People,
I need some help in explaining and modifying the below script, as to why the below script is not returning any result at all.
$filter = '
(
ObjectClass -eq "user" -or
ObjectClass -eq "computer"
) -and
Enabled -eq $true
'
Get-ADObject -Filter $filter
But when the section Enabled -eq $true is removed, all objects is returned?
Get-ADObject
does not output an Enabled
property for user and computer accounts. If you use Get-ADUser
or Get-ADComputer
, you get that property.
You could instead attempt to look at the UserAccountControl
attribute. The second bit (decimal 2
) will be on for disabled accounts.
$filter = "(objectClass -eq 'user' -or objectClass -eq 'computer') -and -not UserAccountControl -band 2"
Wow, this is cool and working.
thanks @admin
What about using this pipe:
| Where-Object {@(‘user’, ‘computer’) -contains $_.objectClass}
Would it be faster or more accurate?
-Filter
is almost always faster than piping to Where
. This is especially true for indexed AD attributes. There are cases where the where()
method is faster if you use a favorable mode for the situation.
[quote quote=251141] -Filter is almost always faster than piping to Where. This is especially true for indexed AD attributes. There are cases where the where() method is faster if you use a favorable mode for the situation.
[/quote]
Thank you so much for the explanations