Get-ADUser Filter parameter example

Today I needed a list of users that:
– their logon looks like pXXXXXX (employees in our org)
– are not contacts
– are enabled
– are not members of Domain Admins group
– are not required to use smartcards

I came up with this:

$DomainAdminsDN = (Get-ADGroup -Identity 'Domain Admins').DistinguishedName

Get-ADUser -Filter ‘(samAccountName -Like “p*”) -and (ObjectClass -ne “inetOrgPerson”) -and (Enabled -eq “True”) -and (memberOf -ne $DomainsAdminsDn) -and (SmartcardLogonRequired -eq “False”)’ -Properties * |
Where-Object {$_.samAccountName -match “p\d{6}”} | select displayname, samaccountname

There is one thing I could not achive using the Filter parameter on Get-ADUser – the logon name pattern. I settled for selecting users with logon that starts with p in the Get-ADUser filter (samAccountName -Like “p*”) and then used a where-object condition with regex expression.

I found a little gotcha – when a user is not listed in any group the filter “(memberOf -ne $DomainsAdminsDn)” does not work. I will have to think of some other way to filter out Domain Admins members.


Tagged: ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Tips, tricks and time-savers for the Windows and ConfigMgr administrator

To The Point

Anything about Technology and Business

Brian's Power Windows Blog

Microsoft in the Enterprise. Windows, Hyper-V, Exchange, SQL, and more!

PowerScripting Podcast

Shownotes and links for the PowerScripting Podcast, a podcast to help people learn Windows Powershell

Learn Powershell | Achieve More

What is this Powershell of which you speak?

%d bloggers like this: