understanding powershell

In Windows Host Scripting, we used Loops, IF , Else, End.
I wonder if powershell has the equivalent of that or it uses the pipes '|'  as  the equivalent.
it sounds to me that Powershell uses the concept of SQL queries, "Select columnname where columnname=XX and .....etc.." but with different syntax.

for instance I need to retrieve AD users who belong to Accounting Dept that have password expiration date "10/20/2013"

Any help will be appreciated,

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I believe the short answer is "yes" (& "all the above" probably too)
It's a pretty slick tool as I understand it.

However: I am not an expert in powershell, but some time ago, to get an understanding of it I started this quite comprehensive video by Don Jones: "Powershell Crash Course" - it's long (~4 hours) - and I didn't go through all of it

BUT: it gave me an appreciation for what it is, and if you need to use powershell I feel sure you gain from trying it at least.

{+ edit} and the url is: http://www.youtube.com/watch?v=-Ya1dQ1Igkc
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
"If" is still alive and well in Powershell, I have done a few things wish Powershell, and find it's a far more prickly beast than batch, but 'if' 'else' still works quite the same as previous scripting languages.
Do a google search for powershell basics and you will see plenty of links to youtube videos and books to get the basics.  post questions when you need direction or get stuck!
Webinar: What were the top threats in Q2 2018?

Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that describes and analyzes the top threat trends impacting companies around the world. Are you ready to learn more about the top threats of Q2 2018? Register for our Sept. 26th webinar to learn more!

I once read an article that I feel applies very well here, I hope I can paraphrase it correctly.  Essentially it said that due to its very nature as a scripting language it shares many features in common with other scripting languages.  So many (if not most) of the concepts that you have learned from one scripting language will apply to another.

Indeed there are several kinds of loops (for, foreach, do, while, ForEach-Object), If, Else, ElseIf, and so forth.  It also makes use of pipelines to facilitate streaming objects from one command to the next.

Depending on what you want to do, the use of a Select-Object cmdlet can come in very handy to filter and organize your data.  I wouldn't necessarily relate this to SQL queries, but rather I think it's common to most queries.  Most queries for data are rather broad by default so we have to include parameters to limit the scope and filter out unwanted results.  Sometimes the filtering can be performed at the time of the query, sometimes it has to happen later.  There are many operations that can be performed with PowerShell however that don't involve the retrieval or display of data.
Some examples for your specific query.
Here's a couple ways of retrieving users in the Accounting dept.  The first would be more efficient because we're filtering closer to the source.
Get-ADUser -filter {Department -eq "Accounting"}
Get-ADUser -filter * -properties Department | Where {$_.department -eq "Accounting"}

Open in new window

To then filter based on a password expiration date, you would first have to figure out what that is, since there is no attribute for it.  First look up the password policy to see the maximum password age, then the date the password was last set for a user, then use that information to calculate the expiration date, then filter the user results based on a comparison of that result.
$maxpwd = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days
Get-ADUser -filter {Department -eq "Accounting"} -properties PasswordLastSet | Where {($_.passwordlastset + $maxpwd) -eq  "10/20/2013"}

Open in new window

Edit:  One thing I should probably mention for anyone new to PowerShell - you will need to load the ActiveDirectory PowerShell module to use the MS AD cmdlets like I did above.  PS 3.0 will do this automatically, but with PS 2.0 you would need to run the command Import-Module ActiveDirectory.  You would also need a 2008 R2 (or newer) Domain Controller, or a 2003/2008 DC with AD Management Gateway Service installed.
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
As said above, PowerShell combines the concept of "normal" loops and conditional execution with the concept of filtering.

Filtering (using pipes) is similar to SQL queries, if you look at the query execution plan steps. It usually is
Selection - get access to the data source: Get-ADUser
Projection - reduce the number of columns (object properties): Select-Object
Partition - reduce the number of rows (objects): Where-Object
It's important to have the best filter at the very beginning. As footech showed, the Get-ADUser can make use of both a filter ("Partition") and list or set of properties to deliver ("Projection"), so we do not have to process too much of data in the very first place. This should be utilized to the maimum extent possible.
After that, it is usually better to restrict the number of objects to get, because that is most restrictive (say you are only interested in 1 out of 100 results).
Reducing the number of properties, or building your own custom objects, is done last in most cases.

Whether you use the iterative approach known from other scripting and programming languages, or the filtering approach as a "new" concept, depends on the purpose. Processing large amounts of uniform data you do not have in memory yet, or data which needs some time for each object to get, is better done by filtering. This allows for processing one object each time, without need to store intermediate information or the whole dataset.
However, if all data is present in memory, or it isn't that much of it, looping is faster.

BTW, attention! The foreach is both a looping statement as used in e.g. VB Script, and an alias for foreach-object, which can only be used in a pipe. That migt be confusing if you read PowerShell code.
One additional comment about the script code I posted above, in case you actually intend to use it.  I realized that an adjustment needed to be made so that the expiration date would be correctly calculated.  Here's one way to make the needed adjustment (and I have also included a Select-Object command to limit what properties are displayed).
$maxpwd = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
Get-ADUser -filter {Department -eq "Accounting"} -properties PasswordLastSet | Where-Object {($_.passwordlastset + $maxpwd) -eq  [datetime]"10/20/2013"} | Select-Object Name,DistinguishedName

Open in new window

BTW, it's worth noting that the last comparison is highly unlikely to ever be true in real life since the PasswordLastSet attribute has a much higher precision that just down to the day.  It would be much more fruitful to use the -gt or -lt operators for this comparison.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jskfanAuthor Commented:
Thank you
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.