Solved

Active Directory Active User Query

Posted on 2013-12-17
4
437 Views
Last Modified: 2013-12-18
I need a command that will provide me a list of all enabled users in AD, but exclude User accounts that are members of a certain Security Group, such as "Domain Admin".  How can I modify the below command to include the exclusion?


Get-ADUser -LdapFilter "(&(!useraccountcontrol:1.2.840.113556.1.4.803:=2))" | Select-Object Name,UserPrincipalName |Sort-Object Name
0
Comment
Question by:fireguy1125
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39725082
Use the following syntax below to accomplish this...

Get-ADUser -filter * -properties * | ? {$_.Enabled -eq $true -and -ne (Get-ADGroup -Identity <groupname>)} | sort-object -property Name | select Name, UserPrincipalName

Open in new window


Will.
0
 
LVL 19

Expert Comment

by:jss1199
ID: 39725085
and another filter to the LdapFilter to filter out those members that are memberof the group in questions.

I am mobile, but syntax should be something like:

-LdapFilter "(&(!useraccountcontrol:1.2.840.113556.1.4.803:=2))" AND (!(|(memberof=CN=YOURGROUPHERE,dc=domain,dc=com)
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39725979
Try..
Get-ADUser -LdapFilter "(&(!useraccountcontrol:1.2.840.113556.1.4.803:=2))" -properties memberof | ?{$_.memberof -notmatch "CN=GroupName"}| Select-Object Name,UserPrincipalName |Sort-Object Name

Open in new window

Or
Get-ADUser -LdapFilter "(&(!useraccountcontrol:1.2.840.113556.1.4.803:=2))" -properties memberof | 
	?{($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -notcontains "GroupName"}| 
	Select-Object Name,UserPrincipalName |Sort-Object Name

Open in new window

0
 
LVL 1

Author Closing Comment

by:fireguy1125
ID: 39726645
Your first one worked perfect Subsun, thanks!
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question