Exclude Specific OU from Get-ADUser results

Question

I am trying to run a query that will find all disabled AD accounts that have not logged in for 365 days and that are not a part of my Resource Accounts OU.

Everything is working except the exclusion. I think what I'm having a problem with is figuring out where in the logic to put the Where-Object statement, but so far it's being roundly ignored no matter where I put it.

Here's my script:

    #load AD module
import-module activedirectory

$oldDate = [DateTime]::Today.AddDays(-365)
$OUDN = "OU=Resource accounts,OU=Domain Users,DC=mydomain,DC=org"

Get-ADUser -filter {(Enabled -eq $False) -AND (LastLogonDate -lt $olddate)} | Where-Object { $_.DistinguishedName -notlike "*,$OUDN" } -Properties DisplayName,Name,LastLogonDate,Modified,info,description,sAMAccountName |  Select sAMAccountName,Name,description,LastLogonDate,Modified | Export-CSV c:\Reports\dis365.csv

Answer 1

I tried running your script and in my opinion, the exclusion should be working fine. I had to remove the "-Properties" parameter since it doesn't exist, however there is a "-Property" parameter.

However, if you are trying select just a subset of parameters from the filtered result, I suggest you add them to the select statement after the where statement.

The command I ran looks like:

Get-ADUser -filter {(Enabled -eq $False) -AND (LastLogonDate -lt $olddate)} | `
Where-Object { $_.DistinguishedName -notlike "*,$OUDN" } | `
Select sAMAccountName,Name,description,LastLogonDate,Modified