Filtering Enabled only Get-ADObject to with specific patterns and OU?

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
ITEngineer
Posts: 210
Joined: Wed Oct 12, 2011 10:52 am

Filtering Enabled only Get-ADObject to with specific patterns and OU?

Post by ITEngineer »

Hi All,

I need to get the Enabled AD Objects (Users & Computer) that does not include the specific name patterns.

How can I filter out or exclude some of the results using the Get-ADObject with the below Query?

Script:

Code: Select all

$Exclusions = @(
   'SystemMailbox',
   'HealthMailbox',
   'Migration'
   'Delete'
   'Disabled'
)
Get-ADObject -Filter '(ObjectClass -eq "user" -or ObjectClass -eq "computer") -and Enabled -eq $true -and isRecycled -eq $false -and name -ne "Deleted Objects"' | Where-Object{$_.Name -notin $Exclusions}
Issues with the script above:
1. When I add the Filter Enabled -eq $true, nothing is returned.
2. I wanted to exclude certain OU like ‘OU=Disabled Users‘
3. If the name contains anything like the above $Exclusions

Thank you in advance.
/* IT Engineer */

jvierra
Posts: 14691
Joined: Tue May 22, 2007 9:57 am
Answers: 7
Has voted: 2 times
Been upvoted: 5 times

Re: Filtering Enabled only Get-ADObject to with specific patterns and OU?

Post by jvierra »

You are missing commas in your exclusion list.

The following will be better.

Code: Select all

$Exclusions = @(
   'SystemMailbox',
   'HealthMailbox',
   'Migration',
   'Delete',
   'Disabled',
   'Deleted Objects'
)
$filter = '
    (
        ObjectClass -eq "user" -or
        ObjectClass -eq "computer"
    ) -and 
    Enabled -eq $true -and 
    isRecycled -eq $false
' 
Get-ADObject -Filter $filter |
    Where-Object{$_.Name -notin $Exclusions}

User avatar
ITEngineer
Posts: 210
Joined: Wed Oct 12, 2011 10:52 am

Re: Filtering Enabled only Get-ADObject to with specific patterns and OU?

Post by ITEngineer »

Thank you Mr. Vierra,

Somehow it does not return any result?
even after removing the Enabled -eq $true

I've also changed it into Where-Object{$_.Name -notcontains $Exclusions}
/* IT Engineer */

jvierra
Posts: 14691
Joined: Tue May 22, 2007 9:57 am
Answers: 7
Has voted: 2 times
Been upvoted: 5 times

Re: Filtering Enabled only Get-ADObject to with specific patterns and OU?

Post by jvierra »

YOU are guessing ... Your guesses have nothing to do with the issue.

If the filter fails then there are no objects that match the criteria. I suspect you need to remove the "isRecycled" to fix this.

To test a filter add only one item at a time to discover the restrictive item.

User avatar
ITEngineer
Posts: 210
Joined: Wed Oct 12, 2011 10:52 am

Re: Filtering Enabled only Get-ADObject to with specific patterns and OU?

Post by ITEngineer »

Yes, already did.
  1. $filter = '
  2.  
  3.    (
  4.  
  5.        ObjectClass -eq "user" -or
  6.  
  7.        ObjectClass -eq "computer"
  8.  
  9.    ) -and
  10.  
  11.    Enabled -eq $true
  12.  
  13. '
  14.  
  15. Get-ADObject -Filter $filter
The script above returns all Users and Computers object.

but when I add Enabled -eq $true, it does not returns anything at all?
/* IT Engineer */

jvierra
Posts: 14691
Joined: Tue May 22, 2007 9:57 am
Answers: 7
Has voted: 2 times
Been upvoted: 5 times

Re: Filtering Enabled only Get-ADObject to with specific patterns and OU?

Post by jvierra »

All objects do not support the "Enabled" attribute. If the attribute is missing then it will not be true.

User avatar
ITEngineer
Posts: 210
Joined: Wed Oct 12, 2011 10:52 am

Re: Filtering Enabled only Get-ADObject to with specific patterns and OU?

Post by ITEngineer »

jvierra wrote:
Wed Aug 19, 2020 7:32 pm
All objects do not support the "Enabled" attribute. If the attribute is missing then it will not be true.
That makes sense.

Thank you Mr. Vierra :-)
/* IT Engineer */

jvierra
Posts: 14691
Joined: Tue May 22, 2007 9:57 am
Answers: 7
Has voted: 2 times
Been upvoted: 5 times

Re: Filtering Enabled only Get-ADObject to with specific patterns and OU?

Post by jvierra »

I think the issue is that the Get-AdUser and Get-AdComputer commands add the "Enabled" property by converting the flags but Get-AdObject does not do this. You will have to extract the attribute and test the bit after extracting the objects.

User avatar
ITEngineer
Posts: 210
Joined: Wed Oct 12, 2011 10:52 am

Re: Filtering Enabled only Get-ADObject to with specific patterns and OU?

Post by ITEngineer »

jvierra wrote:
Wed Aug 19, 2020 8:04 pm
I think the issue is that the Get-AdUser and Get-AdComputer commands add the "Enabled" property by converting the flags but Get-AdObject does not do this. You will have to extract the attribute and test the bit after extracting the objects.
Yes, that's too complex for me to do :-o
hence I was just asking it if it were possible with one-liner command. ;)
/* IT Engineer */

Anayazius
Posts: 11
Joined: Tue Jun 23, 2020 5:04 am

Re: Filtering Enabled only Get-ADObject to with specific patterns and OU?

Post by Anayazius »

ITEngineer wrote:
Wed Aug 19, 2020 6:07 pm
Hi All,

I need to get the Enabled AD Objects (Users & Computer) that does not include the specific name patterns.

How can I filter out or exclude some of the results using the Get-ADObject with the below Query?

Script:

Code: Select all

$Exclusions = @(
   'SystemMailbox',
   'HealthMailbox',
   'Migration'
   'Delete'
   'Disabled'
)
Get-ADObject -Filter '(ObjectClass -eq "user" -or ObjectClass -eq "computer") -and Enabled -eq $true -and isRecycled -eq $false -and name -ne "Deleted Objects"' | Where-Object{$_.Name -notin $Exclusions}
Issues with the script above:
1. When I add the Filter Enabled -eq $true, nothing is returned.
2. I wanted to exclude certain OU like ‘OU=Disabled Users‘
3. If the name contains anything like the above $Exclusions

Thank you in advance.
I am also interested in solving the problem. Thank you for your inquiry.

Locked