Filtering Enabled only Get-ADObject to with specific patterns and OU?

[ITEngineer]

Hi All,

I need to get the Enabled AD Objects (Users & Computer) that does not include the specific name patterns.

How can I filter out or exclude some of the results using the Get-ADObject with the below Query?

Script:

Code: Select all

$Exclusions = @(
   'SystemMailbox',
   'HealthMailbox',
   'Migration'
   'Delete'
   'Disabled'
)
Get-ADObject -Filter '(ObjectClass -eq "user" -or ObjectClass -eq "computer") -and Enabled -eq $true -and isRecycled -eq $false -and name -ne "Deleted Objects"' | Where-Object{$_.Name -notin $Exclusions}

Issues with the script above:
1. When I add the Filter Enabled -eq $true, nothing is returned.
2. I wanted to exclude certain OU like ‘OU=Disabled Users‘
3. If the name contains anything like the above $Exclusions

Thank you in advance.

[jvierra]

You are missing commas in your exclusion list.

The following will be better.

Code: Select all

$Exclusions = @(
   'SystemMailbox',
   'HealthMailbox',
   'Migration',
   'Delete',
   'Disabled',
   'Deleted Objects'
)
$filter = '
    (
        ObjectClass -eq "user" -or
        ObjectClass -eq "computer"
    ) -and 
    Enabled -eq $true -and 
    isRecycled -eq $false
' 
Get-ADObject -Filter $filter |
    Where-Object{$_.Name -notin $Exclusions}

[ITEngineer]

Thank you Mr. Vierra,

Somehow it does not return any result?
even after removing the Enabled -eq $true

I've also changed it into Where-Object{$_.Name -notcontains $Exclusions}

[jvierra]

YOU are guessing ... Your guesses have nothing to do with the issue.

If the filter fails then there are no objects that match the criteria. I suspect you need to remove the "isRecycled" to fix this.

To test a filter add only one item at a time to discover the restrictive item.

[ITEngineer]

Yes, already did.

Code: [Select all] [Expand/Collapse] [Download] (Untitled.ps1)

1. $filter = '
2.    (
3.        ObjectClass -eq "user" -or
4.        ObjectClass -eq "computer"
5.    ) -and
6.    Enabled -eq $true
7. '
8. Get-ADObject -Filter $filter

The script above returns all Users and Computers object.

but when I add Enabled -eq $true, it does not returns anything at all?

[jvierra]

All objects do not support the "Enabled" attribute. If the attribute is missing then it will not be true.

[ITEngineer]

All objects do not support the "Enabled" attribute. If the attribute is missing then it will not be true.

That makes sense.

Thank you Mr. Vierra

[jvierra]

I think the issue is that the Get-AdUser and Get-AdComputer commands add the "Enabled" property by converting the flags but Get-AdObject does not do this. You will have to extract the attribute and test the bit after extracting the objects.

[ITEngineer]

I think the issue is that the Get-AdUser and Get-AdComputer commands add the "Enabled" property by converting the flags but Get-AdObject does not do this. You will have to extract the attribute and test the bit after extracting the objects.

Yes, that's too complex for me to do
hence I was just asking it if it were possible with one-liner command.

[jvierra]

You asked this same question in another forum. The answer given gave you the steps to diagnosing why you were not getting any results. Have you done what was requested. Do you get result when retrieving without the "Where" filter?