Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, July 26, 2019 4:27 PM
Hi,
I am trying to find only active/enabled faculty members with this script, but ended up getting disabled accounts, too.
Any insight?
Thanks,
Mike
# To find faculty
$filter_faculty = {
Enabled -eq $true -and
Description -like "*Instructor*" -or
Description -like "*Professor*" -or
Description -like "*Dean*" -or
Description -like "*Program Chair*" -or
Description -like "*Program Director*"
}
$faculty = Get-ADUser -Filter $filter_faculty -SearchBase "OU=User Accounts,DC=School,DC=edu"
$faculty | Sort-Object -Property SAMAccountName | Select-Object -Property SAMAccountName | Out-File c:\faculty.csv
All replies (10)
Friday, July 26, 2019 8:00 PM ✅Answered
This construct also bypasses the parser bug:
$filter = {
Enabled -eq $true -and
(
(Description -like '*Instructor*') -or
(Description -like '*Professor*') -or
(Description -like '*Dean*') -or
(Description -like '*Program Chair*') -or
(Description -like '*Program Director*')
)
}
Get-ADUser -Filter $filter -SearchBase 'OU=Employees,OU=User Accounts,DC=School,DC=edu'
\(ツ)_/
Friday, July 26, 2019 4:57 PM
What you are claiming is not possible. Look at the returned objects.
Get-ADUser -Filter $filter_faculty -SearchBase "OU=User Accounts,DC=School,DC=edu" |
Select Name, Enabled
\(ツ)_/
Friday, July 26, 2019 5:30 PM
What you are claiming is not possible. Look at the returned objects.
Get-ADUser -Filter $filter_faculty -SearchBase "OU=User Accounts,DC=School,DC=edu" | Select Name, Enabled\(ツ)_/
But I works if I limit the filter to only "Enabled -eq $true". Like this:
Get-ADUser -Filter {Enabled -eq $true} -SearchBase "OU=User Accounts,DC=School,DC=edu" | Sort-Object -Property SAMAccountName | Select-Object -Property SAMAccountName | out-file c:\enabled.csv
Friday, July 26, 2019 7:34 PM
You need to use my filter from your previous question on this. You completely misunderstood the discussion and changed my filter back to your bad filter. Please go back and copy my original code and use it.
\(ツ)_/
Friday, July 26, 2019 7:36 PM
Here is the code I posted which you immediately changed to your original bad post.
$filter = {
Enabled -eq $true -and
Description -notlike '*Instructor*' -and
Description -notlike '*Professor*' -and
Description -notlike '*Dean*' -and
Description -notlike '*Program Chair*' -and
Description -notlike '*Program Director*'
}
$staff = Get-ADUser -Filter $filter -SearchBase 'OU=Employees,OU=User Accounts,DC=School,DC=edu'
\(ツ)_/
Friday, July 26, 2019 7:40 PM
The "-and" is "bound" only to the next conditional statement. The rest of the "-or" operators are evaluated independently.
In the example below, only the $Description values that have "*Lab*" in them fail. The other descriptions all pass.
$Enabled = $FALSE
$Titles = @(
'Lab Instructor Apprentice',
'Lab Instructor',
'Junior Professor of Gobbledegook',
'The Dean of Earl',
'Sit in the Program Chair and watch',
'Watch the Program Director Fail'
)
Foreach ($Description in $Titles){
$Description
$Enabled -eq $true -and
$Description -like "*Lab*" -or
$Description -like "*Professor*" -or
$Description -like "*Dean*" -or
$Description -like "*Program Chair*" -or
$Description -like "*Program Director*"
}
Now, parenthesize all the "-or" conditions and all the results pass or fail (because the $Enabled test passes or fails independantly).
$Enabled = $FALSE
$Titles = @(
'Lab Instructor Apprentice',
'Lab Instructor',
'Junior Professor of Gobbledegook',
'The Dean of Earl',
'Sit in the Program Chair and watch',
'Watch the Program Director Fail'
)
Foreach ($Description in $Titles){
$Description
$Enabled -eq $true -and
( $Description -like "*Lab*" -or
$Description -like "*Professor*" -or
$Description -like "*Dean*" -or
$Description -like "*Program Chair*" -or
$Description -like "*Program Director*"
)
}
Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)
Friday, July 26, 2019 7:56 PM
The original question asked the opposite,
If you want all "enabled" members then Rich is correct. Just add the parens around all "OR" conditions.
Due to a bug in the filter parser this is how you have to construct the statement with "-or". THis bug may no longer exisits in 2019.
$filter = {
Enabled -eq $true -and (
Description -like '*Instructor*' -or Description -like '*Professor*' -or Description -like '*Dean*' -or Description -like '*Program Chair*' -or Description -like '*Program Director*'
)
}
$staff = Get-ADUser -Filter $filter -SearchBase 'OU=Employees,OU=User Accounts,DC=School,DC=edu'
\(ツ)_/
Tuesday, July 30, 2019 6:35 AM
Hi,
Was your issue resolved?
If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
If no, please reply and tell us the current situation in order to provide further help.
Best Regards,
Lee
Just do it.
Tuesday, July 30, 2019 10:13 PM
This construct also bypasses the parser bug:
$filter = { Enabled -eq $true -and ( (Description -like '*Instructor*') -or (Description -like '*Professor*') -or (Description -like '*Dean*') -or (Description -like '*Program Chair*') -or (Description -like '*Program Director*') ) } Get-ADUser -Filter $filter -SearchBase 'OU=Employees,OU=User Accounts,DC=School,DC=edu'\(ツ)_/
This one works.
Thanks so much!
Tuesday, July 30, 2019 10:38 PM
Yes. It has. Thank you all!