Multiple filters

This topic contains 5 replies, has 4 voices, and was last updated by  Andy 1 month, 1 week ago.

  • Author
    Posts
  • #73906

    Scott Windmiller
    Participant

    I am sure there is probably an easier way to do this but I wanted to check my understanding of the way I did it and if I am correct for future reference.
    I want to move all users accounts that have not logged in for 90days OR all users that have never logged in but only if they were created prior to 30 days.
    This is what I have:

    $30days = (get-date).adddays(-30)
    $lastLogon = (get-date).adddays(-90)
    get-aduser -filter {(lastLogonTimestamp -lt $lastLogon) -or (whencreated -lt $30days) -and (lastLogonTimeStamp -notlike "*")} -searchbase "ou=MYOUPATH" -searchscope onelevel -properties whencreated,lastlogondate | Select Name,whencreated,lastlogondate | sort lastlogondate | Move-ADObject -TargetPath "ou=Disabled Users OU Path"

    This gives me the correct results but it feels like I should have to tie the last 2 conditions together so it would either evaluate condition 1 OR conditions 2 AND 3 but this already seems to be the case but I don't think its right. I just think the values are causing it to appear correct.

    I know this is wrong but it seems like instead of this:

    -filter {(lastLogonTimestamp -lt $lastLogon) -or (whencreated -lt $30days) -and (lastLogonTimeStamp -notlike "*")}

    it should be something like this:

    -filter {(lastLogonTimestamp -lt $lastLogon) -or ((whencreated -lt $30days) -and (lastLogonTimeStamp -notlike "*")}}

    tying the last 2 together but I do not know how to do that correctly.

    Thanks,
    Scott

  • #73907

    Scott Windmiller
    Participant

    Would this be the correct way? Having trouble figuring out how to test is 🙂

    -filter {lastLogonTimestamp -lt $lastLogon -or (whencreated -lt $30days -and lastLogonTimeStamp -notlike "*")}
  • #73910

    Will Prather
    Participant

    I think this would do the trick for you. I think your filter from your first post would work, and that is what I coded with. I added your filters separately in different commands, then combined then. The check at the end should return true, showing that you that the filter works the same when combined, and giving you the exact same results.

    $30days = (get-date).AddDays(-30)
    $lastLogon = (get-date).AddDays(-90)
    $30dayUsers = get-aduser -filter {(whencreated -lt $30days) -and (lastLogonTimeStamp -notlike "*")} -searchbase $ouPath -searchscope oneLevel -properties whencreated,lastlogondate
    $90dayusers = get-aduser -filter {(lastLogonTimestamp -lt $lastLogon)} -searchbase $ouPath -searchscope oneLevel -properties whencreated,lastlogondate
    $30or90Users = get-aduser -filter {(lastLogonTimestamp -lt $lastLogon) -or ((whencreated -lt $30days) -and (lastLogonTimeStamp -notlike "*"))} -searchbase $ouPath -searchscope oneLevel -properties whencreated,lastlogondate
    $30or90Users.count -eq ($30dayUsers.count + $90dayusers.count)
    
  • #73912

    Curtis Smith
    Participant

    You have a type-o, you have an opening ( with a closing } which should be a closing ), next to last character. That than that, this filter is perfectly fine.

    -filter {(lastLogonTimestamp -lt $lastLogon) -or ((whencreated -lt $30days) -and (lastLogonTimeStamp -notlike "*")}}

    should be

    -filter {(lastLogonTimestamp -lt $lastLogon) -or ((whencreated -lt $30days) -and (lastLogonTimeStamp -notlike "*"))}
  • #73924

    Scott Windmiller
    Participant

    Thanks to both of you for the help! It works without the extra parentheses I now realize because of the data but was incorrect. It's good to know how to do it correctly.

    Thanks again!!

    Scott

  • #79900

    Andy
    Participant

    Seeing that you guys are dealing with the same issue I am facing does anyone know how to compare the lastlogondate from local AD and 365 Azure AD so that you don't move accounts that were logged into 365. The lastlogondate parameter is not part of the ADsync functionality so it gives a mismatch for administrators to do any type of security management for true (LastLogon).

    365 LastLogonDate

    get-mailboxstatistics -identity doe.john | select lastlogontime
    

    LastLogonTime
    ————-
    9/15/2017 8:50:55 AM

    AD On-Premise LastLogonDate

    PS C:\scripts\ActiveScheduledScripts>  Get-ADUser -Filter * -SearchBase "cn=doe.john,ou=axb,dc=site,dc=org" -Res
    ultPageSize 0 -Prop CN,lastLogonTimestamp | Select CN,@{n="lastLogonDate";e={[datetime]::FromFileTime($_.lastLogonTimest
    amp)}}
    

    lastLogonTimeStamp
    ————-
    8/24/2016 2:06:23 PM

You must be logged in to reply to this topic.