none
Get AD User with Multiple Conditions RRS feed

  • Question

  • Hi all,

    I'm quite new to Powershell and I am having trouble with the following:

    I'm currently using:

    Get-ADUser -Filter * | where{($_.Enabled -eq $True -And $_.LastLogon -gt (Get-Date).AddDays(-90))} | FL Name,LastLogon


    This isn't working, it is just returning nothing, no error. It just drops to a new line with 'PS C:\Windows\system32>'

    I have tried 

    Get-ADUser -Filter * | where{$_.Enabled -eq $True}

    This works fine and returns all users that are enabled. I have also confirmed that it works when I set it to $False.

    It just doesn't seem to work with the second where selector.

    I have tried this with -ge comparison operator and I have also tried using

    $_.LastLogonDate

    instead of

    $_.LastLogon

    But to no avail.

    This is mainly for my own educational purpose but an example scenario in which I would use it would be to check whether members of our IT department in the past have being disabling the account of an employee when they had left the company.

    The idea being that it shows a list of all accounts that are enabled but haven't logged in over a set period of time (over 90 days). Thus, showing me whether staff have being doing their jobs properly.

    Any help would be greatly appreciated.

    Thanks in advance,

    Reece

    • Moved by Bill_Stewart Wednesday, May 30, 2018 6:34 PM Abandoned
    Friday, April 20, 2018 10:57 AM

Answers

  • There's probably a better way to do this but this is what I threw together in a minute :)
    Get-ADUser -Filter * | where {$_.enabled -eq $true} | where {$_.lastlogondate -gt (Get-Date).AddDays(-90)}


    Learn PowerShell                     Script Requests

    -Remember to mark the correct response as the answer-

    • Marked as answer by ReeceAlqotaibi Wednesday, December 5, 2018 4:29 PM
    Friday, April 20, 2018 11:31 AM

All replies

  • There's probably a better way to do this but this is what I threw together in a minute :)
    Get-ADUser -Filter * | where {$_.enabled -eq $true} | where {$_.lastlogondate -gt (Get-Date).AddDays(-90)}


    Learn PowerShell                     Script Requests

    -Remember to mark the correct response as the answer-

    • Marked as answer by ReeceAlqotaibi Wednesday, December 5, 2018 4:29 PM
    Friday, April 20, 2018 11:31 AM
  • Hi, 

    Thanks for your response.

    It might not have been very clear in my initial post but I have already tried that myself.

    Before testing either yours or my own I set a user to enabled which hasn't logged on since June 2017 so I know there is at least one user that should display.



    Friday, April 20, 2018 11:53 AM
  • The lastLogon AD attribute and the LastLogonDate PowerShell property are both not default. If you need them you must specify them with the -Properties parameter of Get-ADUser.

    Also, it would be much more efficient to filter with Enabled and LastLogonDate in the Get-ADUser cmdlet, rather than piping to a Where.

    Edit: For example, similar to:

    Get-ADUser -Filter {(Enabled -eq $True) and (LastLogonDate -gt (Get-Date).AddDays(-90))}

    The default and extended properties exposed by Get-ADUser are documented here:

    https://social.technet.microsoft.com/wiki/contents/articles/12037.active-directory-get-aduser-default-and-extended-properties.aspx

    If a property is not default and you need it later (such as after a pipe), you must specify it with the -Properties parameter. If it is only used with the -Filter parameter of the cmdlet, it doesn't need to be included in -Properties.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Friday, April 20, 2018 11:59 AM
  • "gt" and other operators are not supported in a "Filter"

    This would be one way to do this:

    Get-ADUser -Filter {Enabled -eq $True} -Prop LastLogonDate|
         Where{$_.LastLogonDate -gt [datetime]::Today.AddDays(-90)}


    \_(ツ)_/

    Friday, April 20, 2018 3:02 PM
  • We can also do this:

    Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 90 |Where{$_.Enabled}


    \_(ツ)_/

    Friday, April 20, 2018 3:05 PM