I try to change the script from Report 'Inactive users' to get only users which are located under an specific "Admin" OU.
I can't use "Look in" because we manage 20 small Domains and I can only pick one Admin OU at a time.
So I try to change the filter part, add $filterAdminOU = "(ou:dn:=Admin)" -> didn't work.
I can't find the failure :(
# Build search filter
$threshold = (Get-Date).AddDays(- $days)
$thresholdInt64 = $threshold.ToFileTime()
$thresholdGeneralizedTime = [Softerra.Adaxes.Utils.Transform]::ToGeneralizedTime($threshold.ToUniversalTime())
$filterUsers = "(sAMAccountType=805306368)" # all user objects
$filterAdminOU = "(ou:dn:=Admin)"
$filterCreatedBefore = "(whenCreated<=$thresholdGeneralizedTime)"
$filterNoLastLogonTimestamp = "(!(lastLogonTimestamp=*))"
$filterLoggedOnBeforeTimestamp = "(lastLogonTimestamp<=$thresholdInt64)"
# The report is based on the lastLogonTimestamp attribute, which is replicated across all DCs.
# The lastLogon attribute is not replicated but contains the exact time when a
# user logged on the DC Adaxes is connected to. Using the attribute in search filter makes
# report results more accurate.
$filterNoLastLogon = "(!(lastLogon=*))"
$filterLoggedOnBefore = "(lastLogon<=$thresholdInt64)"
$filterPasswordChangedBefore = "(pwdLastSet<=$thresholdInt64)"
$filter = "(&" +
$filterUsers + $filterCreatedBefore + $filterAdminOU +
"(|" + $filterNoLastLogonTimestamp + $filterLoggedOnBeforeTimestamp + ")" +
"(|" + $filterNoLastLogon + $filterLoggedOnBefore + ")" +
$filterPasswordChangedBefore + ")"