Powershell - match with Containskey & set value of hashtable don't work -

i working on script richard l. mueller disable inactive account in our ad.

trap {"error: $_"; break;}  $d = [system.directoryservices.activedirectory.domain]::getcurrentdomain() $domain = [adsi]"ldap://$d" $searcher = new-object system.directoryservices.directorysearcher $searcher.pagesize = 200 $searcher.searchscope = "subtree"  $searcher.filter = "(&(objectcategory=person)(objectclass=user))" $searcher.propertiestoload.add("samaccountname") > $null $searcher.propertiestoload.add("lastlogon") > $null $searcher.propertiestoload.add("accountexpires") > $null  # create hash table of users , last logon dates. $arrusers = @{}  # enumerate domain controllers. foreach ($dc in $d.domaincontrollers)     { $server = $dc.name $searcher.searchroot = "ldap://$server/" + $domain.distinguishedname  $results = $searcher.findall() #$results[100].properties.item("samaccountname") #$results[100].properties.item("lastlogon") foreach ($result in $results)     {         $dn = $result.properties.item("samaccountname")         $ll = $result.properties.item("lastlogon")         if ($ll.count -eq 0)         {             $last = [datetime]0         }         else         {             $last = [datetime]$ll.item(0)         }         if ($last -eq 0)         {             $lastlogon = $last.addyears(1600)         }         else         {             $lastlogon = $last.addyears(1600).tolocaltime()         }         if ($arrusers.containskey("$dn"))         {             if ($lastlogon -gt $arrusers["$dn"])             {                 $arrusers["$dn"] = $lastlogon             }         }         else         {             $arrusers.add("$dn", $lastlogon)         }     } } 

now have updated lastlogon date of ad users.

then do:

foreach ($ou in $searchroot) { $inactiveusers += @(get-qaduser -searchroot $ou -enabled -passwordneverexpires:$false -createdbefore $creationcutoff -sizelimit $sizelimit | select-object name,samaccountname,lastlogontimestamp,description,passwordneverexpires,canonicalname | sort-object name) } 

i not use disable id because lastlogontimestamp has delay being updated 9-14 days. , real last logon date in $arrusers, replace lastlogontimestamp it. want match them using user id:

foreach ($inuser in $inactiveusers) {     if ($arrusers.containskey("$inuser.samaccountname"))         {         write-host "true"         $inuser.lastlogontimestamp = $arrusers["$inuser.samaccountname"]         $inuser.lastlogontimestamp = $inuser.lastlogontimestamp.adddays(30)         if ((get-date) -gt $inuser.lastlogontimestamp)             {             write-host $inuser.samaccountname "should disabled"             }         else             {             write-host $inuser.samaccountname "is still active"             }          }     }     else     {     write-host "false"     } 

i have 2 problems here.

1. first "if ($arrusers.containskey("$inuser.samaccountname"))" doesn't seems working. false result.
2. second, replace lastlogontimestamp using "$inuser.lastlogontimestamp = $arrusers["$inuser.samaccountname"]", lastlogontimestamp become blank.

could able provide assistants?

you're not using variable expansion correctly. object properties aren't expanded, this

"$inuser.samaccountname" 

is actually:

$inuser.tostring() + ".samaccountname" 

to expand expression in string, must surround $(), e.g.

"$($inuser.samaccountname)" 

in case, however, don't need that. leave quotes out entirely:

$arrusers[$dn] $arrusers.containskey($inuser.samaccountname) 

see about_quoting_rules topic details.