none
Exclude OU's from Powershell Script using a text file RRS feed

  • Question

  • I have been given the task to create a report that shows the dormant accounts within my environment.  I am able to pull the data I need and more. I have it set up where the script hits each domain within my environment, I need to be able to exclude items such as Service Accounts, Generic Accounts, and test accounts that do not login. etc etc. As of now I am using the $_DistinguishedName -notlike "OU= or CN=" to block them but, there are a lot of them. I was wondering if there is a way to pipe in a text doc that would allow the script to not report on the accounts that will always show dormant. 

    Here is sample of the script I am using.  

    $userCollection = Search-ADAccount -AccountInactive -TimeSpan 45 -UsersOnly -Server location.Domain.local -SearchBase "DC=location,DC=domain,DC=local" 
    $userCollection | Get-ADUser -Properties * | select SamAccountName,Name,Office,DistinguishedName Where {$_.DistinguishedName -notlike "*OU=CommonAreaPhones*" -and $_.DistinguishedName -notlike "*OU=Users - No Policy*"}

    Thank you in advance.

    Aaron


    • Edited by Aaron Berry Friday, January 10, 2014 8:41 PM
    Friday, January 10, 2014 8:37 PM

Answers

  • Tag all of the accounts that you don't want with an extra parameter and exclude that.  You can also place them all in a security group and use that to filter.


    ¯\_(ツ)_/¯

    • Marked as answer by Aaron Berry Friday, January 10, 2014 8:54 PM
    Friday, January 10, 2014 8:41 PM

All replies

  • Tag all of the accounts that you don't want with an extra parameter and exclude that.  You can also place them all in a security group and use that to filter.


    ¯\_(ツ)_/¯

    • Marked as answer by Aaron Berry Friday, January 10, 2014 8:54 PM
    Friday, January 10, 2014 8:41 PM
  • Thank you, looks like I just needed a fresh pair of eyes. That worked. 
    Friday, January 10, 2014 8:53 PM
  • Thank you, looks like I just needed a fresh pair of eyes. That worked. 

    Which one worked?


    ¯\_(ツ)_/¯

    Friday, January 10, 2014 9:17 PM
  • Placed all of them in a security group and exclude that.

    Monday, January 13, 2014 3:33 PM
  • The plus with using a security group is that you don't have to find the file and it is very easy to 0update from anywhere.


    ¯\_(ツ)_/¯

    Monday, January 13, 2014 3:36 PM