none
How to use an if statment agains a empty AD field RRS feed

  • Question

  • Hello Scripting guys,

     I am writing an script to run against AD. I am trying to return one result if the "Managed by or Info" properties are null and another one if thy are not. For my test I have been using the following

    If ((get-adgroup "groupname" -properties managedby) -eq $null) {Write-host "Null")

        else {write-host "not null"}

    The problem is that it always comes back with "not null" even if I run it against a group that does not have a manager associated.

    Any thought would be helpful.

    Tuesday, March 29, 2016 8:18 PM

Answers

  • This is what I'd do:

    $groupInfo = Get-ADGroup 'test group 1' -Properties ManagedBy,Info
    
    If ($groupInfo.ManagedBy -or $groupInfo.Info) {
    
        Write-Host 'ManagedBy or Info is set' -ForegroundColor Green
    
    } Else {
    
        Write-Host 'Neither ManagedBy or Info is set' -ForegroundColor Red
    
    }


    • Marked as answer by Richardlaw Wednesday, March 30, 2016 12:56 PM
    Tuesday, March 29, 2016 8:47 PM
  • Bill's reply shows how to do it. If it did not work, you did something wrong.

    The filter you suggest does not make sense to me.

    -ldapfilter  "( GROUPNAME |(!managedby=*))")

    That is not a valid LDAP syntax filter.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Tuesday, March 29, 2016 10:54 PM
    Moderator

All replies

  • Put the attributes you want to query in the LDAP query filter.


    Get-ADGroup -LDAPFilter "(|(!info=*)(!managedBy=*))"

    This will return group objects where the info attribute is empty or the managedBy attribute is empty.

    Search filter syntax: http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475.aspx

    It's always more efficient to limit your search results rather than retrieve everything and filter afterwards.


    -- Bill Stewart [Bill_Stewart]

    • Proposed as answer by Jason Warren Tuesday, March 29, 2016 8:34 PM
    Tuesday, March 29, 2016 8:26 PM
    Moderator
  • Bill thank you for your response, I tried your method and it did not work for what I needed it to. it does show everything on our domain that has a null value in those attributes. however I am trying to query a specific group to check for this attribute.

    When using it on a specific group it always reports that there is a null value. I am using 2 groups to test, one has a manager one does not.  I have written the script below just how I typed it on the computer.

     If ((Get-adgroup -ldapfilter  "( GROUPNAME |(!managedby=*))") -eq $null) {write-host "null Value"}

    else {write-host "not Null"}

    Thank you again for your help


    • Edited by Richardlaw Tuesday, March 29, 2016 8:44 PM
    Tuesday, March 29, 2016 8:42 PM
  • This is what I'd do:

    $groupInfo = Get-ADGroup 'test group 1' -Properties ManagedBy,Info
    
    If ($groupInfo.ManagedBy -or $groupInfo.Info) {
    
        Write-Host 'ManagedBy or Info is set' -ForegroundColor Green
    
    } Else {
    
        Write-Host 'Neither ManagedBy or Info is set' -ForegroundColor Red
    
    }


    • Marked as answer by Richardlaw Wednesday, March 30, 2016 12:56 PM
    Tuesday, March 29, 2016 8:47 PM
  • Bill thank you for your response, I tried your method and it did not work for what I needed it to. it does show everything on our domain that has a null value in those attributes. however I am trying to query a specific group to check for this attribute.

    When using it on a specific group it always reports that there is a null value. I am using 2 groups to test, one has a manager one does not.  I have written the script below just how I typed it on the computer.

     If ((Get-adgroup -ldapfilter  "( GROUPNAME |(!managedby=*))") -eq $null) {write-host "null Value"}

    else {write-host "not Null"}

    Thank you again for your help


    You did not follow Bill's instructions.

    Get-adgroup -ldapfilter  '(!(managedby=*))'

    This will find all groups without a manager.

    Your changes are impossible.


    \_(ツ)_/


    • Edited by jrv Tuesday, March 29, 2016 8:54 PM
    Tuesday, March 29, 2016 8:53 PM
  • Bill's reply shows how to do it. If it did not work, you did something wrong.

    The filter you suggest does not make sense to me.

    -ldapfilter  "( GROUPNAME |(!managedby=*))")

    That is not a valid LDAP syntax filter.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Tuesday, March 29, 2016 10:54 PM
    Moderator
  • This worked perfect. I added it to my script and it did exactly what I need it to, thank you Mike.
    Wednesday, March 30, 2016 12:57 PM
  • Cheers, you're very welcome.

    Wednesday, March 30, 2016 1:27 PM