?
Solved

Need a script to get user details from 2 different OU's with particular attribute values

Posted on 2016-11-09
4
Medium Priority
?
33 Views
Last Modified: 2016-11-09
I've a requirement to get all user details from 2 different OU's. Part of the Job is to just get the user details with attribute "xyz" with value either "0" or "4" and another attribute "abc" with value "NULL" (empty or nothing).

OU from where i need to grab user details are below:

OU=Test1,DC=CONTOSO,DC=COm
OU=Test2,DC=CONTOSO,DC=COM

I was able to write below:

Get-aduser -filter "xyz -eq 4" -searchbase "OU=Test2,DC=CONTOSO,DC=COM" | select name,samaccountname,xyz

But I am not able to club both OU's together and i am not even sure if it's possible. Also i am not sure how to put value "0" for attribute "xyz" in the same script.

Let me know if any other info is required

Thanks in advance!!.
0
Comment
Question by:P S
  • 2
  • 2
4 Comments
 
LVL 86

Accepted Solution

by:
oBdA earned 2000 total points
ID: 41880557
This should do the trick:
$SourceOUs = @(
	"OU=Test1,DC=CONTOSO,DC=COm"
	"OU=Test2,DC=CONTOSO,DC=COM"
)
$SourceOUs | ForEach-Object { 
	Get-ADUser -SearchBase $_ -Filter "((xyz -eq '0') -or (xyz -eq '4')) -and (abc -notlike '*')"
}

Open in new window

0
 

Author Comment

by:P S
ID: 41880676
Thanks oBdA. I appreciate it. I'll test your script as well but I was able to come up with my own version. It might help somebody else.

Get-ADUser -Filter xyz-eq 0)-or xyz-eq 4))-and (-not ( abc -like "*")) } -Properties * | ? { ($_.canonicalname -like "*Test1*") -or ($_.canonicalname -like "*Test2*")}

Thanks again!!!.
0
 

Author Closing Comment

by:P S
ID: 41880677
Thanks oBdA.
0
 
LVL 86

Expert Comment

by:oBdA
ID: 41880704
Your solution would query all AD users, filtering them by OU only in Powershell. That's unnecessary stress for the AD, since you already know that you have a restricted search base.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

616 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question