Share via

query on powershell script

Rising Flight 6,276 Reputation points
2024-09-29T11:20:16.4433333+00:00

Hi All

I am trying to use the following lines in a PowerShell script. Lets say extensionAttribute1 represents the job ID of users. When I use the query below, I am getting users with different job IDs as well. What I need is to pull users with job ID 123 from department 10 and users with job ID 124 from department 11. Please guide me.

((userAccountControl -like 512) -and  ((departmentNumber -eq 10) -and (extensionAttribute1 -like '123')) -or ((departmentNumber -eq 11) -and (extensionAttribute1 -like '124')))
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | PowerShell
Windows for business | Windows Server | User experience | Other
0 comments
Answer accepted by question author
  1. Marcin Policht 73,320 Reputation points MVP Volunteer Moderator
    2024-09-29T11:25:31.33+00:00

    The issue with the query is due to how the -or operator is evaluated, which could be causing incorrect results. You need to group your conditions carefully to ensure that each condition pair (job ID and department number) is correctly evaluated together.

    Here's how you can adjust your query to make sure that you're pulling the correct users:

    ((userAccountControl -eq 512) -and ((departmentNumber -eq 10 -and extensionAttribute1 -eq '123') -or (departmentNumber -eq 11 -and extensionAttribute1 -eq '124')))

    This ensures that the condition for departmentNumber and extensionAttribute1 are grouped together correctly for each case.

    The parentheses around each department/job ID combination force PowerShell to evaluate those pairs correctly.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rising Flight 6,276 Reputation points
    2024-09-29T12:48:26.29+00:00

    if i need to add more job ids to the existing department will the below query work.

    (userAccountControl -eq 512) -and ((departmentNumber -eq 10 -and (extensionAttribute1 -eq '123' -or '125')) -or (departmentNumber -eq 11 -and (extensionAttribute1 -eq '124' -or '126')))
  2. Rich Matheisen 48,036 Reputation points
    2024-09-29T19:39:57.15+00:00

    The logical operators -and, -or, and -xor all have equal precedence. In other words, they're evaluated in the order in which they're encountered -- in PowerShell (this may not be the case in other languages).

    If your logic requires that they be evaluated in some other it's necessary to use parentheses to "group" make your intentions clear.

    Another problem in your code is using the -like operator without having any wildcard characters in the right-hand value. For example:

    $s='ab123c'
$s -like '123'

$t = '123c'
$t -like '123'

$u = '123c'
$u -like '123'

    They will ALL evaluate to $False! You must include a wildcard. E.g., "123"*, or "*123**In answer to your last question, I'd advise that you not create overly long or complex conditions in your code. In addition to cluttering the code, they make it hard to follow and difficult to modify without introducing errors (either typographical or logical). Instead, isolate the data from the code as much as possible. Here's an example:

    $jobIdGroup10 = @{123=$true; 125=$true}
$jobIdGroup20 = @{124=$true; 126=$true}

(userAccountControl -eq 512) -and (
    (departmentNumber -eq 10 -and ($jobIdGroup10[$_.extensionAttribute1)) -or 
    (departmentNumber -eq 11 -and ($jobIdGroup20[$_.extensionAttribute1))
)
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.