除了确保用户对象实际上具有员工编号并已启用之外,我还尝试使用特定的员工编号过滤掉几个员工。
还有更好的写法吗?并在用户仍在访问时使其真正发挥作用。
Get-ADUser -Filter {(employeeNumber -ne $false) -and (employeeNumber -ne 000614)
-and (employeeNumber -ne 000864) -and (employeeNumber -ne 001195)
-and (employeeNumber -ne 001200) -and (employeeNumber -ne 001201)
-and (employeeNumber -ne 000628) -and (employeeNumber -ne 000742)
-and (employeeNumber -ne 000041) -and (employeeNumber -ne 001225)
-and (employeeNumber -ne 001181) -and (employeeNumber -ne 001074)
-and (employeeNumber -ne 001203) -and (employeeNumber -ne 001198)
-and (employeeNumber -ne 001208) -and (employeeNumber -ne 001224)
-and (employeeNumber -ne 001207) -and (employeeNumber -ne 001199)
-and (employeeNumber -ne 001210) -and (employeeNumber -ne 001214)
-and (employeeNumber -ne 001220) -and (employeeNumber -ne 001212)
-and (employeeNumber -ne 001213) -and (employeeNumber -ne 001221)
-and (employeeNumber -ne 000036) -and (employeeNumber -ne 000589)
-and (employeeNumber -ne 099998) -and (enabled -ne $false)}
最佳答案
Any better way to write this?
其实不然,过滤方法是正确的。您可以自动化的是从值数组构建过滤器字符串。我个人在这里使用LDAPFilter,构建过滤字符串更容易。
$toExclude = 000864, 001200, 000628, 000041, 001181, 001203 # etc, more values can be added here
$filter = -join @(
'(&' # AND, all conditions must be met
'(!userAccountControl:1.2.840.113556.1.4.803:=2)' # Enabled objects
'(employeeNumber=*)' # employeeNumber is not null
$toExclude | ForEach-Object { # employeeNumber is not equal to
"(!employeeNumber=$_)" # any of the values in $toExclude
}
')' # close AND
)
Get-ADUser -LDAPFilter $filter
关于powershell - 过滤多个值,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/77413674/