PowerShell - finding users who are Inactive AND not disabled

Question

I wrote this cmdlet:

Search-ADAccount -filter {(enabled -eq $true)} -Users Only -SearchBase "ou=FirstOU,dc=domain,dc=com" -AccountInactive -TimeSpan 30

But it outputs an error:

Search-ADAccount : A parameter cannot be found that matches parameter name 'fil
ter'.
At line:1 char:25
+ Search-ADAccount -filter <<<<  {(enabled -eq $true)} -UsersOnly -SearchBase "
ou=FirstOU,dc=domain,dc=com" -AccountInactive -TimeSpan 30
    + CategoryInfo          : InvalidArgument: (:) [Search-ADAccount], Paramet
   erBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory
   .Management.Commands.SearchADAccountCmdlet

Could someone please help?

Answer 1

The Search-ADAccount does not accept a parameter -Filter. Please see the Technet docs or Get-Help Search-ADAccount for a list of supported parameters.

You can pipe the results of the search to Where-Object to get only enabled users:

Search-ADAccount -UsersOnly -SearchBase "ou=FirstOU,dc=domain,dc=com" -AccountInactive -TimeSpan 30 |
    Where-Object { $_.Enabled -eq $true }

Answer 2

Filter it the other way?:

Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 30.00:00:00 |where {$_.enabled}

Answer 3

Try the get-ADUser command, it allows you to filter your users better.

get-aduser -filter (enabled -eq $true) -searchbase "OU"