PowerShell: Specify specific subproperties to avoid using (*) asterisk

You can't. You have to provide the "top-level" property name, nTSecurityDescriptor, and extract subproperties later in the pipe.

Thank you for your reply Qlemo!

Where would I do that in this script:

$users = Get-ADUser -Properties admincount,distinguishedname,canonicalname,nTSecurityDescriptor -Filter * | Sort canonicalname | ? {$_.proxyaddresses -notmatch '($null|SystemMailbox|FederatedEmail|HealthMailbox|migration|SearchMailbox|DiscoverySearch|Administrator|MSExchApproval|MsExchDiscovery)'}
FOREACH ($user in $users) { 
$dn = $user.distinguishedname
$sd = $user.nTSecurityDescriptor.AreAccessRulesProtected
$can = $user.canonicalname -split ‘/’
$OU = $can[0..($can.Count – 2)] -join ‘/’
$admincount = $user.admincount
 New-Object -TypeName PSCustomObject -Property @{
    InheritenceNeedsToBeEnabled=$sd
    dn=$dn
    OU = $OU
    AdminCount = $admincount
}|Export-Csv -Path c:\scripts\IsInheritanceEnabled.csv -NoTypeInformation -Encoding ASCII -Append}

Select allOpen in new window

Though I would use some optimization here, your code should work as-is.

It produces no output, however, when I use * it works fine.

Looks great!  One thing I noticed is the curly brackets are throwing an error in ISE... any ideas?

and yes... they missing property "proxyaddresses" was why I was receiving no output.  So thank you for that. However I would like to use your amended code (with the $(FOREACH....))  Not sure where to place the curly brackets to correct the error that is seen in ISE.

I don't think the Export-CSV should append, but that is a different issue.
And correct, you need to retireve the ProxySMTPAddresses property to apply a filter later, of course. Didn't see that in a glance.

This is what I would use (leaving the Append as-is, as I don't know whether it is intentional or not):

Get-ADUser -Properties admincount,distinguishedname,canonicalname,nTSecurityDescriptor,proxyAddresses -Filter * |
  Sort canonicalname |
  ? {$_.proxyaddresses -notmatch '($null|SystemMailbox|FederatedEmail|HealthMailbox|migration|SearchMailbox|DiscoverySearch|Administrator|MSExchApproval|MsExchDiscovery)'} |
  % {
    $dn  = $_.distinguishedname
    $sd  = $_.nTSecurityDescriptor.AreAccessRulesProtected
    $can = $_.canonicalname -split '/'
    $OU  = $can[0..($can.Count – 2)] -join '/'
    $admincount = $_.admincount
    New-Object -TypeName PSCustomObject -Property @{
      InheritenceNeedsToBeEnabled=$sd
      dn=$dn
      OU = $OU
      AdminCount = $admincount
    }
  } | Export-Csv -Path c:\scripts\IsInheritanceEnabled.csv -NoTypeInformation -Encoding ASCII -Append

Select allOpen in new window

Aw, crap.  Not so great.  :(
 I completely missed that you had Export-CSV within the foreach statement and using the -append parameter (looked like the closing brace  was for the foreach, but really it was for the property hash-table.  In that case you can ignore my advice about the subexpression notation (unless you want to move the Export-CSV out of the foreach, but that won't impact presence of any output in the file).

Now I'm thinking your problem was due entirely to the missing proxyaddresses on the -properties parameter of Get-ADUser (it would be included when you used *).

Edit:  and now I'm seeing other posts that came in while I was writing this, confirming the issue.