我是Powershell的新手,我试图排除特定的"GivenName"one_answers";SN">
这是我当前的脚本-
Get-ADUser -SearchBase "OU=Us00,OU=NA,Dd=corp,Dd=ads" -Filter {Enabled -eq $True} -Properties * | Select-Object GivenName, SN, DisplayName, Company, LastLogonDate |Where {($_.LastLogonDate -lt (Get-Date).AddDays(-30)) -and ($_.LastLogonDate -ne $NULL)} | Export-Csv -Path G:ConductInactiveUsers.csv -NoTypeInformation
我的目标是排除任何可能包含"敏捷"一词的给定名称。或排除任何可能包含"外部"一词的SN
我已经尝试了一个"不是"声明,但我没有达到我的最终目标。任何指导或帮助将不胜感激
你想做的一切都可以利用Active Directory过滤器来完成:
$params = @{
SearchBase = "OU=Us00,OU=NA,Dd=corp,Dd=ads"
LDAPFilter =
"(&" + # open the filter with AND
"(!userAccountControl:1.2.840.113556.1.4.803:=2)" + # `Enabled`
"(!givenName=*Agile*)" + # `GivenName` does not contain `Agile`
"(!sn=*External*)" + # `sn` (Surname) does not contain `External`
"(lastLogon<=$((Get-Date).AddDays(-30).ToFileTimeUtc()))" + # `lastLogon` is lower than or equal to 30 days ago
"(lastLogon=*)" + # `lastLogon` attribute must be populated
")" # close the filter
Properties = 'GivenName', 'SN', 'DisplayName', 'Company', 'LastLogonDate'
}
Get-ADUser @params | Select-Object $params['Properties'] |
Export-Csv -Path G:ConductInactiveUsers.csv -NoTypeInformation
注意-lastLogon属性不能跨域复制,因此查询结果可能不准确,但您可以更改查询使用lastLogonTimeStamp,它确实在跨域控制器复制,但它也不准确。参见了解AD帐户属性- LastLogon, LastLogonTimeStamp和LastLogonDate.
如果您需要最准确的结果,您需要对所有域控制器执行此查询(针对lastLogon属性),以查找域中所有用户的最新身份验证。这些答案可能会提示您在需要时如何查询所有dc:
- https://stackoverflow.com/a/68750430/15339544
- https://stackoverflow.com/a/72671034/15339544