I’m trying to get all users enabled, lastlogondate greater than 120 days and msexchlitigationholddate like null. Then I want all users enabled, modified greater than 120 days, lastlogondate like Null and msexchlitigationholddate like null
get-aduser -filter {((enabled -eq $True) -and (lastlogonDate -le $DaysInactive) -and (msExchLitigationHoldDate -notlike "*")) -or ((enabled -eq $True) -and (lastlogonDate -notlike "*") -and (modified -le $DaysInactive) -and (msExchLitigationHoldDate -notlike "*"))} -Properties modified, lastlogondate, msExchLitigationHoldDate
I can do this with two commands but thinking there is a way to build this into one.
Would have to test that the separate and joined filters return the same users, but normally recommend formatting it something like this so logic can be validated:
(enabled -eq $True)
-and
(msExchLitigationHoldDate -notlike "*")
-and
(
(lastlogonDate -le $DaysInactive)
-or
(
(lastlogonDate -notlike "*")
-and
(modified -le $DaysInactive)
)
)
Then you can place it back into a single line for execution. The biggest question is if the filter applies the order of operations using parens so that the statement correctly group and identify true\false subqueries. It may be easier to just join the results than troubleshoot an advanced filter, but you can try the logic above to see if the query executes properly.
Rob, thanks for the information I will give it a shot and see what I end up with.