How to add an AD user to a list if they aren't on any other list?

I have a script that goes through all of the AD users in a domain and puts them in a CSV file depending on what is in their AD Description field. There may be anywhere from 2 to 5 groups that each have different codes in their description, each group going to a different file. These are specified in $SearchFor. I would like one of the groups to include users with the assigned code, users with a blank Description, and users that don’t have a valid code. This is where I am having trouble, everything else works. The relevant portion of the script is listed below. The ‘-or $_.Description -notcontains $SearchFor’ doesn’t return what I am looking for. I have tried -notlike and all of the other conditionals that I thought might work with no luck. Any ideas? Thanks!

$SearchFor = "AG", "OLJ", "AJCR"
$SearchBase = "DC=domain,DC=local"

# Loop through each item and create a report
ForEach ($item in $SearchFor) {

# If processing the AG group, include users not in the other groups
If ($item -eq "AG") {
$AllADUsers = Get-ADUser -server $ADServer -searchbase $SearchBase -Filter * -Properties * |
Where-Object {$_.Description -match $item -or $_.Description -eq $null -or $_.Description -notcontains $SearchFor}
} Else {
$AllADUsers = Get-ADUser -server $ADServer -searchbase $SearchBase -Filter * -Properties * |
Where-Object {$_.Description -match $item}

$AllADUsers |
Select-Object @{Label = "First Name";Expression = {$_.GivenName}},
@{Label = "Last Name";Expression = {$_.Surname}},
@{Label = "Display Name";Expression = {$_.DisplayName}},
@{Label = "Username";Expression = {$_.sAMAccountName}},
@{Label = "AccountType";Expression = {$_.sAMAccountType}},
@{Label = "PasswordNotRequired";Expression = {$_.PasswordNotRequired}},
@{Label = "PasswordExpired";Expression = {$_.PasswordExpired}},
@{Label = "PasswordLastSet";Expression = {$_.PasswordLastSet}},
@{Label = "CannotChangePassword";Expression = {$_.CannotChangePassword}},
@{Label = "PasswordNeverExpires";Expression = {$_.PasswordNeverExpires}},
@{Label = "Account Status";Expression = {if (($_.Enabled -eq 'TRUE') ) {'Enabled'} Else {'Disabled'}}}, # the if statement# replaces $_.Enabled
@{Label = "AcctLockedOut";Expression = {$_.LockedOut}},
@{Label = "Last LogOn Date";Expression = {$_.lastlogondate}} | 

I would encourage you to look into the comparison operators help topic. It reveals the proper usage of -NotContains. I think you would want a -Notin operator instead? Notice $SearchFor is an array of strings, not a single string.


Get-Help comparison_operators -ShowWindow


-NotContains Description: Containment operator. Tells whether a collection of reference values includes a single test value. Always returns a Boolean value. Returns TRUE when the test value is not an exact matches for at least one of the reference values. When the test value is a collection, the NotContains operator uses reference equality. Syntax: <Reference-values> -NotContains <Test-value> Examples: PS C:&gt; “Windows”, “PowerShell” -NotContains “Shell” True #Not an exact match # Get cmdlet parameters, but exclude common parameters function get-parms ($cmdlet) { $Common = “Verbose”, “Debug”, “WarningAction”, “WarningVariable”, ` “ErrorAction”, “ErrorVariable”, “OutVariable”, “OutBuffer” $allparms = (Get-Command $Cmdlet).parametersets | foreach {$.Parameters} | ` foreach {$.Name} | Sort-Object | Get-Unique $allparms | where {$Common -NotContains $_ } }



# Loop through each item and create a report
ForEach ($item in $SearchFor) 

    # If processing the AG group, include users not in the other groups
    If ($item -eq 'assigned code') {
        # Other code here
    ElseIf ($item -eq 'blank Description')
        # Other code here
    Else {
            # Final code here


$a = SomeValue
switch ($a) 
    HasCode {'Your code here'} 
    blank {'Your code here.'} 
    NoCode {'Your code here'} 
    default {'The value could not be determined.'}

Thanks for the suggestions. -notin comes close, but it includes users from the other lists on the AG list because they don’t contain AG. I don’t want them in this list if they are in another list.

I’ll try these other suggestions and let you know what happens.


Thanks for the help. I didn’t get it to work the way I was trying, but decided I could just create an additional report containing all users that can be referred to if needed.


If ($item.Description -notlike 'Code1' -and $item.Description -notlike 'Code2') {
But I would use switch like postanote said.
$a = 'Value'
Code1 {'Add to CSV Code1'}
Code2 {'Add to CSV Code2.'}
{or use Expression for Code3 } {'Add to CSV Code3'}
default{'Add to CSV that conatins all that did not match above..'}