Solved

Active Directory Active User Query

Posted on 2013-12-17
4
440 Views
Last Modified: 2013-12-18
I need a command that will provide me a list of all enabled users in AD, but exclude User accounts that are members of a certain Security Group, such as "Domain Admin".  How can I modify the below command to include the exclusion?


Get-ADUser -LdapFilter "(&(!useraccountcontrol:1.2.840.113556.1.4.803:=2))" | Select-Object Name,UserPrincipalName |Sort-Object Name
0
Comment
Question by:fireguy1125
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39725082
Use the following syntax below to accomplish this...

Get-ADUser -filter * -properties * | ? {$_.Enabled -eq $true -and -ne (Get-ADGroup -Identity <groupname>)} | sort-object -property Name | select Name, UserPrincipalName

Open in new window


Will.
0
 
LVL 19

Expert Comment

by:jss1199
ID: 39725085
and another filter to the LdapFilter to filter out those members that are memberof the group in questions.

I am mobile, but syntax should be something like:

-LdapFilter "(&(!useraccountcontrol:1.2.840.113556.1.4.803:=2))" AND (!(|(memberof=CN=YOURGROUPHERE,dc=domain,dc=com)
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39725979
Try..
Get-ADUser -LdapFilter "(&(!useraccountcontrol:1.2.840.113556.1.4.803:=2))" -properties memberof | ?{$_.memberof -notmatch "CN=GroupName"}| Select-Object Name,UserPrincipalName |Sort-Object Name

Open in new window

Or
Get-ADUser -LdapFilter "(&(!useraccountcontrol:1.2.840.113556.1.4.803:=2))" -properties memberof | 
	?{($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -notcontains "GroupName"}| 
	Select-Object Name,UserPrincipalName |Sort-Object Name

Open in new window

0
 
LVL 1

Author Closing Comment

by:fireguy1125
ID: 39726645
Your first one worked perfect Subsun, thanks!
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question