I am very new to powershell and still learning some of the basics so apologies. I am trying to search AD Computer accounts with multiple filters. What I am trying to do is to view name / description ONLY for disabled computer accounts. I also need to filter by TGNX*. I have entered the following but keep getting syntax errors after trying various combinations for the last hour:
The docs are pretty messed up for these active directory cmdlet filters. The filter is a string, not a script block, despite what the docs say. The get-aduser docs have the same problem.
< filter > ::= "{" < FilterComponentList > "}"
Double quotes and single quotes must go this way for variables to work. This works for me:
Get-ADComputer -filter "enabled -eq '$true' -and name -like 'TGNX*'"
Actually, to hurt your brain some more, this works too:
Get-ADComputer -filter 'enabled -eq $true -and name -like "TGNX*"'
This works too. The filter string casted from the script block seems to have to end up quoted in just the right way. Black magic. Without the parentheses, the operator precedence in this should be fine. Although unlike most languages, -and and -or have equal precedence!
get-adcomputer -filter {enabled -eq $true -and Name -like '*ws01*'}
Great that you have a working code, but its not an efficient code. You can have code which is efficient and fast.
#Not tested
Get-ADComputer -LDAPFilter '(&(Name="TGNX*")(Description="")(Enabled="True"))' -Property Name,Description,Enabled | Out-File -FilePath H:\Documents\TGNX_No_Desc_Enabled.txt
#When you have multiple conditions, no need to use multiple where cmdlets,
… | Where-Object -FilterScript {([string]:IsNullOrEmpty($_.description)) -and $_.Enabled}
Its always good to read the documentation when we use a new cmdlet.