[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3944
  • Last Modified:

Get-ADUser command question

hello Experts
i am using windows 2008 domain, all AD account have "EmployeeID" configured, but some of them not configured for any reason, now i am want display all user accounts which don't have "EmployeeID" configured, what is the command should be in windows powershell?
for Example:Get-ADUser -Filter 'employeeid -eq 111111'
this command works, but i want list all users don't have employeeID have.
so i need you help tell me which command i should use.

thank you
0
beardog1113
Asked:
beardog1113
  • 3
  • 3
  • 2
  • +2
2 Solutions
 
aadi369Commented:
Get-ADUser -Filter 'employeeid
0
 
aadi369Commented:
Get-ADUser -Filter 'employeeid -eq
0
 
beardog1113Author Commented:
hello expert
i got this after your command, what should i do next?
thanks

PS C:\Windows\system32> Get-ADUser -Filter 'employeeid -eq
>>
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Krzysztof PytkoActive Directory EngineerCommented:
Unfortunately, you cannot get empty value from attribute using simple -Filter switch.
For that, you need to use -LDAPFilter

try this way
Import-Module ActiveDirectory
Get-ADUser -LDAPFilter "(!(employeeID=*))" -Properties * | Select SamAccountName,givenName,sn | Export-CSV c:\users.csv

Open in new window


Regards,
Krzysztof
0
 
Satish AutiSenior System AdministratorCommented:
Hello,

You can collect AD attributes using below script for all users in AD. for more info refer belwo link.

http://www.rlmueller.net/Document%20Attributes.htm

modify below lines as per your domain naming & run in cmd. You will get output in txt.

cscript //nologo DocumentProperties.vbs "WinNT://MyDomain/TestUser" > TestUser.txt

cscript //nologo DocumentProperties.vbs "LDAP://cn=TestUser,ou=Sales,dc=MyDomain,dc=com" > TestUser.txt

then open Testuser.txt in excel using & make a filter on "EmployeeID".

You will get the required info.

Regards,
Satish
0
 
beardog1113Author Commented:
hello Krzysztof
your command helps, could you give me a short explanation about:
Get-ADUser -LDAPFilter "(!(employeeID=*))" -Properties *
especially: "(!(employeeID=*))"
i am not understand what is that meaning.

thanks in advance
0
 
AkulshCommented:
employeeID=* means any value for employeeID.
! stands for NOT, so the combination becomes No Value or Null Value for employeeID.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
This is LDAP query definition and this means that:

search LDAP attributed named employeeID with any value (*)
! means NOT so, that query means search for each value in employeeID without value

-Properties * tell to Get-ADUser to get all attributes to pipe to another command, which are available to get over Select cmd-let

For more about LDAP queries, please visit SelfADSI website, which is really good for learning
http://www.selfadsi.org/

Krzysztof
0
 
beardog1113Author Commented:
your solution and explanation is perfect
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Thank you! I'm glad I could help

Krzysztof
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now