1

Could some one tell me the issues with the query.

I want to pull back all the users that are not in a number of specific OU, I thought the following query would work, but as you can see it pulls back a user with "ou=staff" in the DN (extracted from all of the output).

I am trying to say if non of the following appear in the DN attribute. 

$NotinDirectory = Get-ADObject  -LDAPFilter "objectClass=person" -SearchBase "OU=Accounts,DC=Company,DC=ac,DC=uk" -Properties ou |? {($_.DistinguishedName -notlike "*Agency*" -and "*Contractors*" -and "*Fellows*" -and "*Visitors*" -and "*ou=Staff*" -and "*Contacts*")}

CN=jo blogs,OU=Staff,OU=Accounts,DC=compnay,DC=ac,DC=uk

UPDATE so I tried this based on comments bellow

 $NotinDirectory = Get-ADObject  -LDAPFilter "objectClass=person" -SearchBase "OU=Accounts,OU=iah,DC=iah,DC=ac,DC=uk"  | ? {($_DistinguishedName -notlike "*Agency*" -and $_DistinguishedName -notlike "*Contractors*" -and $_DistinguishedName -notlike "*Fellows*" ) -and ($_DistinguishedName -notlike"*Visitors*") -and ($_DistinguishedName -notlike"*OU=Staff*" -and $_DistinguishedName -notlike"*Contacts*")}
foreach ($test in $NotinDirectory){ Write-Host $test.DistinguishedName}

but i still get CN=xxx xxxxx,OU=Staff,OU=Accounts,DC=company,DC=ac,DC=uk

Improve this question

1 Answer 1

Reset to default
3

In your Where-Object filter:

($_.DistinguishedName -notlike "*Agency*" -and "*Contractors*" -and "*Fellows*" -and "*Visitors*" -and "*ou=Staff*" -and "*Contacts*")

you only compare $_.DistinguishedName to a string once, the first time (-notlike "*Agency*").

It will be parsed as follows:

(($_.DistinguishedName -notlike "*Agency*") -and ("*Contractors*") -and ("*Fellows*") -and ("*Visitors*") -and ("*ou=Staff*") -and ("*Contacts*"))
(($_.DistinguishedName -notlike "*Agency*") -and $true -and $true -and $true -and $true -and $true)
($_.DistinguishedName -notlike "*Agency*")

You'll have to do:

Get-ADObject | Where-Object {($_.DistinguishedName -notlike "*Agency*" -and 
    $_.DistinguishedName -notlike "*Contractors*" -and 
    $_.DistinguishedName -notlike "*Fellows*" -and 
    $_.DistinguishedName -notlike "*Visitors*" -and 
    $_.DistinguishedName -notlike "*ou=Staff*" -and 
    $_.DistinguishedName -notlike "*Contacts*")}

in order to test for all 6 strings.

If you have a variable number of strings you want to exclude, you can use ForEach-Object inside Where-Object:

$Excludes = "*Agency*","*Contractors*","*Fellows*","*Visitors*","*ou=Staff*","*Contacts*"

Get-ADObject |Where-Object {
    $ADObj = $_
    @($Excludes |ForEach-Object {
        $ADObj.DistinguishedName -notlike $_
    }) -notcontains $false
}
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I tell you this might be one of the few I have not tried yet :)
Hi please see my edit, I had tried this before but getting the same result
Ignore me, next time I will put the "." in the $_.Dist....! I will also borrow that nice little loop. I was planning on some thing similar my self as I need to make this in to a function but that's a great start for me. Thank you for the help
You could also use Where-Object similar to your question by using -match and a regular expression like so ?{$_.DistinguishedName -match 'OU=(Accounts|Contractors|Fellows)'}

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.