Multiple filters -Get-ADComputer

PowerShell Help
1

Hi

I am very new to powershell and still learning some of the basics so apologies. I am trying to search AD Computer accounts with multiple filters. What I am trying to do is to view name / description ONLY for disabled computer accounts. I also need to filter by TGNX*. I have entered the following but keep getting syntax errors after trying various combinations for the last hour:

Get-ADComputer -filter {(enabled -eq $true) -and ‘Name -like “TGNX*”’} -Property Name,Description,Enabled | Select -Property Name,Enabled,Description

Many thanks!

2

Use -LDAPFilter.

Get-ADComputer -LDAPFilter “(&(name=laptop)(enabled=‘true’))”

3

The docs are pretty messed up for these active directory cmdlet filters. The filter is a string, not a script block, despite what the docs say. The get-aduser docs have the same problem.

< filter > ::= "{" < FilterComponentList > "}"

Double quotes and single quotes must go this way for variables to work. This works for me:

Get-ADComputer -filter "enabled -eq '$true' -and name -like 'TGNX*'"

Actually, to hurt your brain some more, this works too:

Get-ADComputer -filter 'enabled -eq $true -and name -like "TGNX*"'
4

Always step into your code one piece at a time to make sure you are getting what you’ expect before moving or adding more.

Get-ADComputer -Filter * -Property Name,Description,Enabled | 
Select -Property Name,Enabled,Description | 
Format-Table -AutoSize
<#
Name         Enabled Description
----         ------- -----------
DC01        True            
...           
WAP01      False 
WS01        True           
...
#>



Get-ADComputer -filter {enabled -eq $true} -Property Name,Description,Enabled | 
Select -Property Name,Enabled,Description | 
Format-Table -AutoSize
<#
Name         Enabled Description
----         ------- -----------
DC01        True            
...
WS01        True 
...           
#>



Get-ADComputer -filter {Name -like '*ws01*'} -Property Name,Description,Enabled | 
Select -Property Name,Enabled,Description | 
Format-Table -AutoSize
<#
Name     Enabled Description
----     ------- -----------
WS01    True            
#>




Get-ADComputer -filter {(enabled -eq $true) -and (Name -like '*ws01*')} -Property Name,Description,Enabled | 
Select -Property Name,Enabled,Description | 
Format-Table -AutoSize
<#
Name     Enabled Description
----     ------- -----------
WS01    True            
#>
5

This works too. The filter string casted from the script block seems to have to end up quoted in just the right way. Black magic. Without the parentheses, the operator precedence in this should be fine. Although unlike most languages, -and and -or have equal precedence!

get-adcomputer -filter {enabled -eq $true -and Name -like '*ws01*'}
6

Thanks everyone, I got this working now and once it runs, its all worth while!

7

It would be nice if you can share the solution here, it will help someone else in future.

8

Get-ADComputer -filter ‘Name -like “TGNX*”’ -Property Name,Description,Enabled | Select -Property Name,Enabled,Description |where description -like “”|where-Object {$_.Enabled -eq $True}|Out-File -FilePath H:\Documents\TGNX_No_Desc_Enabled.txt

9

Great that you have a working code, but its not an efficient code. You can have code which is efficient and fast.

#Not tested
Get-ADComputer -LDAPFilter '(&(Name="TGNX*")(Description="")(Enabled="True"))' -Property Name,Description,Enabled | Out-File -FilePath H:\Documents\TGNX_No_Desc_Enabled.txt

#When you have multiple conditions, no need to use multiple where cmdlets,
… | Where-Object -FilterScript {([string]:IsNullOrEmpty($_.description)) -and $_.Enabled}

Its always good to read the documentation when we use a new cmdlet.

10

AD filters are challenging. Setting resultsetsize for testing.

get-adcomputer -filter "enabled -eq '$true' -and name -like 'TGNX*' -and description -notlike '*'" -ResultSetSize 10

Note that out-file saves in unicode (like Task Scheduler).