Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, November 12, 2014 12:54 PM | 1 vote
Hi,
I'm starting with Powershell and try to list Computer-names which are NOT member of specific groups (in this case WSUS_*) .
My Syntax looks like this
Get-ADComputer -Filter * -Property MemberOf -SearchBase "OU=DC=my,DC=domain" | where-object { $_.memberof -notlike "WSUS*" } | foreach { $_.Name }
But I'm getting not the right results :-(
What is wrong?
Regards
Miranda
All replies (10)
Wednesday, November 12, 2014 1:51 PM âś…Answered | 3 votes
You've got a couple of problems there. The first on, missing the leading * in your -notlike argument has already been addressesed.
Beyond that, it still isn't going to work if the computer is a member of more than one group.
If there is more than one group, then the -notlike or -notmatch will work as array operators, returning not True/False, but all of the members of the array that match the condition.
{ $_.memberof -notlike "*WSUS*" }
is going to return all of the group memberships that don't match "WSUS". That result will be cast as [bool] when used as a Where-Object clause, and will test $true if it returns anything at all. The only way this will work is if the computer account only belongs to one group, or if all the groups it belongs to are *WSUS* groups.
One solution is to cast the .memberof collection to [string], so you're testing a single object, and making -notlike return $true/$false based on the appearance of that string anywhere in any group:
where-object {[string]$_.memberof -notlike "*WSUS*" }
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
Wednesday, November 12, 2014 1:37 PM
where-object { $_.memberof -notlike "WSUS*" }
Should have a * at the start of the like string, as it will not start With "WSUS" but rather something like "CN=WSUS"
It should be
where-object { $_.memberof -notlike "*WSUS*" }
Wednesday, November 12, 2014 1:47 PM
where-object { $_.memberof -notlike "WSUS*" }
Should have a * at the start of the like string, as it will not start With "WSUS" but rather something like "CN=WSUS"
It should be
where-object { $_.memberof -notlike "*WSUS*" }
For her purpose it would work, but in general it would filter out computers where memberof contains WSUS in any part of the group name. It would remove SCCM_WSUS_TEST as well (just example)
.. and, it will not contain computers where memberof is EMPTY
Wednesday, November 12, 2014 1:49 PM
Hi,
See below thread.
Or if you can download the Quest powershell AD-snap ins and use:
get-qadcomputer -searchroot 'domain.dom/ou' -notmemberof "groupname"
Regards,
Calin
Wednesday, November 12, 2014 1:56 PM
this worked perfectly :-)
where-object {[string]$_.memberof -notlike "*WSUS*" }
Wednesday, November 12, 2014 2:03 PM
this worked perfectly :-)
where-object {[string]$_.memberof -notlike "*WSUS*" }
Ye.. just as perfectly if u don't have group that do not start with WSUS string (like SCCM_WSUS_GROUP1)
It would filter this computer as well (not gonna happen in your scenario)
Wednesday, November 12, 2014 2:28 PM
this worked perfectly :-)
where-object {[string]$_.memberof -notlike "*WSUS*" }Ye.. just as perfectly if u don't have group that do not start with WSUS string (like SCCM_WSUS_GROUP1)
It would filter this computer as well (not gonna happen in your scenario)
It won't matter if the group name starts with "WSUS" or not. The .memberof elements are distinguished names, and they're all going to start with "CN=".
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
Wednesday, November 12, 2014 2:44 PM
this worked perfectly :-)
where-object {[string]$_.memberof -notlike "*WSUS*" }Ye.. just as perfectly if u don't have group that do not start with WSUS string (like SCCM_WSUS_GROUP1)
It would filter this computer as well (not gonna happen in your scenario)
It won't matter if the group name starts with "WSUS" or not. The .memberof elements are distinguished names, and they're all going to start with "CN=".
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
I was pointing out, that if u don't specify *CN=WSUS* .. It would filter groups like CN=TESTWSUS group as well
I think this is better way do accomplish this
Get-ADComputer -Filter * -Property MemberOf -SearchBase "OU=DC=my,DC=domain" | ?{-not ($_.memberof -match "CN=WSUS")} |select name,memberof
Wednesday, November 12, 2014 2:53 PM
That will work, too.
Any particular reason why that would be better than
where-object {[string]$_.memberof -notmatch 'CN=WSUS' }
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
Wednesday, November 12, 2014 2:55 PM
That will work, too.
Any particular reason why that would be better?
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
Nope. and even if it is, I cant argue with you. My English skills and powershell skillz are way lower (almost nonexistent) than yours.. peace