Get-ADUser with Multiple filters

Welcome Forums General PowerShell Q&A Get-ADUser with Multiple filters

  • This topic has 5 replies, 3 voices, and was last updated 2 weeks ago by
    js
    Participant
    .
Viewing 4 reply threads
  • Author
    Posts
    • #237685
      Participant
      Topics: 2
      Replies: 1
      Points: 6
      Rank: Member

      Hey guys, first post here for me.

      I was wondering if anyone can help me, I’m trying to get-ad users with multiple conditions, but obvioustly this isn’t working as expected.

      Get-ADUser -filter {(name -notlike “*.admin”) -and
      (name -notlike “*.bot”) -and
      (name -notlike “*.tv”) -and
      (name -notlike “*.dsk”) -and
      (name -notlike “*.ad”) -and
      (name -notlike “*.adm”) -and
      (name -notlike “*.dba”)} -properties PasswordNeverExpires,msDS-UserPasswordExpiryTimeComputed | where {$_.enabled -eq $true -and $_.PasswordNeverExpires -eq $False} |
      Where {$_.DistinguishedName -notlike “OU info”} |
      Where {$_.DistinguishedName -notlike “OU info”} |
      Where {$_.DistinguishedName -notlike “OU info”} |
      Where {$_.DistinguishedName -notlike “OU info”} |
      Where {$_.DistinguishedName -notlike “OU info”} |
      Where {$_.DistinguishedName -notlike “OU info”} |
      Where {$_.DistinguishedName -notlike “OU info”} |
      Where {$_.DistinguishedName -notlike “OU info”} |
      Where {$_.DistinguishedName -notlike “OU info”} |
      Where {$_.DistinguishedName -notlike “OU info”} |
      where { ($_.ExpiryDate -as [DateTime]) -gt (get-date) -and ($_.ExpiryDate -as [DateTime]) -lt (get-date).adddays(30)} |
      select Name,SamAccountName,@{Name=”ExpiryDate”;Expression={([datetime]::FromFileTime($_.”msDS-UserPasswordExpiryTimeComputed”)).DateTime}}
      #| Export-Csv “location\PasswordAudit.csv” -NoTypeInformation

      OU info is where I put distinguished name of certain OUs.

      I think it’s something to do with Pipeline.. but cant’ seem to find the spot.

      In future, I will be using outcome and add their password expiry date by 30 days

    • #237709
      Participant
      Topics: 5
      Replies: 15
      Points: 128
      Rank: Participant

      Your final Where-Object I believe may have been holding it up.

      Modified:

      Where-Object { ([datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed") -gt (Get-Date)) -and [datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed") -lt (Get-Date).AddDays(30) }
      
      

      Convert the exact name of the property. You have expiryDate, but the property is msDS-UserPasswordExpiryTimeComputed .

      I changed your conversion check as well so that it just does the conversion and compares it to the date using the same language in your Select-Object statement in case the conversion is failing with your method.

      Also if unless PowerShell is smart enough to combine those where-object filters (I do not know), you’re probably slowing you script down by calling it multiple time likes that.

      • This reply was modified 2 weeks, 1 day ago by Phatmandrake.
      • This reply was modified 2 weeks, 1 day ago by Phatmandrake.
      • #237718
        Participant
        Topics: 2
        Replies: 1
        Points: 6
        Rank: Member

        Your final Where-Object I believe may have been holding it up.

        Modified:

        PowerShell
        3 lines

        <textarea class=”ace_text-input” style=”opacity: 0; height: 18px; width: 6.59781px; left: 44px; top: 0px;” spellcheck=”false” wrap=”off”></textarea>

        1
        2
        3
        Where-Object·{·([datetime]::FromFileTime($_.“msDS-UserPasswordExpiryTimeComputed”)·-gt·(Get-Date))·-and·[datetime]::FromFileTime($_.“msDS-UserPasswordExpiryTimeComputed”)·-lt·(Get-Date).AddDays(30)·}
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

        Convert the exact name of the property. You have expiryDate, but the property is msDS-UserPasswordExpiryTimeComputed .

        I changed your conversion check as well so that it just does the conversion and compares it to the date using the same language in your Select-Object statement in case the conversion is failing with your method.

        Also if unless PowerShell is smart enough to combine those where-object filters (I do not know), you’re probably slowing you script down by calling it multiple time likes that.

        Thank you, it actually starts working

        Per your comment at the end, I tested to put them in variable and using -and, but it failed every time… so I just got stuck like this using multiple pipelines.. probably not the best way to do it, I 100% agree.

        If I were to get these user data and “set” their expirydate to whatever current date + 30 days, would I have to bracket entire get-aduser filter?

        Edit:

        Actually there is a slight problem… with your change, i’m getting 95% result.. the other 5% it returns error like this:

        Exception calling “FromFileTime” with “1” argument(s): “Not a valid Win32 FileTime.

        • This reply was modified 2 weeks, 1 day ago by ggman898878.
        • This reply was modified 2 weeks, 1 day ago by ggman898878.
    • #237730
      js
      Participant
      Topics: 30
      Replies: 828
      Points: 2,556
      Helping Hand
      Rank: Community Hero

      If the expiration time isn’t set, it might be something like [int]::maxvalue, which can’t be converted to a datetime. Maybe it’s better to convert the datetime to a filetime, and compare two filetimes instead.

      • This reply was modified 2 weeks, 1 day ago by js.
      • This reply was modified 2 weeks ago by js.
      • This reply was modified 2 weeks ago by js.
    • #237967
      Participant
      Topics: 5
      Replies: 15
      Points: 128
      Rank: Participant

      Accounts set to never expire will throw the error.

    • #237970
      js
      Participant
      Topics: 30
      Replies: 828
      Points: 2,556
      Helping Hand
      Rank: Community Hero

      Indeed. If you could do it within the get-aduser -filter it seems to convert automatically.

      [datetime]::FromFileTime([int64]::MaxValue)  # default expiration value
      
      Exception calling "FromFileTime" with "1" argument(s): "Not a valid Win32 FileTime.
      Parameter name: fileTime"
      At line:1 char:1
      + [datetime]::FromFileTime([int64]::MaxValue)
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
          + FullyQualifiedErrorId : ArgumentOutOfRangeException

      Compare filetime’s instead:

      Where { $_."msDS-UserPasswordExpiryTimeComputed" -gt (Get-Date).ToFileTime() -and
        $_."msDS-UserPasswordExpiryTimeComputed" -lt (Get-Date).AddDays(30).ToFileTime() }

      Ah, the space that turns into a red dot in this forum is a Unicode Character “NO-BREAK SPACE” (U+00A0) or “nbsp” https://www.fileformat.info/info/unicode/char/00a0/index.htm

      [int][char]' ' | % tostring x
      
      a0
      
      
      [char]0xa0
      
       
      • This reply was modified 2 weeks ago by js.
      • This reply was modified 1 week, 6 days ago by js.
      • This reply was modified 1 week, 6 days ago by js.
      • This reply was modified 1 week, 6 days ago by js.
      • This reply was modified 1 week, 6 days ago by js.
Viewing 4 reply threads
  • You must be logged in to reply to this topic.