Adaxes

Assistance needed with Search filter and date as string

0 votes

I have an export that will run as a monthly scheduled task that will write output to a CSV to contain employees that have been terminated in the last month. I've initialized variable to contain the start date ($lastMonth) and added a comparison to my Search filter, but am not getting any results. I definitely have one record that contains a terminationDate. I suspect my filter is incorrect. The terminationDate attribute is stored as a string and I'm attempting to compare it with a date. If I remove the terminationDate <=... filter, I get the one record I'm expecting. I'm attaching a snippet below...


$lastMonth = (Get-Date).AddMonths(-1).ToFileTime()

# Get AdsPath of target object
$targetObject = $Context.BindToObjectByDN("%distinguishedName%")
$targetObjectPath = $targetObject.ADsPath

# Search all users in the target OU
$userSearcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
$userSearcher.SearchParameters.BaseObjectPath = $targetObjectPath
$userSearcher.SearchParameters.PageSize = 1000
$userSearcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
# Filter for ALL objects where employeeID doesn't contain zeros or 'NMU' and employeeID is not blank and mail is not blank and terminationDate is populated
$userSearcher.SearchParameters.Filter = "(&(objectCategory=person)(objectClass=user)(!(employeeID=000000))(!(employeeID=NMU))(!(employeeID=?))(employeeID=*)(mail=*)(terminationDate=*)([datetime]terminationDate>=$lastMonth))"
$properties = $eachFieldIn
$userSearcher.SetPropertiesToLoad($properties)
by (870 points)
0

It looks like the get-date cmdlet stores the date as an Int64 not DateTime when using "ToFileTime". Aside from that, I'm not sure if using "[datetime]terminationDate" in the filter would actually work to convert the string to datetime. You could filter on anybody that has a terminationdate attribute populated and then do the date comparison after the fact, which I realize isn't as efficient, but still an alternative.

by (540 points)
0

Hello,

Since dates are stored as plain text, you won't be able to compare them to the current date. In this case, the >= operator in your LDAP filter can only compare strings instead of comparing the actual dates.

To do what you need, you'll need to get the value of the terminationDate attribute of each user, convert it to a DateTime structure, and then compare it to the target date.

Can you provide the format in which dates are stored in the terminationDate attribute so we could provide you a script? Just a couple of examples of the dates stored in the attribute will be enough.

by (216k points)
0

Screen capture attached.

(Active Directory Snippet with TerminationDate)

by (870 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Here's a code snippet that will do the job:

# Search users
$userSearcher = $Context.TargetObject
$userSearcher.PageSize = 500
$userSearcher.SearchScope = "ADS_SCOPE_SUBTREE"

# Filter for ALL objects where employeeID doesn't contain zeros or 'NMU' and employeeID is not blank and mail is not blank and terminationDate is populated
$userSearcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(!(employeeID=000000))(!(employeeID=NMU))(!(employeeID=?))(employeeID=*)(mail=*)(terminationDate=*))"

# Add terminationDate to properties that will be fetched
$propertiesToLoad = $eachFieldIn + "terminationDate"
$userSearcher.SetPropertiesToLoad($propertiesToLoad)

try
{
    $searchResultIterator = $userSearcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()
    $lastMonth = (Get-Date).AddMonths(-1)

    foreach ($searchResult in $searchResults)
    {
        # Get termination date for the user
        $terminationDateString = $searchResult.Properties["terminationDate"].Value

        # Convert to DateTime
        $terminationDate = [Datetime]::ParseExact($terminationDateString, 'MM/dd/yyyy', $NULL)

        # Check if termination date Less-than or equal to $lastMonth
        if ($terminationDate -le $lastMonth)
        {
            # TODO: Your code here
        }
    }
}
finally
{
    # Release resources used by the search
    $searchResultIterator.Dispose()
}

Related questions

0 votes
1 answer
Assistance with Search filter that isn't finding existing AD

I'm attaching below a snippet from a scheduled task. It's a function that receives as a parameter the employeeID, which is then used in the search filter. ... { $userInfo."$propertyName" = $searchResult.Properties[$propertyName].Value } } return $userInfo }

asked Oct 28, 2016 by sandramnc (870 points)
0 votes
0 answers
Assistance needed with Re-Enabling an Account via WebUI

Please excuse this lengthy post but in order to fully explain my scenario, I believe it's necessary. We're using the Adaxes Web Interface to enable Department HR Reps to ... it being e-mailed. Any assistance or guidance would be greatly appreciated. Thanks...

asked Jul 19, 2016 by sandramnc (870 points)
0 votes
1 answer
Search/Filter by users with a shared mailbox

Hi, I'm very new to Adaxes and still getting to grips with it. Is there any way to search or filter within the web interface, users that have an Exchange Online shared mailbox? Thanks

asked Oct 14, 2020 by sysg89 (20 points)
0 votes
1 answer
what version of powershell is needed with modern auth and connect to 0365/azure

what version of powershell is needed with modern auth and connect to 0365/azure

asked Sep 30, 2022 by sra98a (120 points)
0 votes
1 answer
How do I use attribute for LDAP filter? String is getting erroneously escaped.

Hi, I recently upgraded Adaxes from 2021.1 to 2023.2, and after the upgrade, an LDAP filter for retrieving the groups a user is owner of, stopped working. The reason ... attribute instead, like this: It works, but sadly it is quite slow. Best regards Martin

asked Aug 21, 2023 by Martin (150 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users