I need some help in modifying the AD OU filter belowto exclude the AD User accounts that are located in those OU in the lists.
This is the script that I have tried with, but the result is always containing User accounts in those OU.
Code: Select all
$filter = "(Enabled -eq 'true') -and ((mail -notlike '*') -or (company -notlike '*') -or (l -notlike '*') -or (physicalDeliveryOfficeName -notlike '*') -or (title -notlike '*') -or ( (telephoneNumber -notlike '*') -and (mobile -notlike '*')) )"
$properties = @('mail', 'physicalDeliveryOfficeName', 'Company', 'DisplayName', 'title', 'SamAccountName', 'CanonicalName', 'lastlogondate', 'mobile', 'telephoneNumber','l','Whencreated')
$domainDN = (Get-ADDomain).DistinguishedName
$excludeOUs = @(
'OU=Disabled Users,DC=GlobalCorp,DC=com'
'OU=GlobalCorp Testing,DC=GlobalCorp,DC=com'
'OU=Admin Accounts,OU=GlobalCorp Global,DC=GlobalCorp,DC=com'
'OU=Service Accounts,OU=GlobalCorp Global,DC=GlobalCorp,DC=com'
'OU=Shared Mailboxes,OU=GlobalCorp Global,DC=GlobalCorp,DC=com'
)
Get-ADUser -Filter $filter -Properties $properties -SearchBase $domainDN |
Select-Object -Property `
DisplayName,
Company,
Title,
TelephoneNumber,
Mobile,
PhysicalDeliveryOfficeName,
SamAccountName,
Mail,
@{n = "OU"; e = { $_.CanonicalName.Remove($_.CanonicalName.LastIndexOf($_.Name) - 1) } },
@{n = 'CN'; e = { Split-Path $_.CanonicalName -Parent } },
@{n = 'ParentContainer'; e = { $_.DistinguishedName -replace '^CN=.*?(?=CN|OU)' } },
LastLogondate,
WhenCreated |
Where-Object {
($excludeOUs -notcontains $_.ParentContainer) -and
($_.SamAccountName -notmatch '^(Temp|Kiosk|HealthMailbox|SVC|Test|admin|\$') -and
($_.DisplayName -notmatch 'Admin|Calendar|Room')
} |
ConvertTo-HTML | Set-Variable HTMLBody
Send-MailMessage -SmtpServer SMTP.GlobalCo.com -From "$env:COMPUTERNAME@$env:userdnsdomain" -To Admin@MSP.com -Subject "AD User Incomplete report as at $((Get-Date).ToString('dd-MM-yyyy'))" -Body ($HTMLBody -join '`n') -BodyAsHTML
Thank you in advance.