Senior Systems Engineer
Senior Systems Engineer

Reputation: 1155

Filtering inactive AD user from cmdlet result?

I need to validate the cmdlet result below:

Get-AntiPhishPolicy | Select-Object -ExpandProperty targeteduserstoprotect

Which returns like:

System Admin; System.Admin@domain.com Display Name;
Display.Name@domain.net

How to combine it with the Get-ADUser, so I can get the list of inactive users?

Display Name

Get-AntiPhishPolicy | Select-Object -ExpandProperty targeteduserstoprotect | Select @{ Name = 'User List'; Expression = { ($_ -split ';')[0] }}

ProxyAddresses

Get-AntiPhishPolicy | Select-Object -ExpandProperty targeteduserstoprotect | Select @{ Name = 'User List'; Expression = { ($_ -split ';')[1] }}

Inactive means, the AD user account is disabled or cannot be found as matched.

Get-AntiPhishPolicy | Select-Object -ExpandProperty targeteduserstoprotect | Where-Object {((Get-ADUser -Filter "PrimarySMTPAddress -neq '$($_.targeteduserstoprotect -split ';' [1] )'" ) -or ("Enabled -eq $True")}

Source: https://learn.microsoft.com/en-us/powershell/module/exchange/get-antiphishpolicy?view=exchange-ps

Because the above is not working for me with the below error:
At line:2 char:178
+ ... ySMTPAddress -neq '$($_.targeteduserstoprotect -split ';' [1] )'" ) - ...
+                                                               ~~~
Unexpected token '[1]' in expression or statement.
At line:2 char:179
+ ... arySMTPAddress -neq '$($_.targeteduserstoprotect -split ';' [1] )'" ) ...
+                                                                  ~
Missing type name after '['.
At line:2 char:213
+ ... argeteduserstoprotect -split ';' [1] )'" ) -or ("Enabled -eq $True")}
+                                                                         ~
Missing closing ')' in expression.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

Upvotes: 0

Views: 150

Answers (1)

Ash
Ash

Reputation: 3266

Based on my comments above, I would simplify this by not trying to force it in to a one liner.

$TargetedUser = ((Get-AntiPhishPolicy | Select-Object -ExpandProperty targeteduserstoprotect) -split ";")[1]
Get-ADUser -Filter "PrimarySMTPAddress -ne $TargetedUser -and Enabled -eq 'True'" 

Note about the AD cmdlets, I believe the Enabled field is not actually a boolean and should be a string, hence setting it to 'True' above. If my assumption is wrong or my memory has failed me, please set this to $true.

Upvotes: 1

Related Questions