locked
get disabled AD users from specific OU then set attributes RRS feed

  • Question

  • Hi I'm trying to get all disabled users from a particular OU in AD and then set an attribute. I had this working previously but it was doing it to ALL users across the domain

    The below line is the OLD one that works and sets the attribute on all disabled users in the domain (this unfortunately gets shared mailboxes)


    Get-ADUser -Filter {(mail -like "*") -and(enabled -eq $false) -and(msExchHideFromAddressLists -notlike "*")} | Set-adUser -Add @{msExchHideFromAddressLists="TRUE"}


    The below line is what I think SHOULD work but strangely, doesn't? Am I missing a {} or () at -searchbase?

    Get-ADUser -Filter {(mail -like "*") -searchbase "OU=Former employees,OU=BEST,DC=bestemp,DC=internal" -and(enabled -eq $false) -and(msExchHideFromAddressLists -notlike "*")} | Set-adUser -Add @{msExchHideFromAddressLists="TRUE"}


    It's strange because I run 

    Get-ADUser -Filter {(mail -like "*") -searchbase "OU=Former employees,OU=BEST,DC=bestemp,DC=internal"


    and it works fine and lists all the disabled users in that OU


    Thursday, August 8, 2019 12:53 AM

Answers

  • Hi,

    Thanks for your question.

    If you want to get all disabled users from a particular OU in AD, please try to use the example below:

    Get-ADUser -Filter { enabled -eq $false } -SearchBase "OU=Former employees,OU=BEST,DC=bestemp,DC=internal"  | Set-adUser -Add @{msExchHideFromAddressLists="TRUE"}

    For your issue:

    Get-ADUser -Filter {(mail -like "*") -and(enabled -eq $false) -and(msExchHideFromAddressLists -notlike "*")} -SearchBase "OU=Former employees,OU=BEST,DC=bestemp,DC=internal"  | Set-adUser -Add @{msExchHideFromAddressLists="TRUE"}

    You need to learn more about "get-aduser" cmdlet -filter parameter.

    https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-aduser?view=winserver2012-ps

    Best regards,

    Lee


    Just do it.

    • Marked as answer by powerJames Thursday, August 8, 2019 2:29 AM
    Thursday, August 8, 2019 2:21 AM

All replies

  • "-SearchBase" is a separate parameter. It's not part of the -Filter string.

    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Thursday, August 8, 2019 2:19 AM
  • Hi,

    Thanks for your question.

    If you want to get all disabled users from a particular OU in AD, please try to use the example below:

    Get-ADUser -Filter { enabled -eq $false } -SearchBase "OU=Former employees,OU=BEST,DC=bestemp,DC=internal"  | Set-adUser -Add @{msExchHideFromAddressLists="TRUE"}

    For your issue:

    Get-ADUser -Filter {(mail -like "*") -and(enabled -eq $false) -and(msExchHideFromAddressLists -notlike "*")} -SearchBase "OU=Former employees,OU=BEST,DC=bestemp,DC=internal"  | Set-adUser -Add @{msExchHideFromAddressLists="TRUE"}

    You need to learn more about "get-aduser" cmdlet -filter parameter.

    https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-aduser?view=winserver2012-ps

    Best regards,

    Lee


    Just do it.

    • Marked as answer by powerJames Thursday, August 8, 2019 2:29 AM
    Thursday, August 8, 2019 2:21 AM
  • Rigggght I understand! So it needs to be outside the {}'s for which are defining the filter parameter. Thanks!
    Thursday, August 8, 2019 2:30 AM