使用Powershell过滤get-adobject

时间:2015-10-22 21:27:29

标签: powershell active-directory

有人可以告诉我查询的问题。

我想撤回不在多个特定OU中的所有用户,我认为以下查询可以正常工作,但正如您所看到的那样,它会撤回DN中“ou = staff”的用户(已提取从所有的输出)。

我想说的是DN属性中是否出现以下情况。 

$NotinDirectory = Get-ADObject  -LDAPFilter "objectClass=person" -SearchBase "OU=Accounts,DC=Company,DC=ac,DC=uk" -Properties ou |? {($_.DistinguishedName -notlike "*Agency*" -and "*Contractors*" -and "*Fellows*" -and "*Visitors*" -and "*ou=Staff*" -and "*Contacts*")}

CN = jo blogs,OU = Staff,OU = Accounts,DC = compnay,DC = ac,DC = uk

UPDATE 所以我根据下面的评论尝试了这个

 $NotinDirectory = Get-ADObject  -LDAPFilter "objectClass=person" -SearchBase "OU=Accounts,OU=iah,DC=iah,DC=ac,DC=uk"  | ? {($_DistinguishedName -notlike "*Agency*" -and $_DistinguishedName -notlike "*Contractors*" -and $_DistinguishedName -notlike "*Fellows*" ) -and ($_DistinguishedName -notlike"*Visitors*") -and ($_DistinguishedName -notlike"*OU=Staff*" -and $_DistinguishedName -notlike"*Contacts*")}
foreach ($test in $NotinDirectory){ Write-Host $test.DistinguishedName}

但我还是得到了 CN = xxx xxxxx,OU =员工,OU =账户,DC =公司,DC = ac,DC =英国

1 个答案:

答案 0 :(得分:2)

Where-Object过滤器中:

($_.DistinguishedName -notlike "*Agency*" -and "*Contractors*" -and "*Fellows*" -and "*Visitors*" -and "*ou=Staff*" -and "*Contacts*")

您只能将$_.DistinguishedName与字符串进行一次比较,这是第一次(-notlike "*Agency*")。

它将被解析如下:

(($_.DistinguishedName -notlike "*Agency*") -and ("*Contractors*") -and ("*Fellows*") -and ("*Visitors*") -and ("*ou=Staff*") -and ("*Contacts*"))
(($_.DistinguishedName -notlike "*Agency*") -and $true -and $true -and $true -and $true -and $true)
($_.DistinguishedName -notlike "*Agency*")

你必须这样做:

Get-ADObject | Where-Object {($_.DistinguishedName -notlike "*Agency*" -and 
    $_.DistinguishedName -notlike "*Contractors*" -and 
    $_.DistinguishedName -notlike "*Fellows*" -and 
    $_.DistinguishedName -notlike "*Visitors*" -and 
    $_.DistinguishedName -notlike "*ou=Staff*" -and 
    $_.DistinguishedName -notlike "*Contacts*")}

为了测试所有6个字符串。

如果您要排除可变数量的字符串,可以在ForEach-Object内使用Where-Object

$Excludes = "*Agency*","*Contractors*","*Fellows*","*Visitors*","*ou=Staff*","*Contacts*"

Get-ADObject |Where-Object {
    $ADObj = $_
    @($Excludes |ForEach-Object {
        $ADObj.DistinguishedName -notlike $_
    }) -notcontains $false
}
相关问题
最新问题