Yeah, this isn't that easy. I'd recommend you use adfind with the -excldn argument.
Otherwise what you actually have to do (which adfind does internally) is compare each result to ensure that it doesn't match the distinguishedname for the excluded OU. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Glen Johnson [mailto:[email protected]] Sent: Thursday, March 04, 2010 1:27 PM To: NT System Admin Issues Subject: Powershell help Ok folks. I'm just getting started with PS but I bet someone out there will spot my errors right away. BTW, most of this I found googling so I can't take credit for writing it. What I want to do is retrieve a list of all AD users, except those in the In-Active Users, OU. I'd like the output to include, Name, Account name, Department and Title. Here is the script. BTW, this is PS2 on a win7 machine. $strFilter = "(&(objectCategory=User)(!(OU=In-Active Users)))" $objDomain = New-Object System.DirectoryServices.DirectoryEntry $objSearcher = New-Object System.DirectoryServices.DirectorySearcher $objSearcher.SearchRoot = $objDomain $objSearcher.PageSize = 1000 $objSearcher.Filter = $strFilter $objSearcher.SearchScope = "Subtree" $colProplist = "name", "sAMAccountName", "Department", "Title" foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)} $colResults = $objSearcher.FindAll() foreach ($objResult in $colResults) {$objItem = $objResult.Properties $objItem.name, $objItem.sAMAccountName, $objItem.Department, $objItem.Title $Write } And here is what I get as output. I have no clue where the 0,1,2,3 is coming from. We sure don't have user accounts with those names. 0 1 2 3 Administrator Glen Johnson Guest ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
