1

I have a question that I was hoping someone could help me with, please. I am trying to get a list of users who meet this criteria using get-adusers:

AD field “department” in ('Sales & Admin - All', 'Field - Support','HKLM - All', 'SOD - 1','Home - 1080') AND AD field "title” in ('Client Manager', 'Local Sales', 'Outside Sales, 'Region Manager', 'Deployment Manager')

  • “title” can have another value appended after it is separated by a "-" i.e. “Client Coordinator - Consulting/Solution“. I also need to get rid of/filter that list further of any other Titles that have "- " in their name.

I've got to this point so far, but not sure how to go further. I also don't get all matches for my departments because its looking for an exact match from the include arrays:

cls
Import-Module activedirectory
$count = 0
$include_department = @("Sales & Admin - All ","Field - Support", "HKLM - All", "SOD - 1", "Home - 1080")
$include_title = @("Client Manager", "Local Sales", "Outside Sales", "Region Manager", "Deployment Manager")
$exclude_title = @("- ")
$users = Get-ADUser -filter * -properties Department, Title, SamAccountName | 
    Where-Object {
        ($_.Department -match ('(' + [string]::Join(')|(', $include_department) + ')')) -and 
        ($_.Title -match ('(' + [string]::Join(')|(', $include_title) + ')')) -and
        ($_.Department -notcontains "- ")
    }
$users | Out-File -FilePath C:\it\file.txt
Daniel Widdis
  • 8,424
  • 13
  • 41
  • 63
Mike Jones
  • 13
  • 2
  • 1
    You'd have more success using `-LDAPFilter` which I can assist with once I get on a computer, and if noone else has answered yet. – Abraham Zinala May 26 '22 at 20:22
  • Yeah, i tried that option as well but then got lost in it as some things were new to me. I would appreciate if you could help when you get a free minute. Thank you. – Mike Jones May 26 '22 at 20:35

1 Answers1

1

As Abraham pointed out in his helpful comment, you can do the filtering using exclusively the AD Filter / LDAP Filter.

Here is a -LDAPFilter alternative:

$map = @{
    department = @(
        'Sales & Admin - All'
        'Field - Support'
        'HKLM - All'
        'SOD - 1'
        'Home - 1080'
    )
    title = @(
        'Client Manager'
        'Local Sales'
        'Outside Sales'
        'Region Manager'
        'Deployment Manager'
    )
}

$ldapfilter = "(&"
foreach($key in $map.Keys) {
    $clause = "(|"
    foreach($value in $map[$key]) {
        $clause += "($key=$value)"
    }
    $clause += ")"
    $ldapfilter += $clause
}
$ldapfilter += ")"

Get-ADUser -LDAPFilter $ldapfilter -Properties Department, Title, SamAccountName |
    Export-Csv path\to\export.csv -NoTypeInformation

The title filter is an exact match of each clause, hence the "get rid of / filter that list further of any other Titles that have - in their name" should be covered.

The generated LDAP String would look like this after formatting for readability:

(&
   (|
       (department=Sales & Admin - All)
       (department=Field - Support)
       (department=HKLM - All)
       (department=SOD - 1)
       (department=Home - 1080)
    )
    (|
       (title=Client Manager)
       (title=Local Sales)
       (title=Outside Sales)
       (title=Region Manager)
       (title=Deployment Manager)
    )
)
Santiago Squarzon
  • 41,465
  • 5
  • 14
  • 37
  • I am not getting quite the same numbers as i should. I also end up with results with Titles that are not part of the title list. I also don't see where we are eliminating titles that have "- " in it. Maybe i don't understand the code, but i would expect to see something like "- " or "-" somewhere in it? – Mike Jones May 26 '22 at 21:02
  • @MikeJones for example? that's explained in the "The title filter is an exact match of each clause..." part of the answer – Santiago Squarzon May 26 '22 at 21:04
  • @MikeJones I don't see how is it possible you're getting Titles which are not exact matches of ONE of the OR clauses, and reg. the "getting the numbers that you should", how do you know the numbers you should be getting? maybe your code is incorrect which lead you to think you should get a wrong number of users. – Santiago Squarzon May 26 '22 at 21:09
  • When i run the cript i get some users that match the department that is in the array, but i get some that say Title - Administrative – Mike Jones May 26 '22 at 21:42
  • Actually, Santiago, my apologies. I think its working. – Mike Jones May 27 '22 at 00:36
  • how would i also include in a list all titles that start with Services but also have " -" in it. i.e. "Services - International" or "Services - Local", etc.? – Mike Jones May 27 '22 at 19:28
  • You can add `"(title=Services -*)"` to the filter – Santiago Squarzon May 27 '22 at 19:31
  • how do i do that? I am sorry, I don't understand how to incorporate that into the solution you provided earlier – Mike Jones May 27 '22 at 19:45