Home > Net >  PowerShell Get-ADUser - Using custom AD attibutes as IF condition
PowerShell Get-ADUser - Using custom AD attibutes as IF condition

Time:04-24

This is my first post here, hoping it's not the last, and I wanted to greet you all :)

I'm a real newbie in terms of PowerShell and tried to resolve this myself for quite a while now, but I'm stuck and nothing helps. In short: what I need to do is to export specific AD users and some of their properties to a CSV file. What I need to have there is some of the default properties like Name, SamAccountName, Enabled and some custom ones: businesscategory, extensionAttribute9 etc.

I'm struggling with my if - else statements, as they seem to not be comparing employeenumber to $null

$name = Read-Host -Prompt "Please enter the name for output file."
$filename = $name ".csv"
$domain = @('DOMAIN1','DOMAIN2','DOMAIN3','DOMAIN4')    
$result = foreach ($item in $domain) {    
    Get-ADUser -server $item -Properties businesscategory, extensionAttribute4, 
    extensionAttribute9, extensionAttribute13, employeenumber, Enabled -ResultPageSize 100 -Filter *   
    if (($null -ne $_.employeenumber) -and ($_.employeenumber -notlike '*svc*')) {              
    Select-Object Name, 
    SamAccountName, 
    UserPrincipalName,
    @{n="businesscategory"; e={$_.businesscategory  -join ", "}},               
    @{n="extensionAttribute4";e={$_.extensionAttribute4 -join ", "}},           
    @{n="extensionAttribute9";e={$_.extensionAttribute9 -join ", "}},           
    @{n="extensionAttribute13";e={$_.extensionAttribute13 -join ", "}},         
    DistinguishedName, employeenumber, Enabled
    }  else { (...)

The above is part of my code where it should enter into first if. It does that, but it exports all accounts, whether employeenumber is present or not. Another issue is that the exported CSV doesn't contain columns created from custom attributes, instead it shows some other properties that I did not ask for.

This used to work fine if I used Where-Object instead of if - else and checked the values like below:

Where-Object { 
($_.SamAccountName      -notlike '*proprietary*') -and                         
($_.UserPrincipalName   -notlike '*proprietary*') -and
($_.SamAccountName      -notlike '*mailbox*') -and (...)

Unfortunately I need to use if - else to make more complex comparisons and selections, but can't figure it out

I hope everything is clear here and I would really appreciate any help with this. Feel free to ask for further clarification and take care!

CodePudding user response:

The problem is in this line:

$result = foreach ($item in $domain) {
    Get-ADUser -server $item -Properties ... # => not assigned to any variable

Then in this line:

if (($null -ne $_.employeenumber) -and ($_.employeenumber -notlike '*svc*')) {

Since $_ doesn't exist, you are comparing something like:

$null -ne $null -and $null -notlike '*svc*'

Which will always be $false. It's also worth mentioning that this is a foreach loop, different from ForEach-Object, the automatic variable $_ ($PSItem) doesn't mean anything here.

The next problem comes when using Select-Object as the beginning of the statement, there is no object being piped to it.

Select-Object Name, SamAccountName, UserPrincipalName, ...

In this case, the if condition could be removed completely with some LDAP Filtering:

# employee number is not `$null` AND employee number is not like `*svc*`
-LDAPFilter "(&(employeenumber=*)(!employeenumber=*svc*))"

The code would look like this:

$name = Read-Host -Prompt "Please enter the name for output file."
$filename = $name   ".csv" # Consider using `$HOME` here, or an absolute Path
$param = @{
    LDAPFilter = "(&(employeenumber=*)(!employeenumber=*svc*))"
    ResultPageSize = 100
    Properties = @(
        'businesscategory'
        'extensionAttribute4'
        'extensionAttribute9'
        'extensionAttribute13'
        'employeenumber'
    )
}
'DOMAIN1','DOMAIN2','DOMAIN3','DOMAIN4' | ForEach-Object {
    $param['Server'] = $_
    foreach($user in Get-ADUser @param) {
        [pscustomobject]@{
            Name                 = $user.Name
            SamAccountName       = $user.SamAccountName
            UserPrincipalName    = $user.UserPrincipalName
            BusinessCategory     = $user.businesscategory  -join ", "
            extensionAttribute4  = $user.extensionAttribute4 -join ", "
            extensionAttribute9  = $user.extensionAttribute9 -join ", "
            extensionAttribute13 = $user.extensionAttribute13 -join ", "
            DistinguishedName    = $user.DistinguishedName
            employeenumber       = $user.employeenumber
            Enabled              = $user.Enabled
            Domain               = $_ # Adding the Domain of this user here
        }
    }
} | Export-Csv $filename -NoTypeInformation

Page link:https//www.codepudding.com/net/383297.html

Prev:Powershell Select-string text file
Next:How to turn an array to a CSV string based on commas?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding