Reputation: 97
Sting together IF statements to export specific users
Im creating a script to help organize some groups for my school district. Long story short we have these 'Everyone groups' that are supposed to include all teachers/staff that are located at specific buildings. This data is stored in the 'Department variable' in AD. We also have a hold OU for staff that is no longer at the district, but we keep their accounts for 30 days that I don't want included. The result I have that works right now is as follows
Get-ADUser -Filter * -Properties sAMAccountName, department | Where { ($_.distinguishedName -notlike '*OU=Deactivated April 20th Hold*') } | Where { ($_.department -eq 'CENTENNIAL ELEMENTARY') } | Select sAMAccountName | Export-Csv -LiteralPath C:\Results\Everyone_Groups\CN.csv -NoTypeInformation
Get-ADUser -Filter * -Properties sAMAccountName, department | Where { ($_.distinguishedName -notlike '*OU=Deactivated April 20th Hold*') } | Where { ($_.department -eq 'CENTRAL ELEMENTARY') } | Select sAMAccountName | Export-Csv -LiteralPath C:\Results\Everyone_Groups\CR.csv -NoTypeInformation
and so on, with the name of the department changing for every school.
The downside of this is that I have to run that command nearly 25 times to grab all of the users for the different departments that I need.
I want to integrate IF statements into this so I only have to pull users 1 time and then filter them from there, to add an additional hurtle to this, I don't want to just pull all users so that option is out. I've come up with the following to achieve this.
Get-ADUser -Filter * -Properties sAMAccountName, department | Where ($_.distinguishedName -notlike '*OU=Deactivated April 20th Hold*')
If ($_.department -eq 'CENTENNIAL ELEMENTARY'){
Select sAMAccountName | Export-Csv -LiteralPath C:\Results\Everyone_Groups\CN.csv -NoTypeInformation -Append
}
And from here I would add additional IF statements for each additional department. The problem is that this command returns nothing to me. It doesn't error out or anything, it just never produces the .csv I'm asking for.
Any ideas on this?
Upvotes: 1
Views: 67
Answers (3)
Reputation: 60045
Here is how I would do it to allow one merged export and one export per Department. The idea is to only query the specific OUs and let the Active Directory Filter to handle the search of users which's Department is one of the one we're interested on.
$departments = 'CENTENNIAL ELEMENTARY', 'CENTRAL ELEMENTARY'
# this creates a filter that can be read as:
# "query all users where their `Department` attribute is this or this or that..."
$params = @{
LDAPFilter = '(|'
Properties = 'Department'
}
foreach($department in $departments) {
$params['LDAPFilter'] += '(department={0})' -f $department
}
$params['LDAPFilter'] += ')'
# looking at the LDAPFitler created for this example, it would look like this:
#
# Name Value
# ---- -----
# LDAPFilter (|(department=CENTENNIAL ELEMENTARY)(department=CENTRAL ELEMENTARY))
# now we can query all OUs which's `Name` is NOT LIKE `Deactivated April 20th Hold`
# and loop over these OUs
$results = foreach($ou in Get-ADOrganizationalUnit -LDAPFilter "(name=*Deactivated April 20th Hold*)") {
# set the `SearchBase` for filtering each OU
$params['SearchBase'] = $ou.DistinguishedName
# get the results for this OU
Get-ADUser @params | Select-Object SamAccountName, Department
}
# export all merged data
$results | Export-Csv path\to\folder\mergeddata.csv -NoTypeInformation
# export one Csv per department, the Csv will have the department's name
$results | Group-Object Department | ForEach-Object {
$path = Join-Path path\to\folder\ -ChildPath ($_.Name + '.csv')
$_.Group | Export-Csv $path -NoTypeInformation
}
Upvotes: 0
Reputation: 4694
If you're looking to filter for users in 'CENTRAL ELEMENTARY', 'CENTENNIAL ELEMENTARY', while excluding users in '*OU=Deactivated April 20th Hold*', then I would loop through each department making a call to Get-ADuser for each one:
$departments = 'CENTRAL ELEMENTARY', 'CENTENNIAL ELEMENTARY'
$OU = 'DistinguishedName=OU Here' # must be the containers full path.
foreach ($department in $departments)
{
Get-ADUser -LDAPFilter "(&(!($OU))(department=$department))" -Properties 'Department' | Select-Object -Property 'SAMAccountName' |
Export-Csv -Path "C:\Results\Everyone_Groups\$department.csv" -NoTypeInformation
}
Now you can export based on the department and can add more later if needed; just add the new departments to $departments array, and it should export to a csv accordingly with the name as the department.
Upvotes: 2
Reputation: 36297
First off, pulling users once is simple, just pull the users and capture the output in a variable. Once you have that you can sort them out from there easily enough.
$Users = Get-ADUser -Filter * -Properties sAMAccountName, department | Where { ($_.distinguishedName -notlike '*OU=Deactivated April 20th Hold*') }
From there you could just run it through a switch like:
Switch($Users){
{$_.Department.ToUpper() -eq 'CENTENNIAL ELEMENTARY'} {$_|Select samaccountname|Export-Csv C:\Results\Everyone_Groups\CN.csv -NoTypeInformation -Append}
{$_.Department.ToUpper() -eq 'CENTRAL ELEMENTARY'} {$_|Select samaccountname|Export-Csv C:\Results\Everyone_Groups\CR.csv -NoTypeInformation -Append}
}
Upvotes: 2
Related Questions
- Powershell Script using for each to export only Valid AD Users to csv and suppress Users it cannot find in AD
- Using powershell, how to get a list of users per active directory group?
- exporting AD users displayName for selected groups only - powershell
- Get-AdUsers from specific AD Groups and filtering results
- Import list of users - Export List of users and Groups
- Export csv of groups that are not members of some groups
- Export users from AD with a specific group membership
- powershell find all users for all groups flag as disabled
- Export AD users with list of specific groups
- Trying to filter an AD export script in powershell by user type?