0 votes


I try to change the script from Report 'Inactive users' to get only users which are located under an specific "Admin" OU.

I can't use "Look in" because we manage 20 small Domains and I can only pick one Admin OU at a time.
So I try to change the filter part, add $filterAdminOU = "(ou:dn:=Admin)" -> didn't work.
I can't find the failure :(

# Build search filter
$threshold = (Get-Date).AddDays(- $days)
$thresholdInt64 = $threshold.ToFileTime()
$thresholdGeneralizedTime = [Softerra.Adaxes.Utils.Transform]::ToGeneralizedTime($threshold.ToUniversalTime())

$filterUsers = "(sAMAccountType=805306368)" # all user objects
$filterAdminOU = "(ou:dn:=Admin)"
$filterCreatedBefore = "(whenCreated<=$thresholdGeneralizedTime)"

$filterNoLastLogonTimestamp = "(!(lastLogonTimestamp=*))"
$filterLoggedOnBeforeTimestamp = "(lastLogonTimestamp<=$thresholdInt64)"

# The report is based on the lastLogonTimestamp attribute, which is replicated across all DCs.
# The lastLogon attribute is not replicated but contains the exact time when a 
# user logged on the DC Adaxes is connected to. Using the attribute in search filter makes
# report results more accurate.
$filterNoLastLogon = "(!(lastLogon=*))"
$filterLoggedOnBefore = "(lastLogon<=$thresholdInt64)"

$filterPasswordChangedBefore = "(pwdLastSet<=$thresholdInt64)"

$filter = "(&" +
    $filterUsers + $filterCreatedBefore + $filterAdminOU +
    "(|" + $filterNoLastLogonTimestamp + $filterLoggedOnBeforeTimestamp + ")" +
    "(|" + $filterNoLastLogon + $filterLoggedOnBefore + ")" +
    $filterPasswordChangedBefore + ")"


by (510 points)

Ok, I found "Support for Extensible Match Search Filters are limited, Microsoft's Active Directory for instance does not support this (reference)."

Can I filter the search result like in Powershell | where { $_.CanonicalName -like "*/Admin/*" }


1 Answer

0 votes
by (233k points)
selected by
Best answer

Hello Helmut,

To achieve what you need, we recommend using a Business Unit as the report scope. For information on how to create Business Units, have a look at the following tutorial: https://www.adaxes.com/tutorials_Active ... tively.htm. The Business Unit should contain the users located in the Admin OUs in all the domains.

Related questions

0 votes
1 answer

I have to do a weekly Inactiviy Report for Accounts that have not logged in for 30 days or more. 1 of the reports is for Internal users BUT there is an Account ... Adaxes and working on the product, and i need to get all my reporting done through Adaxes

asked Nov 14 by dtorannini (60 points)
0 votes
1 answer

Dear Adaxes Support, I'm trying to check the uniqueness of the Initials-proberty. My script works well so far. Import-Module Adaxes $value = $Context.GetModifiedPropertyValue("initials"); if ( ... Have you a idea how I can do this in the right way? Thanks :-)

asked Aug 13, 2013 by Napoleon (700 points)
0 votes
1 answer

Hello dear ADAXES community, what i wanted to do is, to have a custom report which does the following: get every group in a specific OU (the OU comes from an adaxes custom ... Add($Group.name) } } is this possible in such a way? thank you for your help

asked Sep 23, 2020 by m_st (200 points)
0 votes
1 answer

We're trying to setup a new action in our Web interface that runs on User's that are currently in an OU called 'New Starters' that is in all of our domains (An ... no results, There are no other fields we can use that are unique to accounts in those OUs

asked Feb 7, 2020 by richarddewis (260 points)
0 votes
1 answer

Hi, Can you tell me how to look up a list of last logged-in users for computers from specific OU? Have OU called Laptops and need to know who as last person logged into ... username-of-last-user-who-lgged-on-to-computer-s269.htm but it' s not design for OU

asked Dec 2, 2019 by roberttryba (70 points)
2,880 questions
2,600 answers
117,186 users