0 votes

Hello,

I try to change the script from Report 'Inactive users' to get only users which are located under an specific "Admin" OU.

I can't use "Look in" because we manage 20 small Domains and I can only pick one Admin OU at a time.
So I try to change the filter part, add $filterAdminOU = "(ou:dn:=Admin)" -> didn't work.
I can't find the failure :(

# Build search filter
$threshold = (Get-Date).AddDays(- $days)
$thresholdInt64 = $threshold.ToFileTime()
$thresholdGeneralizedTime = [Softerra.Adaxes.Utils.Transform]::ToGeneralizedTime($threshold.ToUniversalTime())

$filterUsers = "(sAMAccountType=805306368)" # all user objects
$filterAdminOU = "(ou:dn:=Admin)"
$filterCreatedBefore = "(whenCreated<=$thresholdGeneralizedTime)"

$filterNoLastLogonTimestamp = "(!(lastLogonTimestamp=*))"
$filterLoggedOnBeforeTimestamp = "(lastLogonTimestamp<=$thresholdInt64)"

# The report is based on the lastLogonTimestamp attribute, which is replicated across all DCs.
# The lastLogon attribute is not replicated but contains the exact time when a 
# user logged on the DC Adaxes is connected to. Using the attribute in search filter makes
# report results more accurate.
$filterNoLastLogon = "(!(lastLogon=*))"
$filterLoggedOnBefore = "(lastLogon<=$thresholdInt64)"

$filterPasswordChangedBefore = "(pwdLastSet<=$thresholdInt64)"

$filter = "(&" +
    $filterUsers + $filterCreatedBefore + $filterAdminOU +
    "(|" + $filterNoLastLogonTimestamp + $filterLoggedOnBeforeTimestamp + ")" +
    "(|" + $filterNoLastLogon + $filterLoggedOnBefore + ")" +
    $filterPasswordChangedBefore + ")"

regards
Helmut

by (510 points)
0

Ok, I found "Support for Extensible Match Search Filters are limited, Microsoft's Active Directory for instance does not support this (reference)."

Can I filter the search result like in Powershell | where { $_.CanonicalName -like "*/Admin/*" }

regards
Helmut

1 Answer

0 votes
by (294k points)
selected by
Best answer

Hello Helmut,

To achieve what you need, we recommend using a Business Unit as the report scope. For information on how to create Business Units, have a look at the following tutorial: https://www.adaxes.com/tutorials_Active ... tively.htm. The Business Unit should contain the users located in the Admin OUs in all the domains.

Related questions

0 votes
1 answer

I have to do a weekly Inactiviy Report for Accounts that have not logged in for 30 days or more. 1 of the reports is for Internal users BUT there is an Account ... Adaxes and working on the product, and i need to get all my reporting done through Adaxes

asked Nov 14, 2022 by dtorannini (80 points)
0 votes
1 answer

Hi there, I've created a Delete User feature in the Web Interface Configurator. I am trying to restrict object selection via a User Criteria. Need to exclude Service ... won't appear when selecting target user for the 'Delete User' feature. Thanks, David

asked Sep 19 by dshortall (80 points)
0 votes
1 answer

Dear Adaxes Support, I'm trying to check the uniqueness of the Initials-proberty. My script works well so far. Import-Module Adaxes $value = $Context.GetModifiedPropertyValue("initials"); if ( ... Have you a idea how I can do this in the right way? Thanks :-)

asked Aug 13, 2013 by Napoleon (700 points)
0 votes
1 answer

so i have Move user action in this action i will let help desk to move users in specific OU's i want to do like this let say if user is inside OU 1 i have OU ... can only see user object inside one of Shift OU , how can i accomplish that? Any professional ?

asked Dec 5 by vagifazari (450 points)
0 votes
1 answer

Is it possible to create a business unit and have it auto populate with group owners in a specific OU. I've tried a few scripts to get propertie adm-managedbylist but none have worked so far.

asked Nov 18 by C27 (20 points)
3,588 questions
3,277 answers
8,303 comments
548,085 users