Share via

query on powershell script

Rising Flight 4,596 Reputation points
2024-09-29T11:20:16.4433333+00:00

Hi All

I am trying to use the following lines in a PowerShell script. Lets say extensionAttribute1 represents the job ID of users. When I use the query below, I am getting users with different job IDs as well. What I need is to pull users with job ID 123 from department 10 and users with job ID 124 from department 11. Please guide me.

((userAccountControl -like 512) -and  ((departmentNumber -eq 10) -and (extensionAttribute1 -like '123')) -or ((departmentNumber -eq 11) -and (extensionAttribute1 -like '124')))
Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,781 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,519 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,619 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,544 questions
0 comments
Accepted answer
  1. Marcin Policht 25,285 Reputation points MVP
    2024-09-29T11:25:31.33+00:00

    The issue with the query is due to how the -or operator is evaluated, which could be causing incorrect results. You need to group your conditions carefully to ensure that each condition pair (job ID and department number) is correctly evaluated together.

    Here's how you can adjust your query to make sure that you're pulling the correct users:

    ((userAccountControl -eq 512) -and ((departmentNumber -eq 10 -and extensionAttribute1 -eq '123') -or (departmentNumber -eq 11 -and extensionAttribute1 -eq '124')))

    This ensures that the condition for departmentNumber and extensionAttribute1 are grouped together correctly for each case.

    The parentheses around each department/job ID combination force PowerShell to evaluate those pairs correctly.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rising Flight 4,596 Reputation points
    2024-09-29T12:48:26.29+00:00

    if i need to add more job ids to the existing department will the below query work.

    (userAccountControl -eq 512) -and ((departmentNumber -eq 10 -and (extensionAttribute1 -eq '123' -or '125')) -or (departmentNumber -eq 11 -and (extensionAttribute1 -eq '124' -or '126')))
  2. Rich Matheisen 46,801 Reputation points
    2024-09-29T19:39:57.15+00:00

    The logical operators -and, -or, and -xor all have equal precedence. In other words, they're evaluated in the order in which they're encountered -- in PowerShell (this may not be the case in other languages).

    If your logic requires that they be evaluated in some other it's necessary to use parentheses to "group" make your intentions clear.

    Another problem in your code is using the -like operator without having any wildcard characters in the right-hand value. For example:

    $s='ab123c'
$s -like '123'

$t = '123c'
$t -like '123'

$u = '123c'
$u -like '123'

    They will ALL evaluate to $False! You must include a wildcard. E.g., "123"*, or "*123**In answer to your last question, I'd advise that you not create overly long or complex conditions in your code. In addition to cluttering the code, they make it hard to follow and difficult to modify without introducing errors (either typographical or logical). Instead, isolate the data from the code as much as possible. Here's an example:

    $jobIdGroup10 = @{123=$true; 125=$true}
$jobIdGroup20 = @{124=$true; 126=$true}

(userAccountControl -eq 512) -and (
    (departmentNumber -eq 10 -and ($jobIdGroup10[$_.extensionAttribute1)) -or 
    (departmentNumber -eq 11 -and ($jobIdGroup20[$_.extensionAttribute1))
)
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.