Export list of AD Users account NOT in certain OU with specific criteria?

Ask your Windows PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
ITEngineer
Posts: 171
Joined: Wed Oct 12, 2011 10:52 am

Export list of AD Users account NOT in certain OU with specific criteria?

Post by ITEngineer » Sun Oct 13, 2019 11:42 pm

Hi All,

I need some help in modifying the AD OU filter belowto exclude the AD User accounts that are located in those OU in the lists.
This is the script that I have tried with, but the result is always containing User accounts in those OU.

Code: Select all

$filter = "(Enabled -eq 'true') -and ((mail -notlike '*') -or (company -notlike '*') -or (l -notlike '*') -or (physicalDeliveryOfficeName -notlike '*') -or (title -notlike '*') -or ( (telephoneNumber -notlike '*') -and (mobile -notlike '*')) )"
$properties = @('mail', 'physicalDeliveryOfficeName', 'Company', 'DisplayName', 'title', 'SamAccountName', 'CanonicalName', 'lastlogondate', 'mobile', 'telephoneNumber','l','Whencreated')
$domainDN = (Get-ADDomain).DistinguishedName

$excludeOUs = @(
	'OU=Disabled Users,DC=GlobalCorp,DC=com'
	'OU=GlobalCorp Testing,DC=GlobalCorp,DC=com'
	'OU=Admin Accounts,OU=GlobalCorp Global,DC=GlobalCorp,DC=com'
	'OU=Service Accounts,OU=GlobalCorp Global,DC=GlobalCorp,DC=com'
	'OU=Shared Mailboxes,OU=GlobalCorp Global,DC=GlobalCorp,DC=com'
)

Get-ADUser -Filter $filter -Properties $properties -SearchBase $domainDN |
	Select-Object -Property `
		DisplayName,
		Company,
		Title,
		TelephoneNumber,
		Mobile,
		PhysicalDeliveryOfficeName,
		SamAccountName,
		Mail,
		@{n = "OU"; e = { $_.CanonicalName.Remove($_.CanonicalName.LastIndexOf($_.Name) - 1) } },
		@{n = 'CN'; e = { Split-Path $_.CanonicalName -Parent } },
		@{n = 'ParentContainer'; e = { $_.DistinguishedName -replace '^CN=.*?(?=CN|OU)' } },
		LastLogondate,
		WhenCreated |
	Where-Object {
		($excludeOUs -notcontains $_.ParentContainer) -and
        ($_.SamAccountName -notmatch '^(Temp|Kiosk|HealthMailbox|SVC|Test|admin|\$') -and
        ($_.DisplayName -notmatch 'Admin|Calendar|Room')
	} |
	ConvertTo-HTML | Set-Variable HTMLBody

Send-MailMessage -SmtpServer SMTP.GlobalCo.com -From "$env:COMPUTERNAME@$env:userdnsdomain" -To Admin@MSP.com -Subject "AD User Incomplete report as at $((Get-Date).ToString('dd-MM-yyyy'))" -Body ($HTMLBody -join '`n') -BodyAsHTML
Any help would be greatly appreciated.

Thank you in advance.
/* IT Engineer */

jvierra
Posts: 14009
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Export list of AD Users account NOT in certain OU with specific criteria?

Post by jvierra » Sun Oct 13, 2019 11:55 pm

Here is a simple trick to get only OU not in a collection

Code: Select all

Get-AdOrganizationalUnit  -Filter * -SearchScope Base|
	Where-Object{$_.Distinguishedname -notin $excludeOUs } |
	Get-AdUser -Filter $filter -properties $properties |
	.... etc ...

jvierra
Posts: 14009
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Export list of AD Users account NOT in certain OU with specific criteria?

Post by jvierra » Mon Oct 14, 2019 12:48 am

Here is the best way to get users and exclude OUs.

Code: Select all

Get-AdOrganizationalUnit  -Filter *  -pipeline OU|
	Where-Object{$_.Distinguishedname -notin $excludeOUs } |
	ForEach-Object{
		Get-ChildItem -Path ('AD:\' + $_.DistinguishedName) -Filter '(&(objectClass=User)(!objectClass=computer))'
	} | 
	Select-Object name,@{n='ou';e={$ou}}

User avatar
ITEngineer
Posts: 171
Joined: Wed Oct 12, 2011 10:52 am

Re: Export list of AD Users account NOT in certain OU with specific criteria?

Post by ITEngineer » Mon Oct 14, 2019 10:09 pm

Thanks for the suggestion Mr Vierra,

Each smaller sub-company has its own Service Account, meeting rooms, SharedMailboxes.
'OU=GlobalCorp Testing,DC=GlobalCorp,DC=com',
'OU=HeadOffice,OU=Shared Mailboxes,DC=GlobalCorp,DC=com',

'OU=Branch1,OU=Shared Mailboxes,DC=GlobalCorp,DC=com',
'OU=Branch2,OU=Shared Mailboxes,DC=GlobalCorp,DC=com',
'OU=Branch3,OU=Shared Mailboxes,DC=GlobalCorp,DC=com',

'OU=Service Accounts,DC=GlobalCorp,DC=com',
'OU=Service Accounts,OU=Users,OU=Branch1,DC=GlobalCorp,DC=com',
'OU=Service Accounts,OU=Users,OU=Branch2,DC=GlobalCorp,DC=com',
'OU=Service Accounts,OU=Users,OU=Branch3,DC=GlobalCorp,DC=com',

'OU=Administrative Accounts,DC=GlobalCorp,DC=com',
'OU=Developer Accounts,DC=GlobalCorp,DC=com',
'OU=Disabled Users,DC=GlobalCorp,DC=com',
'OU=Domain Admin Accounts,DC=GlobalCorp,DC=com',
'OU=External Service Accounts,DC=GlobalCorp,DC=com'
Therefore the OU name is sometimes bit confusing to filter with PowerShell.
/* IT Engineer */

jvierra
Posts: 14009
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Export list of AD Users account NOT in certain OU with specific criteria?

Post by jvierra » Mon Oct 14, 2019 11:11 pm

Any OU DN in the restricted list will be ignored. You have to take the time to understand the code and the method. Beyond that we cannot possibly help you.

User avatar
ITEngineer
Posts: 171
Joined: Wed Oct 12, 2011 10:52 am

Re: Export list of AD Users account NOT in certain OU with specific criteria?

Post by ITEngineer » Mon Oct 14, 2019 11:35 pm

jvierra wrote:
Mon Oct 14, 2019 12:48 am
Here is the best way to get users and exclude OUs.

Code: Select all

Get-AdOrganizationalUnit  -Filter *  -pipeline OU|
	Where-Object{$_.Distinguishedname -notin $excludeOUs } |
	ForEach-Object{
		Get-ChildItem -Path ('AD:\' + $_.DistinguishedName) -Filter '(&(objectClass=User)(!objectClass=computer))'
	} | 
	Select-Object name,@{n='ou';e={$ou}}
Thanks Mr. Vierra. :D
/* IT Engineer */

Locked