LDAP Query for Active-Directory Get-ADComputer in PowerShell

Question

I have the below LDAP query (from my previous question answered by Bill_Stewart) in my script that returns all computers from Get-ADComputer for Windows 7, with some exclusions.

$computersFilter= "(&(operatingSystem=*Windows 7*)(name=*-*)(!name=V7-*)(!name=*-none)(!name=*-oncall)(!name=*-blackbaud)(!name=sc-win7-1)(!name=ut-swclient-01))" 

and it works fine with the below call to Get-ADComputer:

$computers= Get-ADComputer -LDAPFilter $computersFilter -Property LastLogonDate | Select-Object Name,LastLogonDate 
$computers | Select Name, LastlogonDate | Export-Csv $ServiceTagsPath -NoTypeInformation

However, I want to have my query return all computers with Windows 7 and above but when I change it like so:

(&(operatingSystem=*Windows 7*)(operatingSystem=*Windows 8*)(operatingSystem=*Windows 10*)

nothing is returned into the $computers variable.

So what's the right way to write an LDAP query to return all operating system versions Windows 7 and above?

Answer 1

After some help from Rob in the comments, and some more research, I found that the correct way is to use OR, and the operator is |

like so:

$computersFilter= "(&(|(operatingSystem=*Windows 7*)"
$computersFilter+= "(operatingSystem=*Windows 8*)"
$computersFilter+= "(operatingSystem=*Windows 8.1*)"
$computersFilter+= "(operatingSystem=*Windows 10*))"
$computersFilter+= "(name=*-*)(!name=V7-*)(!name=*-none)(!name=*-oncall)"
$computersFilter+= "(!name=*-blackbaud)(!name=sc-win7-1)(!name=ut-swclient-01))" 

$computers= Get-ADComputer -LDAPFilter $computersFilter 
-Property * | Select-Object Name, OperatingSystem, LastLogonDate 

$computers | Select Name, OperatingSystem, LastLogonDate | 
Export-Csv $ServiceTagsPath -NoTypeInformation

References:

IBM LDAP Search Filter Expressions

MSDN - LDAP Query Basics