Home > Net >  How to filter users based on several criteria in Powershell when using Get-AdUser
How to filter users based on several criteria in Powershell when using Get-AdUser

Time:05-28

I have a question that I was hoping someone could help me with, please. I am trying to get a list of users who meet this criteria using get-adusers:

AD field “department” in ('Sales & Admin - All', 'Field - Support','HKLM - All', 'SOD - 1','Home - 1080') AND AD field "title” in ('Client Manager', 'Local Sales', 'Outside Sales, 'Region Manager', 'Deployment Manager')

  • “title” can have another value appended after it is separated by a "-" i.e. “Client Coordinator - Consulting/Solution“. I also need to get rid of/filter that list further of any other Titles that have "- " in their name.

I've got to this point so far, but not sure how to go further. I also don't get all matches for my departments because its looking for an exact match from the include arrays:

cls
Import-Module activedirectory
$count = 0
$include_department = @("Sales & Admin - All ","Field - Support", "HKLM - All", "SOD - 1", "Home - 1080")
$include_title = @("Client Manager", "Local Sales", "Outside Sales", "Region Manager", "Deployment Manager")
$exclude_title = @("- ")
$users = Get-ADUser -filter * -properties Department, Title, SamAccountName | 
    Where-Object {
        ($_.Department -match ('('   [string]::Join(')|(', $include_department)   ')')) -and 
        ($_.Title -match ('('   [string]::Join(')|(', $include_title)   ')')) -and
        ($_.Department -notcontains "- ")
    }
$users | Out-File -FilePath C:\it\file.txt

CodePudding user response:

As Abraham pointed out in his helpful comment, you can do the filtering using exclusively the AD Filter / LDAP Filter.

Here is a -LDAPFilter alternative:

$map = @{
    department = @(
        'Sales & Admin - All'
        'Field - Support'
        'HKLM - All'
        'SOD - 1'
        'Home - 1080'
    )
    title = @(
        'Client Manager'
        'Local Sales'
        'Outside Sales'
        'Region Manager'
        'Deployment Manager'
    )
}

$ldapfilter = "(&"
foreach($key in $map.Keys) {
    $clause = "(|"
    foreach($value in $map[$key]) {
        $clause  = "($key=$value)"
    }
    $clause  = ")"
    $ldapfilter  = $clause
}
$ldapfilter  = ")"

Get-ADUser -LDAPFilter $ldapfilter -Properties Department, Title, SamAccountName |
    Export-Csv path\to\export.csv -NoTypeInformation

The title filter is an exact match of each clause, hence the "get rid of / filter that list further of any other Titles that have - in their name" should be covered.

The generated LDAP String would look like this after formatting for readability:

(&
   (|
       (department=Sales & Admin - All)
       (department=Field - Support)
       (department=HKLM - All)
       (department=SOD - 1)
       (department=Home - 1080)
    )
    (|
       (title=Client Manager)
       (title=Local Sales)
       (title=Outside Sales)
       (title=Region Manager)
       (title=Deployment Manager)
    )
)

Page link:https//www.codepudding.com/net/422645.html

Prev:PowerShell adding value to a custom object property
Next:multiplying lists with an external float in for loop
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding