Get-ADUser with Multiple filters

ggman8988 · June 23, 2020, 2:33pm

Hey guys, first post here for me.

I was wondering if anyone can help me, I’m trying to get-ad users with multiple conditions, but obvioustly this isn’t working as expected.

Get-ADUser -filter {(name -notlike “.admin") -and
(name -notlike ".bot”) -and
(name -notlike “.tv") -and
(name -notlike ".dsk”) -and
(name -notlike “.ad") -and
(name -notlike ".adm”) -and
(name -notlike “*.dba”)} -properties PasswordNeverExpires,msDS-UserPasswordExpiryTimeComputed | where {$.enabled -eq $true -and $.PasswordNeverExpires -eq $False} |
Where {$.DistinguishedName -notlike “OU info”} |
Where {$.DistinguishedName -notlike “OU info”} |
Where {$.DistinguishedName -notlike “OU info”} |
Where {$.DistinguishedName -notlike “OU info”} |
Where {$.DistinguishedName -notlike “OU info”} |
Where {$.DistinguishedName -notlike “OU info”} |
Where {$.DistinguishedName -notlike “OU info”} |
Where {$.DistinguishedName -notlike “OU info”} |
Where {$.DistinguishedName -notlike “OU info”} |
Where {$.DistinguishedName -notlike “OU info”} |
where { ($.ExpiryDate -as [DateTime]) -gt (get-date) -and ($.ExpiryDate -as [DateTime]) -lt (get-date).adddays(30)} |
select Name,SamAccountName,@{Name=“ExpiryDate”;Expression={([datetime]::FromFileTime($_.“msDS-UserPasswordExpiryTimeComputed”)).DateTime}}
#| Export-Csv “location\PasswordAudit.csv” -NoTypeInformation

OU info is where I put distinguished name of certain OUs.

I think it’s something to do with Pipeline… but cant’ seem to find the spot.

In future, I will be using outcome and add their password expiry date by 30 days

phatmandrake · June 23, 2020, 3:09pm

Your final Where-Object I believe may have been holding it up.

Modified:

Where-Object { ([datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed") -gt (Get-Date)) -and [datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed") -lt (Get-Date).AddDays(30) }

Convert the exact name of the property. You have expiryDate, but the property is msDS-UserPasswordExpiryTimeComputed .

I changed your conversion check as well so that it just does the conversion and compares it to the date using the same language in your Select-Object statement in case the conversion is failing with your method.

Also if unless PowerShell is smart enough to combine those where-object filters (I do not know), you’re probably slowing you script down by calling it multiple time likes that.

ggman8988 · June 23, 2020, 3:17pm

[quote quote=237709]Your final Where-Object I believe may have been holding it up.

Modified:

PowerShell

3 lines

1

2

3

Where-Object·{·([datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")·-gt·(Get-Date))·-and·[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")·-lt·(Get-Date).AddDays(30)·}

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Convert the exact name of the property. You have expiryDate, but the property is msDS-UserPasswordExpiryTimeComputed .

I changed your conversion check as well so that it just does the conversion and compares it to the date using the same language in your Select-Object statement in case the conversion is failing with your method.

Also if unless PowerShell is smart enough to combine those where-object filters (I do not know), you’re probably slowing you script down by calling it multiple time likes that.

[/quote]

Thank you, it actually starts working

Per your comment at the end, I tested to put them in variable and using -and, but it failed every time… so I just got stuck like this using multiple pipelines… probably not the best way to do it, I 100% agree.

If I were to get these user data and “set” their expirydate to whatever current date + 30 days, would I have to bracket entire get-aduser filter?

Edit:

Actually there is a slight problem… with your change, i’m getting 95% result… the other 5% it returns error like this:

Exception calling “FromFileTime” with “1” argument(s): "Not a valid Win32 FileTime.

js2010 · June 23, 2020, 4:20pm

If the expiration time isn’t set, it might be something like [int]::maxvalue, which can’t be converted to a datetime. Maybe it’s better to convert the datetime to a filetime, and compare two filetimes instead.

phatmandrake · June 24, 2020, 4:33pm

Accounts set to never expire will throw the error.

js2010 · June 24, 2020, 4:41pm

Indeed. If you could do it within the get-aduser -filter it seems to convert automatically.

[datetime]::FromFileTime([int64]::MaxValue)  # default expiration value

Exception calling "FromFileTime" with "1" argument(s): "Not a valid Win32 FileTime.
Parameter name: fileTime"
At line:1 char:1
+ [datetime]::FromFileTime([int64]::MaxValue)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ArgumentOutOfRangeException

Compare filetime’s instead:

Where { $_."msDS-UserPasswordExpiryTimeComputed" -gt (Get-Date).ToFileTime() -and
  $_."msDS-UserPasswordExpiryTimeComputed" -lt (Get-Date).AddDays(30).ToFileTime() }

Ah, the space that turns into a red dot in this forum is a Unicode Character “NO-BREAK SPACE” (U+00A0) or “nbsp” Unicode Character 'NO-BREAK SPACE' (U+00A0)

[int][char]' ' | % tostring x

a0


[char]0xa0

Topic		Replies	Views
Password expiring in 30 days PowerShell Help	5	1834	May 16, 2024
Finding Expired and Unused AD Accounts PowerShell Help	7	410	May 16, 2024
Timespan Filtering in Get-AdUser or Search-AdAccount PowerShell Help	2	266	May 16, 2024
Query user accounts that will expire by certain date or via Get-Date? PowerShell Help	16	1134	May 16, 2024
Filter out users in an OU from get-aduser/Expired AD attrib? PowerShell Help	2	270	May 16, 2024

Get-ADUser with Multiple filters

Related topics