How to add an AD user to a list if they aren't on any other list?

conats · January 29, 2019, 2:26pm

I have a script that goes through all of the AD users in a domain and puts them in a CSV file depending on what is in their AD Description field. There may be anywhere from 2 to 5 groups that each have different codes in their description, each group going to a different file. These are specified in $SearchFor. I would like one of the groups to include users with the assigned code, users with a blank Description, and users that don’t have a valid code. This is where I am having trouble, everything else works. The relevant portion of the script is listed below. The ‘-or $_.Description -notcontains $SearchFor’ doesn’t return what I am looking for. I have tried -notlike and all of the other conditionals that I thought might work with no luck. Any ideas? Thanks!

$ADServer = $env:COMPUTERNAME
$SearchFor = "AG", "OLJ", "AJCR"
$SearchBase = "DC=domain,DC=local"

# Loop through each item and create a report
ForEach ($item in $SearchFor) {

# If processing the AG group, include users not in the other groups
If ($item -eq "AG") {
$AllADUsers = Get-ADUser -server $ADServer -searchbase $SearchBase -Filter * -Properties * |
Where-Object {$_.Description -match $item -or $_.Description -eq $null -or $_.Description -notcontains $SearchFor}
} Else {
$AllADUsers = Get-ADUser -server $ADServer -searchbase $SearchBase -Filter * -Properties * |
Where-Object {$_.Description -match $item}
}

$AllADUsers |
Select-Object @{Label = "First Name";Expression = {$_.GivenName}},
@{Label = "Last Name";Expression = {$_.Surname}},
@{Label = "Display Name";Expression = {$_.DisplayName}},
@{Label = "Username";Expression = {$_.sAMAccountName}},
@{Label = "AccountType";Expression = {$_.sAMAccountType}},
@{Label = "PasswordNotRequired";Expression = {$_.PasswordNotRequired}},
@{Label = "PasswordExpired";Expression = {$_.PasswordExpired}},
@{Label = "PasswordLastSet";Expression = {$_.PasswordLastSet}},
@{Label = "CannotChangePassword";Expression = {$_.CannotChangePassword}},
@{Label = "PasswordNeverExpires";Expression = {$_.PasswordNeverExpires}},
@{Label = "Account Status";Expression = {if (($_.Enabled -eq 'TRUE') ) {'Enabled'} Else {'Disabled'}}}, # the if statement# replaces $_.Enabled
@{Label = "AcctLockedOut";Expression = {$_.LockedOut}},
@{Label = "Last LogOn Date";Expression = {$_.lastlogondate}} | 
}

bo1 · January 29, 2019, 2:55pm

I would encourage you to look into the comparison operators help topic. It reveals the proper usage of -NotContains. I think you would want a -Notin operator instead? Notice $SearchFor is an array of strings, not a single string.

[pre]

Get-Help comparison_operators -ShowWindow

[/pre]

-NotContains Description: Containment operator. Tells whether a collection of reference values includes a single test value. Always returns a Boolean value. Returns TRUE when the test value is not an exact matches for at least one of the reference values. When the test value is a collection, the NotContains operator uses reference equality. Syntax: <Reference-values> -NotContains <Test-value> Examples: PS C:> “Windows”, “PowerShell” -NotContains “Shell” True #Not an exact match # Get cmdlet parameters, but exclude common parameters function get-parms ($cmdlet) { $Common = “Verbose”, “Debug”, “WarningAction”, “WarningVariable”, ` “ErrorAction”, “ErrorVariable”, “OutVariable”, “OutBuffer” $allparms = (Get-Command $Cmdlet).parametersets | foreach {$.Parameters} | ` foreach {$.Name} | Sort-Object | Get-Unique $allparms | where {$Common -NotContains $_ } }

postanote · January 29, 2019, 4:02pm

This

# Loop through each item and create a report
ForEach ($item in $SearchFor) 
{

    # If processing the AG group, include users not in the other groups
    If ($item -eq 'assigned code') {
        # Other code here
    } 
    ElseIf ($item -eq 'blank Description')
    {
        # Other code here
    }
    Else {
            # Final code here
    }
}

Or

$a = SomeValue
switch ($a) 
{ 
    HasCode {'Your code here'} 
    blank {'Your code here.'} 
    NoCode {'Your code here'} 
    default {'The value could not be determined.'}
}

conats · January 30, 2019, 10:39am

Thanks for the suggestions. -notin comes close, but it includes users from the other lists on the AG list because they don’t contain AG. I don’t want them in this list if they are in another list.

I’ll try these other suggestions and let you know what happens.

conats · January 31, 2019, 1:47pm

Thanks for the help. I didn’t get it to work the way I was trying, but decided I could just create an additional report containing all users that can be referred to if needed.

gazza · January 31, 2019, 4:19pm

If ($item.Description -notlike 'Code1' -and $item.Description -notlike 'Code2') {

}

But I would use switch like postanote said.

$a = 'Value'

switch($a){

Code1 {'Add to CSV Code1'}

Code2 {'Add to CSV Code2.'}

{or use Expression for Code3 } {'Add to CSV Code3'}

default{'Add to CSV that conatins all that did not match above..'}

}

Topic		Replies	Views
AD Group PowerShell Help	8	236	May 16, 2024
get users not in group and exclude some samaccountnames from output. PowerShell Help	2	236	May 16, 2024
Check if the users are part of AD groups PowerShell Help	4	1609	May 16, 2024
small problem PowerShell Help	11	185	May 16, 2024
Export users (CSV) - but exclude users that are members of a specific group PowerShell Help	2	432	May 16, 2024

How to add an AD user to a list if they aren't on any other list?

Related topics