Where {var}

by grauballe at 2013-03-25 00:06:52

I try to build a LDAP query:
Find all users in OU1 and below, but exclude OU3 and OU5
What I tried to do was building a LDAP query in a variable, since I have many OU structures to search and do
excludes, so I have made a search config file:


I then read the file and build a variable with following information:
$Search = “{ $.ParentContainerDN -notlike '*OU=OU3,OU=OU1,DC=xx,DC=xx" -and $.ParentContainerDN -notlike '*OU=OU3,OU=OU1,DC=xx,DC=xx”}

Then I do my search
get-qaduser -SearchRoot " OU=OU1,DC=xx,DC=xx” | where {$Seach}

But this doesnt seem to work.
If I type query “static” into a PS file, it works fine, so the query and the syntax is right.
Question… Is this possible at all using $Search as input to where?
Is there another way to exclude OU’s in a search (I have to exclude 10 OU’s in one of the searches, and config file is almost 70 lines)


by grauballe at 2013-03-25 00:45:27
OU structure lost some info when posted:

OU1 (parent OU, remaining OU’s are child OU’s)
– OU2
– OU3
– OU4
– OU5
by notarat at 2013-03-25 04:41:37
From the face of it, it sounds doable if you:

1 - Separate the static(non-changing) part of the OU from the part that will change and assign the static part to a variable
2 - Read in and Loop through a list of those OUs you want to search (the changing part of the OU), join it to the static part, then search
by MasterOfTheHat at 2013-03-25 10:39:34
Not sure about how it works with Get-QADUser, but with Get-ADUser, you can do something like this:
Get-ADUser -SearchBase “OU=OU1,DC=domain,DC=com” -Filter * | Where-Object { ($.Distinguishedname -notlike “OU=OU3”) -and ($.DistinguishedName -notlike “OU=OU5”) }
In that command, the Get-ADUser part of the pipeline gets all users in OU1 and it’s child OUs and then the Where-Object part of the pipeline removes those users in OU3 and OU5.

The other option would be to do something like I did in this post where you get a list of the OUs that you want to pull users from and then pull the users from each one using ForEach-Object.
by ArtB0514 at 2013-03-25 11:05:17
Your issue is with the Where-Object Search string:
$Search = { $.ParentContainerDN -notlike '*OU=OU3,OU=OU1,DC=xx,DC=xx" -and $.ParentContainerDN -notlike '*OU=OU5,OU=OU1,DC=xx,DC=xx"}
Because you are using -and, you are testing that the ParentContainerDN not match BOTH paths. Use -or instead and it should work.

Also, you could make your search string a bit shorter by using a regex. The “|” character means OR in a regex:
$Search = {$_.ParentContainerDN -notmatch “OU3|OU5”}