users whose '$attributeName' attribute is empty</b></h1><br/>" # TODO: modify me
$table = @"
<table border="1">
        <th>Full name</th>
        <th>Logon name</th>
"@ # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

# Search all users in the target object whose attribute is empty
$searcher = $Context.TargetObject
$searcher.PageSize = 500
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchFilter = "(&(sAMAccountType=805306368)(!($attributeName=*)))"

    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()
    # Build report
    if ($searchResults.Length -eq 0)
        $html = $reportHeader + "<b>No users found</b>" + $reportFooter
        foreach ($searchResult in $searchResults) 
            # Add users to report
            $table += "<tr><td>" + $searchResult.Properties["cn"].Value + "</td>"
            $table += "<td>" + $searchResult.Properties["userPrincipalName"].Value + "</td>"

        $html = $reportHeader + $table + "</table>" + $reportFooter

    # Release resources
    if ($searchResultIterator) { $searchResultIterator.Dispose() }

# Send mail
$Context.SendMail($to, $subject, $NULL, $html)

Comments ( 0 )
No results found.
Leave a comment