Reputation: 1155
I need to validate the cmdlet result below:
Get-AntiPhishPolicy | Select-Object -ExpandProperty targeteduserstoprotect
Which returns like:
System Admin; System.Admin@domain.com Display Name;
Display.Name@domain.net
How to combine it with the Get-ADUser, so I can get the list of inactive users?
Display Name
Get-AntiPhishPolicy | Select-Object -ExpandProperty targeteduserstoprotect | Select @{ Name = 'User List'; Expression = { ($_ -split ';')[0] }}
ProxyAddresses
Get-AntiPhishPolicy | Select-Object -ExpandProperty targeteduserstoprotect | Select @{ Name = 'User List'; Expression = { ($_ -split ';')[1] }}
Inactive means, the AD user account is disabled or cannot be found as matched.
Get-AntiPhishPolicy | Select-Object -ExpandProperty targeteduserstoprotect | Where-Object {((Get-ADUser -Filter "PrimarySMTPAddress -neq '$($_.targeteduserstoprotect -split ';' [1] )'" ) -or ("Enabled -eq $True")}
Source: https://learn.microsoft.com/en-us/powershell/module/exchange/get-antiphishpolicy?view=exchange-ps
Because the above is not working for me with the below error:
At line:2 char:178
+ ... ySMTPAddress -neq '$($_.targeteduserstoprotect -split ';' [1] )'" ) - ...
+ ~~~
Unexpected token '[1]' in expression or statement.
At line:2 char:179
+ ... arySMTPAddress -neq '$($_.targeteduserstoprotect -split ';' [1] )'" ) ...
+ ~
Missing type name after '['.
At line:2 char:213
+ ... argeteduserstoprotect -split ';' [1] )'" ) -or ("Enabled -eq $True")}
+ ~
Missing closing ')' in expression.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : UnexpectedToken
Upvotes: 0
Views: 150
Reputation: 3266
Based on my comments above, I would simplify this by not trying to force it in to a one liner.
$TargetedUser = ((Get-AntiPhishPolicy | Select-Object -ExpandProperty targeteduserstoprotect) -split ";")[1]
Get-ADUser -Filter "PrimarySMTPAddress -ne $TargetedUser -and Enabled -eq 'True'"
Note about the AD cmdlets, I believe the Enabled field is not actually a boolean and should be a string, hence setting it to 'True' above. If my assumption is wrong or my memory has failed me, please set this to $true
.
Upvotes: 1