Powershell: Help with script


I am not sure how to exclude a set of users in my query,

The following line works
get-aduser -filter * -properties * | where {$_.name -notlike 'sam*'} | select name

If I want to exclude about 10 users how to do this.  For instance: -notlike 'sam*', 'john*','kim*','lev*'  etc

Please assist.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steven CarnahanNetwork ManagerCommented:
One option is you can use the -and option like:

get-aduser -filter * -properties * | {$._UserName -notlike "user1" -and $_.UserName -notlike "*user2"}
What happens if you try:

Get-AdUser -Filter 'name -nolike "sam*" '

Open in new window

Bob McCoyCommented:
You would be better off with a -notmatch.
(get-aduser -filter * | where {$_.name -notmatch "^(SP |SQL |Mich|CRM |Mike)"}).Name

Open in new window

Also, it's a generally bad practice to use the -Propeties wildcard.  You're not using all those properties so why bring them across the wire?  And Name is in the default parameter set.

One last thing, in the future please pick a more descriptive thread title.  The generic "help" isn't very helpful for the folks who are skimming the list looking for things they can answer, or for delivered answers later.
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Do you need something more dynamic, or it's a "fixed" list.
Parity123Author Commented:
It is going to be a fixed list. The number of items could vary. The list could expand from 10 to 15 elements etc.
You might try the following.
$arrUsers = @("sam", "john", "kim", "lev")
get-aduser -filter * -properties * | where {$_.name -notmatch ('(' + [string]::Join(')|(', $arrUsers) + ')')} | select name

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steven CarnahanNetwork ManagerCommented:
Based on your wanting to check for just first names (SAM* in your example)Perhaps you want to use -notcontain instead of -notmatch  OR givenName instead of name and then you won't need the "*".

Perhaps create a adlist.csv file of the names you want to skip so that you can modify the list at anytime.


$users = Import-Csv - Path C:\scripts\adlist.csv
foreach ($user in $users) {
get-aduser -filter * | where {$_.GivenName -notcontains $user}

Open in new window

Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
zalazar's code is similar to what I had in mind, and would prefer myself (though slightly simplified):
$arrUsers = @("sam", "john", "kim", "lev")
get-aduser -filter * -properties * | ? { $_.name -notmatch ($arrUsers -join '|') } | select name

Open in new window

pony10us' code is not recommended, as you would execute the get-aduser for each individual user, but getting all users each time. A costly operation.
Steven CarnahanNetwork ManagerCommented:

Thank you for pointing that out.  I was not thinking so much about the "cost" as much as using GivenName (first name) as opposed to name (full name?) which would require the wild card character (*) that you and zalazar both omitted. By omitting the wild card character, and using -notmatch, you are looking for exact math where using -notcontain in your code would look for the string anywhere in the name field. Using GivenName would only be looking at the first name field so you wouldn't need the wild card character here either unless you didn't want to use the full first name.

Also, I was looking at the ability to use an external csv file for the names to be omitted so it could easily be edited without having to go into the code all the time.  

Overall I appreciate your pointing out that my code is not the most efficient, especially for a larger organization with many users to look at.
Bob McCoyCommented:
OK, you are confusing a few things.
-Match/-NotMatch doesn't use simple wildcards like -Like.  It uses RegEx which is much more powerful, but it can also be confusing to folks that haven't used it before.
You have also confused the operator -Contains/-NotContains with the method .Contains().  The former verifies membership in a collection.  The latter verifies a string within a string.  It's an unfortunate overloading of terms that confuses a lot of people.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
To be precise, the -notmatch approach is less restrictive here - we are not enforcing the names to be the first to come, but they might be located anywhere ('Akim' would be a match to 'kim', for example). But enforcing that is part of the RegEx feature set.
Bob McCoyCommented:
But "^Kim" would force it to match the beginning of the string, which is how I had setup my example above.
Steven CarnahanNetwork ManagerCommented:
First I must admit that I am still learning PS so I appreciate very much these corrections in my thinking.

Next I still have one concern here. How would you account for the following:

kim smith
kimmy jones
Kimberly smith

You only want to exclude kim smith.  If you use -notmatch kim wouldn't it exclude all three based on Qelmo's description: 'Akim' would be a match to 'kim'
Bob McCoyCommented:
It is like any other RegEx.  You can make it as tight or as loose as you want.

(get-aduser -filter * | where {$_.name -notmatch "^(Kim |SQL |Mich|CRM |Mike)"}).Name

Open in new window

In this case Kim Smith (that is, Kim starting at the beginning of the string and followed by a literal space) will not show up in the results.  Whereas kimmy jones and Kimberly Smith will.

PowerShell and RegEx is an unbeatable combination when it comes to text manipulation.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Bob, but neither zalazar nor I did include the ^ ;-). And that is what I referred to.

pony, you would exclude all three if asking for "kim" only. If you want to exclude "kim smith" only, you have to search for exactly that, of course: -notmatch '^(kim smith|jessy james|the waltons)$' requires an exact match to exclude.
Steven CarnahanNetwork ManagerCommented:
Qlemo, just when I thought I was getting it you through that out.  :)  

So bringing it back to if you want to eliminate anyone with the first name of kim wouldn't it be better to use givenname instead of name?

On the other hand, if you want to eliminate a specific user, say 'kim smith' but not 'kim jones', then you would use name and have to put the full name in the array.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Whether to use the given name or the full name or the display name or the samAccountName or the philosophical name depends on the situation, and so there is no correct answer to that. But if I want to search for the first part of the name, which shall be the given name (not necessarily so), then yes, of course I would use givenname for matching.
Bob McCoyCommented:
Did you see that there was a space after Kim.  That is significant.  It is literal.  It is part of the matching criteria.
Steven CarnahanNetwork ManagerCommented:
Thanks guys. As usual I learned some valuable information myself.  :)
Parity123Author Commented:
Thank you all.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.