Get-ADUser with Multiple filters

Hey guys, first post here for me.

I was wondering if anyone can help me, I’m trying to get-ad users with multiple conditions, but obvioustly this isn’t working as expected.

Get-ADUser -filter {(name -notlike “.admin") -and
(name -notlike "
.bot”) -and
(name -notlike “.tv") -and
(name -notlike "
.dsk”) -and
(name -notlike “.ad") -and
(name -notlike "
.adm”) -and
(name -notlike “*.dba”)} -properties PasswordNeverExpires,msDS-UserPasswordExpiryTimeComputed | where {$.enabled -eq $true -and $.PasswordNeverExpires -eq $False} |
Where {$.DistinguishedName -notlike “OU info”} |
Where {$
.DistinguishedName -notlike “OU info”} |
Where {$.DistinguishedName -notlike “OU info”} |
Where {$
.DistinguishedName -notlike “OU info”} |
Where {$.DistinguishedName -notlike “OU info”} |
Where {$
.DistinguishedName -notlike “OU info”} |
Where {$.DistinguishedName -notlike “OU info”} |
Where {$
.DistinguishedName -notlike “OU info”} |
Where {$.DistinguishedName -notlike “OU info”} |
Where {$
.DistinguishedName -notlike “OU info”} |
where { ($.ExpiryDate -as [DateTime]) -gt (get-date) -and ($.ExpiryDate -as [DateTime]) -lt (get-date).adddays(30)} |
select Name,SamAccountName,@{Name=“ExpiryDate”;Expression={([datetime]::FromFileTime($_.“msDS-UserPasswordExpiryTimeComputed”)).DateTime}}
#| Export-Csv “location\PasswordAudit.csv” -NoTypeInformation

OU info is where I put distinguished name of certain OUs.

I think it’s something to do with Pipeline… but cant’ seem to find the spot.

In future, I will be using outcome and add their password expiry date by 30 days

Your final Where-Object I believe may have been holding it up.

Modified:

Where-Object { ([datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed") -gt (Get-Date)) -and [datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed") -lt (Get-Date).AddDays(30) }

Convert the exact name of the property. You have expiryDate, but the property is msDS-UserPasswordExpiryTimeComputed .

I changed your conversion check as well so that it just does the conversion and compares it to the date using the same language in your Select-Object statement in case the conversion is failing with your method.

Also if unless PowerShell is smart enough to combine those where-object filters (I do not know), you’re probably slowing you script down by calling it multiple time likes that.

[quote quote=237709]Your final Where-Object I believe may have been holding it up.

Modified:

PowerShell
3 lines
<textarea class="ace_text-input" style="opacity: 0; height: 18px; width: 6.59781px; left: 44px; top: 0px;" spellcheck="false" wrap="off"></textarea>
1
2
3
Where-Object·{·([datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")·-gt·(Get-Date))·-and·[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")·-lt·(Get-Date).AddDays(30)·}
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Convert the exact name of the property. You have expiryDate, but the property is msDS-UserPasswordExpiryTimeComputed .

I changed your conversion check as well so that it just does the conversion and compares it to the date using the same language in your Select-Object statement in case the conversion is failing with your method.

Also if unless PowerShell is smart enough to combine those where-object filters (I do not know), you’re probably slowing you script down by calling it multiple time likes that.

[/quote]

Thank you, it actually starts working

Per your comment at the end, I tested to put them in variable and using -and, but it failed every time… so I just got stuck like this using multiple pipelines… probably not the best way to do it, I 100% agree.

If I were to get these user data and “set” their expirydate to whatever current date + 30 days, would I have to bracket entire get-aduser filter?

Edit:

Actually there is a slight problem… with your change, i’m getting 95% result… the other 5% it returns error like this:

Exception calling “FromFileTime” with “1” argument(s): "Not a valid Win32 FileTime.

If the expiration time isn’t set, it might be something like [int]::maxvalue, which can’t be converted to a datetime. Maybe it’s better to convert the datetime to a filetime, and compare two filetimes instead.

Accounts set to never expire will throw the error.

Indeed. If you could do it within the get-aduser -filter it seems to convert automatically.

[datetime]::FromFileTime([int64]::MaxValue)  # default expiration value

Exception calling "FromFileTime" with "1" argument(s): "Not a valid Win32 FileTime.
Parameter name: fileTime"
At line:1 char:1
+ [datetime]::FromFileTime([int64]::MaxValue)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ArgumentOutOfRangeException

Compare filetime’s instead:

Where { $_."msDS-UserPasswordExpiryTimeComputed" -gt (Get-Date).ToFileTime() -and
  $_."msDS-UserPasswordExpiryTimeComputed" -lt (Get-Date).AddDays(30).ToFileTime() }

Ah, the space that turns into a red dot in this forum is a Unicode Character “NO-BREAK SPACE” (U+00A0) or “nbsp” https://www.fileformat.info/info/unicode/char/00a0/index.htm

[int][char]' ' | % tostring x

a0


[char]0xa0