asked on Powershell: Help with script
Hello,
I am not sure how to exclude a set of users in my query,
The following line works
get-aduser -filter * -properties * | where {$_.name -notlike 'sam*'} | select name
If I want to exclude about 10 users how to do this. For instance: -notlike 'sam*', 'john*','kim*','lev*' etc
Please assist.
I am not sure how to exclude a set of users in my query,
The following line works
get-aduser -filter * -properties * | where {$_.name -notlike 'sam*'} | select name
If I want to exclude about 10 users how to do this. For instance: -notlike 'sam*', 'john*','kim*','lev*' etc
Please assist.
Powershell
Last Comment
Parity123
What happens if you try:
Get-AdUser -Filter 'name -nolike "sam*" '
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Do you need something more dynamic, or it's a "fixed" list.
ASKER
It is going to be a fixed list. The number of items could vary. The list could expand from 10 to 15 elements etc.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Based on your wanting to check for just first names (SAM* in your example)Perhaps you want to use -notcontain instead of -notmatch OR givenName instead of name and then you won't need the "*".
Perhaps create a adlist.csv file of the names you want to skip so that you can modify the list at anytime.
Then:
Perhaps create a adlist.csv file of the names you want to skip so that you can modify the list at anytime.
Then:
$users = Import-Csv - Path C:\scripts\adlist.csv
foreach ($user in $users) {
get-aduser -filter * | where {$_.GivenName -notcontains $user}
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Qlemo,
Thank you for pointing that out. I was not thinking so much about the "cost" as much as using GivenName (first name) as opposed to name (full name?) which would require the wild card character (*) that you and zalazar both omitted. By omitting the wild card character, and using -notmatch, you are looking for exact math where using -notcontain in your code would look for the string anywhere in the name field. Using GivenName would only be looking at the first name field so you wouldn't need the wild card character here either unless you didn't want to use the full first name.
Also, I was looking at the ability to use an external csv file for the names to be omitted so it could easily be edited without having to go into the code all the time.
Overall I appreciate your pointing out that my code is not the most efficient, especially for a larger organization with many users to look at.
Thank you for pointing that out. I was not thinking so much about the "cost" as much as using GivenName (first name) as opposed to name (full name?) which would require the wild card character (*) that you and zalazar both omitted. By omitting the wild card character, and using -notmatch, you are looking for exact math where using -notcontain in your code would look for the string anywhere in the name field. Using GivenName would only be looking at the first name field so you wouldn't need the wild card character here either unless you didn't want to use the full first name.
Also, I was looking at the ability to use an external csv file for the names to be omitted so it could easily be edited without having to go into the code all the time.
Overall I appreciate your pointing out that my code is not the most efficient, especially for a larger organization with many users to look at.
OK, you are confusing a few things.
-Match/-NotMatch doesn't use simple wildcards like -Like. It uses RegEx which is much more powerful, but it can also be confusing to folks that haven't used it before.
You have also confused the operator -Contains/-NotContains with the method .Contains(). The former verifies membership in a collection. The latter verifies a string within a string. It's an unfortunate overloading of terms that confuses a lot of people.
To be precise, the -notmatch approach is less restrictive here - we are not enforcing the names to be the first to come, but they might be located anywhere ('Akim' would be a match to 'kim', for example). But enforcing that is part of the RegEx feature set.
But "^Kim" would force it to match the beginning of the string, which is how I had setup my example above.
First I must admit that I am still learning PS so I appreciate very much these corrections in my thinking.
Next I still have one concern here. How would you account for the following:
kim smith
kimmy jones
Kimberly smith
You only want to exclude kim smith. If you use -notmatch kim wouldn't it exclude all three based on Qelmo's description: 'Akim' would be a match to 'kim'
Next I still have one concern here. How would you account for the following:
kim smith
kimmy jones
Kimberly smith
You only want to exclude kim smith. If you use -notmatch kim wouldn't it exclude all three based on Qelmo's description: 'Akim' would be a match to 'kim'
It is like any other RegEx. You can make it as tight or as loose as you want.
PowerShell and RegEx is an unbeatable combination when it comes to text manipulation.
(get-aduser -filter * | where {$_.name -notmatch "^(Kim |SQL |Mich|CRM |Mike)"}).Name
PowerShell and RegEx is an unbeatable combination when it comes to text manipulation.
Bob, but neither zalazar nor I did include the ^ ;-). And that is what I referred to.
pony, you would exclude all three if asking for "kim" only. If you want to exclude "kim smith" only, you have to search for exactly that, of course: -notmatch '^(kim smith|jessy james|the waltons)$' requires an exact match to exclude.
pony, you would exclude all three if asking for "kim" only. If you want to exclude "kim smith" only, you have to search for exactly that, of course: -notmatch '^(kim smith|jessy james|the waltons)$' requires an exact match to exclude.
Qlemo, just when I thought I was getting it you through that out. :)
So bringing it back to if you want to eliminate anyone with the first name of kim wouldn't it be better to use givenname instead of name?
On the other hand, if you want to eliminate a specific user, say 'kim smith' but not 'kim jones', then you would use name and have to put the full name in the array.
So bringing it back to if you want to eliminate anyone with the first name of kim wouldn't it be better to use givenname instead of name?
On the other hand, if you want to eliminate a specific user, say 'kim smith' but not 'kim jones', then you would use name and have to put the full name in the array.
Whether to use the given name or the full name or the display name or the samAccountName or the philosophical name depends on the situation, and so there is no correct answer to that. But if I want to search for the first part of the name, which shall be the given name (not necessarily so), then yes, of course I would use givenname for matching.
Did you see that there was a space after Kim. That is significant. It is literal. It is part of the matching criteria.
Thanks guys. As usual I learned some valuable information myself. :)
ASKER
Thank you all.
get-aduser -filter * -properties * | {$._UserName -notlike "user1" -and $_.UserName -notlike "*user2"}