PS filter users from OU to find disabled accounts

Filter users from AD to find disabled accounts within specific OU that contain a specific attribute

Users are mixed inside of one OU I'm trying to find OU users by an attribute "O" which stands for organization that has a specific value  

Get-Aduser  -searchbase "OU=mydomain,OU=test",dc=com"  -filter * | where { $_.enabled -eq $False}

so the script above finds the users that are disabled I want to find all the users store them as a variable then filter the results to use the -Properties O | where-object {$_.o -eq "value 1", "value 2", "value 3"}

How would I add this to the script and then store the users and use the results within the 2nd part so I don't have to query for the users and then filter and then find disabled I also want to export to csv with following columns

username, samaccountname, O, disabled status
LVL 3
Brandon MacAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oBdACommented:
Always filter as close to the source as possible, that is, in AD:
Get-Aduser -SearchBase "OU=mydomain,OU=test,dc=com" -Filter "(enabled -eq '$false') -and ((o -eq 'Value 1') -or (o -eq 'Value 2') -or (o -eq 'Value 3'))" -Properties displayName, o, Enabled |
	Select-Object -Property SamAccountName, DisplayName, O, Enabled
	Export-Csv -NoTypeInformation -Path C:\Temp\result.csv

Open in new window

0
Brandon MacAuthor Commented:
its asking for input object what do I input into the script?
0
oBdACommented:
The pipe symbol at the end of line 2 went AWOL:
Get-Aduser -SearchBase "OU=mydomain,OU=test,dc=com" -Filter "(enabled -eq '$true') -and ((o -eq 'Line 1') -or (o -eq 'a') -or (o -eq 'b'))" -Properties displayName, o, Enabled |
	Select-Object -Property SamAccountName, DisplayName, O, Enabled |
	Export-Csv -NoTypeInformation -Path C:\Temp\result.csv

Open in new window

1
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Brandon MacAuthor Commented:
Okay that fixed the error. I got it out to a csv however the O is showing up strange Microsoft.activedirectory.management.adpropertyvaluecollection
0
Brandon MacAuthor Commented:
Maybe its because its not a property I was told it was an attribute does that matter or are they the same?
0
Brandon MacAuthor Commented:
Also all the accounts are exporting to the sheet I just want the accounts that match the O value that are disabled
0
oBdACommented:
My copy and paste fu is avoiding me today, sorry; that should finally fix it:
Get-Aduser -SearchBase "OU=mydomain,OU=test,dc=com" -Filter "(enabled -eq '$false') -and ((o -eq 'Value 1') -or (o -eq 'Value 2') -or (o -eq 'Value 3'))" -Properties displayName, o, Enabled |
	Select-Object -Property SamAccountName, DisplayName, @{n='O'; e={$_.o -join '; '}}, Enabled |
	Export-Csv -NoTypeInformation -Path C:\Temp\result.csv 

Open in new window

1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brandon MacAuthor Commented:
Thanks that is working better. Could I use an array for the values?
$value =@('value1','value2','value3')

-and (o -eq $value)

not sure if this would work or if it would cause issues?
0
oBdACommented:
No. The only thing you can do is create the filter on the fly from an array:
$values = 'Value 1', 'Value 2', 'Value 3'
$valueFilter = ($values | ForEach-Object {"(o -eq '$_')"}) -join ' -or '
Get-AdUser -SearchBase "OU=mydomain,OU=test,dc=com" -Filter "(enabled -eq '$false') -and ($valueFilter)" -Properties displayName, o, Enabled |
	Select-Object -Property SamAccountName, DisplayName, @{n='O'; e={$_.o -join '; '}}, Enabled |
	Export-Csv -NoTypeInformation -Path C:\Temp\result.csv

Open in new window

1
Naveen SharmaCommented:
How to Manage Inactive User and Computer Accounts in Active Directory:
https://www.lepide.com/how-to/manage-inactive-accounts-in-active-directory.html

Powershell to Find Inactive AD Users and Computers Accounts:
http://expert-advice.org/active-directory/powershell-to-find-inactive-ad-users-and-computers-accounts/

Hope this helps!
1
Brandon MacAuthor Commented:
Thanks for your assistance. This solution works great.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.