PowerShell Multiple -and operators?-CodePudding

Is there a simpler way to do this? Or does it require me to type out each -and/-notlike for each of the criteria?

Where-Object {$_.DistinguishedName -like "<Enter Domain OU>"} |
Select-Object UserPrincipalName | 
Where-Object `
{$_.UserPrincipalName -notlike 'a-*' `
-and $_.UserPrincipalName -notlike 'falkon*' `
-and $_.UserPrincipalName -notlike 'test*' `
-and $_.UserPrincipalName -notlike '*whiteboard*' `
-and $_.UserPrincipalName -notlike '*CSC*' `
-and $_.UserPrincipalName -notlike '*autopilot*'} |
Sort-Object UserPrincipalName

CodePudding user response：

Unfortunately, he can't use -match in an AD filter, but he can use -notlike. The poster can drop the backticks and use operators to continue lines at least. Distinguishedname can't be in an AD filter.

get-aduser -filter "UserPrincipalName -notlike 'a-*' -and
  UserPrincipalName -notlike 'falkon*' -and
  UserPrincipalName -notlike 'test*' -and
  UserPrincipalName -notlike '*whiteboard*' -and
  UserPrincipalName -notlike '*CSC*' -and
  UserPrincipalName -notlike 
  '*autopilot*'" -searchbase 'DC=stackoverflow,DC=com' -resultsetsize 1

CodePudding user response：

You can do the following string manipulation to build an LDAP Filter for less verbosity on your script and to leverage Active Directory Filtering capabilities.

Worth mentioning, as more users are under the SearchBase Organizational Unit the faster -Filter / -LDAPFilter becomes compared to Where-Object.

$ou = 'OU=some,OU=ou,DC=some,DC=domain'
$notLike = 'a-*', 'falkon*', 'test*', '*whiteboard*', '*CSC*', '*autopilot*'
$filter = '(&(!userprincipalname={0}))' -f ($notLike -join ')(!userprincipalname=')

$params = @{
    SearchBase  = $ou
    SearchScope = 'OneLevel' # Or SubTree for all child OUs under `$ou`
    LDAPFilter  = $filter
}
Get-ADUser @params | Sort-Object UserPrincipalName