Get-AdComputer and multiple -Searchbase parameters

hi,

trying to find all xp computers in AD without including from a certain OU. this is pretty much a redundant question, since i know I could simply move an OU to make this work. but the point is to learn something, so i’ll ask anyway!

this

Get-ADComputer -Filter {OperatingSystem -like "Windows XP Professional"} -Property * -SearchBase {"ou=Admin Computers,ou=Computer Directory,dc=tdwh,dc=co,dc=uk"} not "ou=Inactive,ou=Computer Directory,dc=company,dc=co,dc=uk"} | Format-Table Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion -Wrap -Auto

doesn’t work.

this

Get-ADComputer -Filter {OperatingSystem -like "Windows XP Professional"} -Property * -SearchBase "ou=Admin Computers,ou=Computer Directory,dc=tdwh,dc=co,dc=uk" -SearchBase -"ou=Inactive,ou=Computer Directory,dc=company,dc=co,dc=uk" | Format-Table Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion -Wrap -Auto

doesn’t work. substituting the word not for the - minus sign doesn’t work. fairly new to PS so not 100% sure what the correct syntax will be, or if its actually possible.

just to be transparent, “Inactive” is an OU inside “Admin Computers OU”

-Searchbase does not accept multiple values, but you can use a pipeline with Foreach-Object to work around this limitation:

'ou=Inactive,ou=Computer Directory,dc=company,dc=co,dc=uk','ou=Admin Computers,ou=Computer Directory,dc=tdwh,dc=co,dc=uk' |
    ForEach-Object {get-adcomputer -Filter "OperatingSystem -like '*XP*'" -Property * -SearchBase $_}

Also, I once heard it said that friends don’t let friends use ‘-Properties *’ and I think that’s solid advice. If you need properties beyond the ones provided in the default output, just get those properties.

Here is an alternative:

$ADComputerProperties = @('Name','OperatingSystem','OperatingSystemServicePack','OperatingSystemVersion')
Get-ADComputer -Filter {OperatingSystem -like '*XP*'} -SearchBase  'dc=tdwh,dc=co,dc=uk' -Properties $ADComputerProperties | 
    Where-Object -FilterScript { $_.DistinguishedName -notlike 'CN=*,OU=Inactive,*' } | 
        Format-Table -Property $ADComputerProperties -Wrap -Auto

1st you get all the XP computers in whatever OU they are located in your domain and 2nd you let PowerShell do the filtering using the Where-Object cmdlet and a -notlike operator. The result should be a table with XP computers excluding any “Inactive” child OU.

two awesome responses, thanks guys. used the last one to great effect.

looks like the kind of plae i can learn, so probably gonna spend the rest of the afternoon doing a bit of research.