1

What I need to do is to export specific AD users and some of their properties to a CSV file. What I need to have there is some of the default properties like Name, SamAccountName, Enabled and some custom ones: businesscategory, extensionAttribute9 etc.

I'm struggling with my if - else statements, as they seem to not be comparing employeenumber to $null

$name = Read-Host -Prompt "Please enter the name for output file."
$filename = $name+".csv"
$domain = @('DOMAIN1','DOMAIN2','DOMAIN3','DOMAIN4')    
$result = foreach ($item in $domain) {    
    Get-ADUser -server $item -Properties businesscategory, extensionAttribute4, 
    extensionAttribute9, extensionAttribute13, employeenumber, Enabled -ResultPageSize 100 -Filter *   
    if (($null -ne $_.employeenumber) -and ($_.employeenumber -notlike '*svc*')) {              
    Select-Object Name, 
    SamAccountName, 
    UserPrincipalName,
    @{n="businesscategory"; e={$_.businesscategory  -join ", "}},               
    @{n="extensionAttribute4";e={$_.extensionAttribute4 -join ", "}},           
    @{n="extensionAttribute9";e={$_.extensionAttribute9 -join ", "}},           
    @{n="extensionAttribute13";e={$_.extensionAttribute13 -join ", "}},         
    DistinguishedName, employeenumber, Enabled
    }  else { (...)

The above is part of my code where it should enter into first if. It does that, but it exports all accounts, whether employeenumber is present or not. Another issue is that the exported CSV doesn't contain columns created from custom attributes, instead it shows some other properties that I did not ask for.

This used to work fine if I used Where-Object instead of if - else and checked the values like below:

Where-Object { 
($_.SamAccountName      -notlike '*proprietary*') -and                         
($_.UserPrincipalName   -notlike '*proprietary*') -and
($_.SamAccountName      -notlike '*mailbox*') -and (...)

Unfortunately I need to use if - else to make more complex comparisons and selections, but can't figure it out

TylerH
  • 20,799
  • 66
  • 75
  • 101
shalan
  • 25
  • 5

1 Answers1

2

The problem is in this line:

$result = foreach ($item in $domain) {
    Get-ADUser -server $item -Properties ... # => not assigned to any variable

Then in this line:

if (($null -ne $_.employeenumber) -and ($_.employeenumber -notlike '*svc*')) {

Since $_ doesn't exist, you are comparing something like:

$null -ne $null -and $null -notlike '*svc*'

Which will always be $false. It's also worth mentioning that this is a foreach loop, different from ForEach-Object, the automatic variable $_ ($PSItem) doesn't mean anything here.

The next problem comes when using Select-Object as the beginning of the statement, there is no object being piped to it.

Select-Object Name, SamAccountName, UserPrincipalName, ...

In this case, the if condition could be removed completely with some LDAP Filtering:

# employee number is not `$null` AND employee number is not like `*svc*`
-LDAPFilter "(&(employeenumber=*)(!employeenumber=*svc*))"

The code would look like this:

$name = Read-Host -Prompt "Please enter the name for output file."
$filename = $name + ".csv" # Consider using `$HOME` here, or an absolute Path
$param = @{
    LDAPFilter = "(&(employeenumber=*)(!employeenumber=*svc*))"
    ResultPageSize = 100
    Properties = @(
        'businesscategory'
        'extensionAttribute4'
        'extensionAttribute9'
        'extensionAttribute13'
        'employeenumber'
    )
}
'DOMAIN1','DOMAIN2','DOMAIN3','DOMAIN4' | ForEach-Object {
    $param['Server'] = $_
    foreach($user in Get-ADUser @param) {
        [pscustomobject]@{
            Name                 = $user.Name
            SamAccountName       = $user.SamAccountName
            UserPrincipalName    = $user.UserPrincipalName
            BusinessCategory     = $user.businesscategory  -join ", "
            extensionAttribute4  = $user.extensionAttribute4 -join ", "
            extensionAttribute9  = $user.extensionAttribute9 -join ", "
            extensionAttribute13 = $user.extensionAttribute13 -join ", "
            DistinguishedName    = $user.DistinguishedName
            employeenumber       = $user.employeenumber
            Enabled              = $user.Enabled
            Domain               = $_ # Adding the Domain of this user here
        }
    }
} | Export-Csv $filename -NoTypeInformation
Santiago Squarzon
  • 41,465
  • 5
  • 14
  • 37
  • 1
    I'm really thankful for your response. I, of course, forgot to mention it in my question, but I needed the `if-else`, because if `employeenumber` is `$null$`, I want to check other attribute. If the other attribute is `$null`, I wanted to check another and so on. From what I see I cannot do that using `LDAPFilter`? – shalan Apr 24 '22 at 05:06
  • @shalan yeah you can remove this part of the filter `(employeenumber=*)` so it will find those users having that attribute empty, then you can implement the comparison inside the `foreach` loop – Santiago Squarzon Apr 24 '22 at 05:09