I have a script that goes through all of the AD users in a domain and puts them in a CSV file depending on what is in their AD Description field. There may be anywhere from 2 to 5 groups that each have different codes in their description, each group going to a different file. These are specified in $SearchFor. I would like one of the groups to include users with the assigned code, users with a blank Description, and users that don’t have a valid code. This is where I am having trouble, everything else works. The relevant portion of the script is listed below. The ‘-or $_.Description -notcontains $SearchFor’ doesn’t return what I am looking for. I have tried -notlike and all of the other conditionals that I thought might work with no luck. Any ideas? Thanks!
$ADServer = $env:COMPUTERNAME $SearchFor = "AG", "OLJ", "AJCR" $SearchBase = "DC=domain,DC=local" # Loop through each item and create a report ForEach ($item in $SearchFor) { # If processing the AG group, include users not in the other groups If ($item -eq "AG") { $AllADUsers = Get-ADUser -server $ADServer -searchbase $SearchBase -Filter * -Properties * | Where-Object {$_.Description -match $item -or $_.Description -eq $null -or $_.Description -notcontains $SearchFor} } Else { $AllADUsers = Get-ADUser -server $ADServer -searchbase $SearchBase -Filter * -Properties * | Where-Object {$_.Description -match $item} } $AllADUsers | Select-Object @{Label = "First Name";Expression = {$_.GivenName}}, @{Label = "Last Name";Expression = {$_.Surname}}, @{Label = "Display Name";Expression = {$_.DisplayName}}, @{Label = "Username";Expression = {$_.sAMAccountName}}, @{Label = "AccountType";Expression = {$_.sAMAccountType}}, @{Label = "PasswordNotRequired";Expression = {$_.PasswordNotRequired}}, @{Label = "PasswordExpired";Expression = {$_.PasswordExpired}}, @{Label = "PasswordLastSet";Expression = {$_.PasswordLastSet}}, @{Label = "CannotChangePassword";Expression = {$_.CannotChangePassword}}, @{Label = "PasswordNeverExpires";Expression = {$_.PasswordNeverExpires}}, @{Label = "Account Status";Expression = {if (($_.Enabled -eq 'TRUE') ) {'Enabled'} Else {'Disabled'}}}, # the if statement# replaces $_.Enabled @{Label = "AcctLockedOut";Expression = {$_.LockedOut}}, @{Label = "Last LogOn Date";Expression = {$_.lastlogondate}} | }