Exchange online, New-DynamicDistributionGroup with phone number - powershell

I'm trying to create a DDG with powershell that returns all users that have mobile phone.
I've checked which propireties are filtrable and I've created the group with:
New-DynamicDistributionGroup -Name "Groupname" -RecipientFilter "(RecipientType -eq 'UserMailbox') -and (Phone -ne '$null')"
And the group gets created successfully, but when I try to see the user in group with the command below I get this error:
$FTE = Get-DynamicDistributionGroup "GroupName"
Get-Recipient -RecipientPreviewFilter $FTE.RecipientFilter -OrganizationalUnit $FTE.RecipientContainer
The recipient preview filter string "((Phone -ne '') -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue
-eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and
(-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq
'AuxAuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox')))" is neither a valid OPath filter nor a valid LDAP filter. Use the
-RecipientPreviewFilter parameter with either a valid OPath filter string or a valid LDAP filter string.
all the other filter string are created automatically buy exchange I guess, what could be the issue?
Thank you for your help.

Related

Get-ADUser Filter error when adding a string criteria containing a variable

I am trying to get only active AD Users in AD which satisfies below conditions:
samaccountname is not null
mail is not null
mail ends with a domain, in this case what is contained in #oldDomain variable
As a demo, I have also filter by only a samaccountname. Below is not working:
$Users = Get-ADUser -Filter {(samaccountname -ne "null") -and (samaccountname -eq "TestUserPruebasSI") -and (Enabled -eq "true") -and (mail -ne "null") -and "mail -like '*$oldDomain'"}
The culprit is the last criteria "mail -like '*$oldDomain'". If I remove it then query Get-ADUser works.
So how can I solve this?

Using below works:
$Users = Get-ADUser -Filter "samaccountname -ne 'null' -and samaccountname -eq 'TestUserPruebasSI' -and Enabled -eq 'true' -and mail -ne 'null' -and mail -like '*$oldDomain'"

Powershell Scripts inconsistent behavior

I have two powershell scripts that revolve around abandoned accounts. These scripts should exclude six specific OUs in our environment. The first reports all accounts that will require action. The second takes action and disables the accounts based on the same criteria.
For reasons I can't figure out, the disable script is leaving behind users across multiple OUs that it is not taking action on. Any help at all will be appreciated.
Here's the reporting version:
import-module activedirectory
$datestring = Get-Date -f MM-dd-yyyy
$oldDate = [DateTime]::Today.AddDays(-45)
$OUDN1 = "OU=Resource accounts,OU=Domain Users,DC=placeholder,DC=org"
$OUDN2 = "OU=Service Accounts,OU=Domain Users,DC=placeholder,DC=org"
$OUDN3 = "OU=DO NOT DELETE,OU=Disabled Accounts,DC=placeholder,DC=org"
$OUDN4 = "CN=Users,DC=placeholder,DC=org"
$OUDN5 = "OU=User Templates,OU=Domain Users,DC=placeholder,DC=org"
$OUDN6 = "CN=Microsoft Exchange System Objects,DC=placeholder,DC=org"
Get-ADUser -filter {(Enabled -eq $True) -AND ((LastLogonDate -lt $olddate) -OR ((LastLogonDate -notlike "*") -AND (WhenCreated -lt $olddate)))} -Properties DisplayName,Name,LastLogonDate,Modified,info,description,sAMAccountName,WhenCreated | Where-Object {($_.DistinguishedName -notlike "*,$OUDN1") -and ($_.DistinguishedName -notlike "*,$OUDN2") -and ($_.DistinguishedName -notlike "*,$OUDN3")-and ($_.DistinguishedName -notlike "*,$OUDN4") -and ($_.DistinguishedName -notlike "*,$OUDN5") -and ($_.DistinguishedName -notlike "*,$OUDN6")} | Select sAMAccountName,Name,description,LastLogonDate,WhenCreated,Modified,DistinguishedName | Export-CSV c:\Reports\nolog45_$datestring.csv
And here's the action version:
import-module activedirectory
$disUsers = #()
$oldDate = [DateTime]::Today.AddDays(-45)
$OUDN1 = "OU=Resource accounts,OU=Domain Users,DC=placeholder,DC=org"
$OUDN2 = "OU=Service Accounts,OU=Domain Users,DC=placeholder,DC=org"
$OUDN3 = "OU=DO NOT DELETE,OU=Disabled Accounts,DC=placeholder,DC=org"
$OUDN4 = "CN=Users,DC=placeholder,DC=org"
$OUDN5 = "OU=User Templates,OU=Domain Users,DC=placeholder,DC=org"
$OUDN6 = "CN=Microsoft Exchange System Objects,DC=placeholder,DC=org"
$disUsers = Get-ADUser -filter {(Enabled -eq $True) -AND (LastLogonDate -lt $olddate)} -Properties sAMAccountName,Name,SID,Enabled,LastLogonDate,Modified,info,description,DistinguishedName | Where-Object {($_.DistinguishedName -notlike "*,$OUDN1") -and ($_.DistinguishedName -notlike "*,$OUDN2") -and ($_.DistinguishedName -notlike "*,$OUDN3")-and ($_.DistinguishedName -notlike "*,$OUDN4") -and ($_.DistinguishedName -notlike "*,$OUDN5") -and ($_.DistinguishedName -notlike "*,$OUDN6")}
foreach ($name in $disUsers) {
$DistName = $name.DistinguishedName
Disable-ADAccount -Identity $DistName -ErrorAction Continue
}
Today's run for example left 30 accounts that the report script found still enabled. It wasn't permissions, because I could disable the same accounts manually with no problems. No red text was generated, no error output - just seemingly ignored the accounts.
Thanks in advance for your help.

The criteria in both scripts is not the same.
Your reporting script has this, which your action script does not:
-OR ((LastLogonDate -notlike "*") -AND (WhenCreated -lt $olddate))

PowerShell "-notlike" comparison is not working with wildcard

I'm trying to filter out various user accounts in PowerShell (using the NTFSSecurity module) and it's not working as completely as expected. It is supposed to get an array of $users except for the following conditions:
$users = Get-NTFSAccess $path | Where-Object {
$_.Account -ne "DOMAIN\Domain Admins" -and
$_.Account -ne "Group1" -and
$_.Account -ne "Group2" -and
$_.Account -notlike "SecProj_*" -and
$_.Account -notlike "GRP_SECURE_*"
}
The script filtering out DOMAIN\Domain Admins, Group1, and Group2. These groups are defined directly by name.
The script is NOT filtering out SecProj_* and GRP_SECURE_*.
Am I using the wildcard (*) correctly in the -notlike statement?

Dynamic Filter Exchange 2010 Powershell

I have tried with many different combinations (including brackets). We are using Exchange 2010 Hybrid environment with O365.
Mailboxes that are migrated to the O365, become "Mail Contact" objects and are no longer being included in our Dynamic Distribution Groups.
Basically I want all on-premise user mailboxes, and "Remote User Mailbox" (not all Mail Contacts) to be included in the filter selection. Where organization is "AB*", my attempt is below:
Set-DynamicDistributionGroup -Identity "Test Filter Group" -RecipientFilter {RecipientType -eq 'UserMailbox' -or RecipientType -eq 'MailUser' -or RecipientType -eq 'MailContact' -and Company -eq 'AB*' -and isMailboxEnabled -eq '$true' -and ObjectCategory -eq 'person' -or ObjectCategory -eq 'users' -and ObjectClass -eq 'user' -and RecipientTypeDetails -ne '16'}
Can someone please help!?

How can I exclude particular names from Get-ADComputer results?

I want to get all computers in my domain that are enabled, and have 2003 operating system, and the name of the computers do Not contain ' ping , pict , pire '
Here is what I have, but totally failing:
Get-ADComputer -filter {(Enabled -eq $True) -and (OperatingSystem -like "*2003*")} -properties OperatingSystem | where {($_.Name -notlike 'PING*') -or ($_.Name -notlike 'PICT*') -or ($_.Name -notlike 'PIRE*')} | Select Name

You can use the -notlike operator inside the filter, so there is no need for the where statement. See the Get-ADComputer reference on technet.
As well as changing your -or operators to -and as I mentioned, I put all conditions into the filter ending up with this:
Get-ADComputer -filter {
Enabled -eq $True -and
OperatingSystem -like '*2003*' -and
Name -notlike 'PING*' -and
Name -notlike 'PICT*' -and
Name -notlike 'PIRE*'
} | Select Name