DEVHIDE
Login Or Sign up

PowerShell Get-ADUser - Using custom AD attibutes as IF condition

975 Views Asked by At

What I need to do is to export specific AD users and some of their properties to a CSV file. What I need to have there is some of the default properties like Name, SamAccountName, Enabled and some custom ones: businesscategory, extensionAttribute9 etc.

I'm struggling with my if - else statements, as they seem to not be comparing employeenumber to $null

$name = Read-Host -Prompt "Please enter the name for output file."
$filename = $name+".csv"
$domain = @('DOMAIN1','DOMAIN2','DOMAIN3','DOMAIN4')    
$result = foreach ($item in $domain) {    
    Get-ADUser -server $item -Properties businesscategory, extensionAttribute4, 
    extensionAttribute9, extensionAttribute13, employeenumber, Enabled -ResultPageSize 100 -Filter *   
    if (($null -ne $_.employeenumber) -and ($_.employeenumber -notlike '*svc*')) {              
    Select-Object Name, 
    SamAccountName, 
    UserPrincipalName,
    @{n="businesscategory"; e={$_.businesscategory  -join ", "}},               
    @{n="extensionAttribute4";e={$_.extensionAttribute4 -join ", "}},           
    @{n="extensionAttribute9";e={$_.extensionAttribute9 -join ", "}},           
    @{n="extensionAttribute13";e={$_.extensionAttribute13 -join ", "}},         
    DistinguishedName, employeenumber, Enabled
    }  else { (...)

The above is part of my code where it should enter into first if. It does that, but it exports all accounts, whether employeenumber is present or not. Another issue is that the exported CSV doesn't contain columns created from custom attributes, instead it shows some other properties that I did not ask for.

This used to work fine if I used Where-Object instead of if - else and checked the values like below:

Where-Object { 
($_.SamAccountName      -notlike '*proprietary*') -and                         
($_.UserPrincipalName   -notlike '*proprietary*') -and
($_.SamAccountName      -notlike '*mailbox*') -and (...)

Unfortunately I need to use if - else to make more complex comparisons and selections, but can't figure it out

powershell csv active-directory get-aduser
Original Q&A
1

There are 1 best solutions below

2
On BEST ANSWER

The problem is in this line:

$result = foreach ($item in $domain) {
    Get-ADUser -server $item -Properties ... # => not assigned to any variable

Then in this line:

if (($null -ne $_.employeenumber) -and ($_.employeenumber -notlike '*svc*')) {

Since $_ doesn't exist, you are comparing something like:

$null -ne $null -and $null -notlike '*svc*'

Which will always be $false. It's also worth mentioning that this is a foreach loop, different from ForEach-Object, the automatic variable $_ ($PSItem) doesn't mean anything here.

The next problem comes when using Select-Object as the beginning of the statement, there is no object being piped to it.

Select-Object Name, SamAccountName, UserPrincipalName, ...

In this case, the if condition could be removed completely with some LDAP Filtering:

# employee number is not `$null` AND employee number is not like `*svc*`
-LDAPFilter "(&(employeenumber=*)(!employeenumber=*svc*))"

The code would look like this:

$name = Read-Host -Prompt "Please enter the name for output file."
$filename = $name + ".csv" # Consider using `$HOME` here, or an absolute Path
$param = @{
    LDAPFilter = "(&(employeenumber=*)(!employeenumber=*svc*))"
    ResultPageSize = 100
    Properties = @(
        'businesscategory'
        'extensionAttribute4'
        'extensionAttribute9'
        'extensionAttribute13'
        'employeenumber'
    )
}
'DOMAIN1','DOMAIN2','DOMAIN3','DOMAIN4' | ForEach-Object {
    $param['Server'] = $_
    foreach($user in Get-ADUser @param) {
        [pscustomobject]@{
            Name                 = $user.Name
            SamAccountName       = $user.SamAccountName
            UserPrincipalName    = $user.UserPrincipalName
            BusinessCategory     = $user.businesscategory  -join ", "
            extensionAttribute4  = $user.extensionAttribute4 -join ", "
            extensionAttribute9  = $user.extensionAttribute9 -join ", "
            extensionAttribute13 = $user.extensionAttribute13 -join ", "
            DistinguishedName    = $user.DistinguishedName
            employeenumber       = $user.employeenumber
            Enabled              = $user.Enabled
            Domain               = $_ # Adding the Domain of this user here
        }
    }
} | Export-Csv $filename -NoTypeInformation

Related Questions in POWERSHELL

Related Questions in CSV

Related Questions in ACTIVE-DIRECTORY

Related Questions in GET-ADUSER

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.