0

Wrote below script a while back but discovered that due to a process change phone numbers we need a delay on the accounts the script goes and gets. Currently it exports into CSV any new account created after 1 day. We need it so it gets new accounts but with a delay of 2 weeks, no earlier and no later. Like WhenCreated equals to 14 days, nothing before, nothing after.

Import-Module ActiveDirectory

$When = ((Get-Date).AddDays(-1)).Date
$OUArea = "OU=Accounts,DC=contoso,DC=uk"
$ExportPath= "\\Fileshare\share\Filename-$(get-date -f dd-MM-yyy).csv"

Get-ADUser -SearchBase $OUArea -Filter {whenCreated -ge $When} -properties  givenName, sn, sAMAccountName, title, department, msRTCSIP-Line, mail, whenCreated |
Select-Object givenName, sn, sAMAccountName, title, department,@{n='msRTCSIP-Line';e={$_.'msRTCSIP-Line' -Replace('tel:'),''}}, mail, whenCreated |

Export-Csv -NoTypeInformation $ExportPath
BenH
  • 1
  • Filter on the start and end of the window you're looking in. i.e. `$whenStart = (Get-Date '00:00:00').AddDays(-14);` `$whenEnd = $whenStart.AddDays(1);` `$filter = "(Created -ge '{0:yyyy-MM-dd HH:mm:ss}') -and (Created -lt '{1:yyyy-MM-dd HH:mm:ss}')" -f $whenStart, $whenEnd;` `get-aduser -filter $filter;` – JohnLBevan Oct 19 '22 at 11:22
  • 1
    @JohnLBevan No, the `Created` property is a **DateTime** object and you should not compair that to a **string**. – Theo Oct 19 '22 at 13:31
  • @Theo `Filter` is defined as a string; so anything you pass there will need to be converted to a string. You do have to be careful with dates; e.g. if filtering on `created` ensure you format the date part as `yyyy-MM-dd ` to avoid potential issues with `dd/MM` vs `MM/dd` format ambiguity; or if using `lastLogonTimestamp` convert the date to a filetime first. https://learn.microsoft.com/en-us/powershell/module/activedirectory/get-aduser?view=windowsserver2022-ps#-filter – JohnLBevan Oct 19 '22 at 20:49
  • You can use curly braces / then PS does some of the conversion for you, but that adds overhead, and can be confusing as it looks like a scriptblock; but isn't really / has some odd quirks that can catch people out. https://stackoverflow.com/questions/20075502/get-aduser-filter-will-not-accept-a-variable/44184818#44184818 – JohnLBevan Oct 19 '22 at 20:51
  • 1
    @JohnLBevan Sorry, but you're wrong about the date comparison. If you want `Created` to be compared to a certain date in string format, then you should also format `Created`. If you do want to compare strings, then you would be better off comparing the LDAP `whenCreated` property (which is stored in AD as a [Generalized-Time](https://learn.microsoft.com/en-us/windows/win32/adschema/s-string-generalized-time) string) and format your comparison dates in that same way. There are lots of examples here on SO that show how to filter on `Created` – Theo Oct 20 '22 at 11:33
  • Get-ADUser : Error parsing query: 'Created -ge 10/06/2022 00:00:00 -and Created -lt 10/07/2022 00:00:00' Error Message: 'Operator Not supported: ' at position: '15'. At line:10 char:1 + Get-ADUser -SearchBase $OUArea -Filter "Created -ge $whenStart -and C ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ParserError: (:) [Get-ADUser], ADFilterParsingException + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.A ctiveDirectory.Management.Commands.GetADUser – BenH Oct 20 '22 at 12:17
  • Sorry I could not fit in all of it but I am getting above @Theo – BenH Oct 20 '22 at 12:18
  • 1
    @BenH The full error is not visible in a comment. However, you _could_ try `-Filter {Created -ge $whenStart -and Created -lt $whenEnd}` – Theo Oct 20 '22 at 12:55
  • 1
    @Theo - you're right; thanks for correcting me... I was confusing curly braces vs strings; but hadn't realised the differences between string-interpolation vs leaving the variable references in the string (mkelement0's answer that I'd linked actually explains that; but I'd missed the point as went in with assumptions / not paying enough attension ). Thanks for putting me back on the right track :) – JohnLBevan Oct 21 '22 at 16:35

1 Answers1

1

The -Filter parameter should actually be a string, not a scriptblock.
If you want to filter out users that were created exactly 14 days ago you can do this:

Import-Module ActiveDirectory

$whenStart  = (Get-Date).AddDays(-14).Date  # two weeks ago, set to midnight
$whenEnd    = $whenStart.AddDays(1)
$OUArea     = 'OU=Accounts,DC=contoso,DC=uk'
$ExportPath = '\\Fileshare\share\Filename-{0:dd-MM-yyyy}.csv' -f (Get-Date)

# Get-ADUser by default already returns objects with these properties:
# DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
Get-ADUser -SearchBase $OUArea -Filter 'Created -ge $whenStart -and Created -lt $whenEnd' -Properties Title, Department, 'msRTCSIP-Line', EmailAddress, Created |
Select-Object GivenName, Surname, SamAccountName, Title, Department,
              @{Name = 'msRTCSIP-Line';Expression = {$_.'msRTCSIP-Line' -replace '^tel:'}}, 
              EmailAddress, Created |
Export-Csv -Path $ExportPath -NoTypeInformation
JohnLBevan
  • 22,735
  • 13
  • 96
  • 178
Theo
  • 57,719
  • 8
  • 24
  • 41