0 votes

Hello,

I try to change the script from Report 'Inactive users' to get only users which are located under an specific "Admin" OU.

I can't use "Look in" because we manage 20 small Domains and I can only pick one Admin OU at a time.
So I try to change the filter part, add $filterAdminOU = "(ou:dn:=Admin)" -> didn't work.
I can't find the failure :(

# Build search filter
$threshold = (Get-Date).AddDays(- $days)
$thresholdInt64 = $threshold.ToFileTime()
$thresholdGeneralizedTime = [Softerra.Adaxes.Utils.Transform]::ToGeneralizedTime($threshold.ToUniversalTime())

$filterUsers = "(sAMAccountType=805306368)" # all user objects
$filterAdminOU = "(ou:dn:=Admin)"
$filterCreatedBefore = "(whenCreated<=$thresholdGeneralizedTime)"

$filterNoLastLogonTimestamp = "(!(lastLogonTimestamp=*))"
$filterLoggedOnBeforeTimestamp = "(lastLogonTimestamp<=$thresholdInt64)"

# The report is based on the lastLogonTimestamp attribute, which is replicated across all DCs.
# The lastLogon attribute is not replicated but contains the exact time when a 
# user logged on the DC Adaxes is connected to. Using the attribute in search filter makes
# report results more accurate.
$filterNoLastLogon = "(!(lastLogon=*))"
$filterLoggedOnBefore = "(lastLogon<=$thresholdInt64)"

$filterPasswordChangedBefore = "(pwdLastSet<=$thresholdInt64)"

$filter = "(&" +
    $filterUsers + $filterCreatedBefore + $filterAdminOU +
    "(|" + $filterNoLastLogonTimestamp + $filterLoggedOnBeforeTimestamp + ")" +
    "(|" + $filterNoLastLogon + $filterLoggedOnBefore + ")" +
    $filterPasswordChangedBefore + ")"

regards
Helmut

by (510 points)
0

Ok, I found "Support for Extensible Match Search Filters are limited, Microsoft's Active Directory for instance does not support this (reference)."

Can I filter the search result like in Powershell | where { $_.CanonicalName -like "*/Admin/*" }

regards
Helmut

1 Answer

0 votes
by (228k points)
selected by
Best answer

Hello Helmut,

To achieve what you need, we recommend using a Business Unit as the report scope. For information on how to create Business Units, have a look at the following tutorial: https://www.adaxes.com/tutorials_Active ... tively.htm. The Business Unit should contain the users located in the Admin OUs in all the domains.

Related questions

0 votes
1 answer

Dear Adaxes Support, I'm trying to check the uniqueness of the Initials-proberty. My script works well so far. Import-Module Adaxes $value = $Context.GetModifiedPropertyValue("initials"); if ( ... Have you a idea how I can do this in the right way? Thanks :-)

asked Aug 13, 2013 by Napoleon (700 points)
0 votes
1 answer

Hello dear ADAXES community, what i wanted to do is, to have a custom report which does the following: get every group in a specific OU (the OU comes from an adaxes custom ... Add($Group.name) } } is this possible in such a way? thank you for your help

asked Sep 23, 2020 by m_st (200 points)
0 votes
1 answer

We're trying to setup a new action in our Web interface that runs on User's that are currently in an OU called 'New Starters' that is in all of our domains (An ... no results, There are no other fields we can use that are unique to accounts in those OUs

asked Feb 7, 2020 by richarddewis (260 points)
0 votes
1 answer

Hi, Can you tell me how to look up a list of last logged-in users for computers from specific OU? Have OU called Laptops and need to know who as last person logged into ... username-of-last-user-who-lgged-on-to-computer-s269.htm but it' s not design for OU

asked Dec 2, 2019 by roberttryba (70 points)
0 votes
1 answer

We have a custom website for our basic people search web page to lookup users in AD as a people directory. Everything works great except for the search allows users to search AD ... Page but we wanted to do the same in the search. Any ideas Thanks, Rodney

asked Jul 3, 2013 by rjthompson (80 points)
2,807 questions
2,541 answers
6,615 comments
65,085 users