Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, February 5, 2015 1:37 PM
Hello,
I need to put some exclusion for my input data
Lets say, I don't want to list "test01, test02, test03" users.
I can write it like
get-aduser -filter * |?{$_.name -ne "test01" -and $_.name -ne "test02" ..}
Im sure there is more candy-like way to accomplish this.
Something like
$exclude = @('test01','test02')
get-aduser -filter * |?{$_.name -notmach $exclude}
Propably I find the answer myself soon, but im in hurry and need it to resolve that fast..
All replies (17)
Thursday, February 5, 2015 2:53 PM ✅Answered
Looks like you can use the -Notcontains, I tried the following test
$users = @("User1","Test01","test02","AnotherUser")
$excludeUsers = @("Test01","test02")
$users | Where {$excludeUsers -notcontains $_}
The results after is just the User1 and AnotherUser, so possibly this will work for you
$excludedUsers = @('Test01', 'Test02')
Get-AdUser -Filter * | Where { $excludedUsers -notcontains $_.SamAccountName }
If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.
Thursday, February 5, 2015 2:56 PM ✅Answered
Something like this?
$Exclude = @(
'Test01',
'Test02',
'Test03'
)
$filter = ($Exclude | foreach {'(Name -ne ' + "'$_')"}) -join ' -and '
Get-ADUser -Filter $filter
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
Thursday, February 5, 2015 2:56 PM ✅Answered
Here's something you can try:
$usersToExclude = 'test1','test2'
Get-ADUser -Filter * -SearchBase 'OU=Test Users,DC=domain,DC=com' |
Where { $usersToExclude -notcontains $_.SamAccountName }
EDIT: Ah, slow on submit. See above.
Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)
Thursday, February 5, 2015 1:50 PM
Is there accounts that have "test" in the name that you do want to see? If not something like this should work
Get-ADUser -Filter * | Where {$_.Name -notmatch "[Tt]est[0-9]" }
If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.
Thursday, February 5, 2015 1:59 PM
We dont use "test*" usernames at all. That was just an expression.
I think no-one puts correct usernames to public forum. Lets say usernames are like "richard15;bill40 ..."
Thursday, February 5, 2015 2:07 PM | 1 vote
Some people do actually use test in user account names, and when retrieving info from AD, would like to exclude them.
If you have certain users to exclude, then you will need to exclude each user you do not want, unless there is something in common with all users you want to exclude, like same OU, or an AD attribute that is the same, but looking at your new example, that is not the case.
Get-AdUser -Filter {(Name -ne "User1") -and (Name -ne "User2") -and (Name -ne "User3")}
If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.
Thursday, February 5, 2015 2:20 PM
Is there accounts that have "test" in the name that you do want to see? If not something like this should work
Get-ADUser -Filter {Name -notmath "[Tt]est[0-9]" }If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.
You can't use -match or -notmatch operators for that. The provider will let you create a filter using Powershell operator syntax, and then translate it to an LDAP filter for you, but there is no LDAP filter that will use a regex so those operators won't translate.
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
Thursday, February 5, 2015 2:26 PM
Is there accounts that have "test" in the name that you do want to see? If not something like this should work
Get-ADUser -Filter {Name -notmath "[Tt]est[0-9]" }If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.
You can't use -match or -notmatch operators for that. The provider will let you create a filter using Powershell operator syntax, and then translate it to an LDAP filter for you, but there is no LDAP filter that will use a regex so those operators won't translate.
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
You are correct, that post should of piped over to the Where-Object, to use that filter, but since the user needs to filter out specific users, he should be able to use the Filter param and use the -ne
I have updated the above script, to correctly use that filter
If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.
Thursday, February 5, 2015 2:31 PM
Yes,
but imagine i would need propably 20+ users to filter out. That would be a hell long one-liner. I thought it is possible to create an array of users (easy to read, edit) and then use -notmatch or -notcontains operator in get-aduser cmdlet ...
Thursday, February 5, 2015 3:01 PM
Here's something you can try:
$usersToExclude = 'test1','test2' Get-ADUser -Filter * -SearchBase 'OU=Test Users,DC=domain,DC=com' | Where { $usersToExclude -notcontains $_.SamAccountName }EDIT: Ah, slow on submit. See above.
Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)
That will work too, but it's using late filtering and may be quite a bit slower if it's a large domain.
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
Thursday, February 5, 2015 3:07 PM
Here's something you can try:
$usersToExclude = 'test1','test2' Get-ADUser -Filter * -SearchBase 'OU=Test Users,DC=domain,DC=com' | Where { $usersToExclude -notcontains $_.SamAccountName }EDIT: Ah, slow on submit. See above.
Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)
That will work too, but it's using late filtering and may be quite a bit slower if it's a large domain.
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
If you do not use a searchBase then it will take some time. Running against my domain, and excluding only two users, it took 12 secs to run, your script takes 13 secs to run, so not too much of a difference, but everyone's AD is different
If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.
Thursday, February 5, 2015 3:09 PM
That will work too, but it's using late filtering and may be quite a bit slower if it's a large domain.
Yep, that's why I included -SearchBase. Hopefully targeting a specific OU won't be too much overload.
I have the luxury of a smallish domain, so I've been able to get away with doing filtering after the fact most times.
Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)
Thursday, February 5, 2015 3:11 PM
It probably won't make that much difference in an exclude operation.
If you use it to create an "Include" filter (change the -ne to -eq) to return an arbitrary list of users it should be considerably faster than late filtering, or running the list through Get-ADUser one at a time.
Edit: To use it to create an "Include" filter, you'd want to change the condition from -ne to -eq, and also change the -join from -and to -or.
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
Thursday, February 5, 2015 3:31 PM
Something like this?
$Exclude = @( 'Test01', 'Test02', 'Test03' ) $filter = ($Exclude | foreach {'(Name -ne ' + "'$_')"}) -join ' -and ' Get-ADUser -Filter $filter[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
Your code examples works great as always.. wish I have the same knowledge
Alhough ive hard time to understand why u did it like that.. Had to look at it quite long time :)
Now i know what does it do, constructing
-filter (Name -ne 'test01') -and (Name -ne 'test02') -and (Name -ne 'robert03') -and (Name -ne 'user05')
Mike example might (will) be slower, but I understand his code in seconds :).
Thursday, February 5, 2015 3:36 PM
As I said earlier, it probably won't make much difference on an exclude operation, and Mike's code may be better in that scenario since it is more intuitive.
Building an early filter like that for an "Include" scenario would be more likely to result in measurable performance benefits, and could be worth the extra code for that.
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
Thursday, February 5, 2015 3:41 PM
Here's something you can try:
$usersToExclude = 'test1','test2' Get-ADUser -Filter * -SearchBase 'OU=Test Users,DC=domain,DC=com' | Where { $usersToExclude -notcontains $_.SamAccountName }EDIT: Ah, slow on submit. See above.
Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)
Thank you Mike ..
Thursday, February 5, 2015 4:03 PM
Thank you Mike ..
Cheers, you're very welcome.
Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)