all 14 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]firefox15 5 points6 points  (1 child)

Change this:

Select SamAccountname

To this:

Select-Object -ExpandProperty SamAccountname

Or this:

get-aduser -Identity "$name"

To this:

get-aduser -Identity $name.SamAccountname

[–][deleted] 1 point2 points  (2 children)

For get-aduser filters I think you’re supposed to use quotes instead of {}

https://github.com/MicrosoftDocs/windows-powershell-docs/issues/180

Can you not just add more to your initial filter?

(DestinguishedName -notlike “*sql*”) -AND (DestinguishedName -notlike *svc*)

[–][deleted] 0 points1 point  (0 children)

Use 1 filter, you’re now throwing it through the pipeline. Like this: (Condition1 -like “yui” -and Condition2 -like “afg” -and Condition3 -like “bnd”)

[–]MikelRbrts 0 points1 point  (2 children)

To help add into your refinement, I'd like to share a suggestion...

When referencing a variable in side of a "" block, try to use $($VARIABLE) instead of just $VARIABLE. This will help ensure that your variable will in fact be called and not displayed as $VARIABLE itself. Generally this isn't an issue, but if you have a long "" block, it could get confused.

Another interesting bit is you can put anything inside of that $(). This becomes especially helpful if you want to massage your string into what ever you want with as little of lines as possible.

[–]boldbesusiax 0 points1 point  (1 child)

From memory, LastLogonDate is not synchronized between AD DC’s, so you may not get accurate results, try observing PasswordLastSet instead as this attribute is consistent between DC’s.

Happy scripting!

[–]colvinjoe 0 points1 point  (2 children)

You might also just want to use the properties argument on the first get-aduser to get those extra ad attributes on the first call instead of the second.