I am trying to write a basic PowerShell script to Get-ADUser using the UserPrincipleName property. I have tried various items and all of them fail. I have tried
Get-ADUser -Properties {UserPrincipleName -eq "somename#domain.com"}
and have also tried
Get-ADUSer -Properties "someuser#domain.com"
I just am failing to understand how the -properties parameters relates to the UPN.
Related
I'm trying to get all groups that start with the following string from a user "DIR-*". With the following command I get all the groups of the user.
Get-ADUser -Identity $username -Properties memberof | Select-Object -ExpandProperty memberof
I then tried to filter with this, but that doesn't work because the list remains empty.
Get-ADUser -Identity $username -Properties memberof | Select-Object -ExpandProperty memberof | Where-Object {$_.CN -like "DIR-*"}
Unfortunately, I am still a complete beginner when it comes to Powershell, but I need the command promptly.
I thank you for any help.
I'm trying to know if a specific user is member of a specific OU.
Use the -SearchBase parameter with the Get-ADUser cmdlet from the ActiveDirectory RSAT module to narrow your query to a specific subtree:
$ADUser = Get-ADUser -Filter "SamAccountName -eq 'lmontoya'" -SearchBase "OU=TargetOU,DC=domain,DC=tld"
Beware that it will default to a recursive subtree search by default, so if you need to test whether the user is present directly under that OU (as opposed to just somewhere under the OU), you need to specify a -SearchScope as well:
$ADUser = Get-ADUser -Filter "SamAccountName -eq 'lmontoya'" -SearchBase "OU=TargetOU,DC=domain,DC=tld" -SearchScope OneLevel
If the user isn't found with the specified criteria, $ADUser will be empty
The SearchBase/SearchScope parameters work with all the query cmdlets in the module, so you can use the same approach for computers or OUs or whatever else you need to find in a specific container:
# Query all the computer account objects residing at "OU=TargetOU,DC=domain,DC=tld"
Get-ADComputer -Filter * -SearchBase "OU=TargetOU,DC=domain,DC=tld" -SearchScope OneLevel
I'm trying to get an AD Security Group down to a manageable size, but due to display limits in Powershell, this is proving difficult for me. The group is down to 47,720 now after removing all disabled AD accounts. Now I'm trying to filter it down to Enabled users that live in this particular OU. Below is what I've used with success in the console.
Get-ADGroup "very_large_secgroup" -properties Member | Select-Object -expandproperty member | get-aduser -Filter * -SearchBase "OU=PurgeStudents,OU=DisabledAccounts,DC=contoso,DC=com" | Select-Object SamAccountName,DistinguishedName
When I try to count this, or pipe it via Out-File though, I get:
get-aduser : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that
take pipeline input.
At line:1 char:92
+ ... ty member | get-aduser -Filter * -SearchBase "OU=PurgeStudents,OU=Dis ...
Any assistance would be greatly appreciated, as I am a novice in Powershell magic.
Instead of using -Filter *, you could filter for all previous retrieved users. And there is a cmdlet to get the members of a group:
Get-ADGroupMember -Identity "very_large_secgroup" -Recursive | Foreach-Object {Get-ADUser -Filter "Name -like $_.Name" -SearchBase "OU=PurgeStudents,OU=DisabledAccounts,DC=contoso,DC=com" | Select-Object -Properties SamAccountName, DistinguishedName}
When I'm holding a variable and passing it to a commandlet I am getting inconsistent results. Maybe I am just plain using variables in powershell incorrectly? If there were a way to see exactly the line of code my Visual Studio Code was sending at runtime that would be helpful.
My code returns a $null object when executing those first two filters. I've confirmed that $username actually does contain the string "userLoginName" but it doesn't seem to pass to the Get-ADUser commandlet correctly.
PS C:\> $username = "userLoginName"
PS C:\> Get-ADUser -Filter {SAMAccountName -eq "$($username)"}
PS C:\> Get-ADUser -Filter {SAMAccountName -eq "$username"}
PS C:\> Get-ADUser -Filter {SAMAccountName -eq "userLoginName"}
Why is it that only the third -filter command runs successfully? The first two return $null, not a UserNotFound kind of exception or anything. What am I doing wrong here? Do I just have no concept of how to use variables in powershell (yes)? Sorry for being a noob, but thank you for your time.
See this post. The AD calls' -Filter parameter doesn't like taking in string variables as part of a ScriptBlock for some reason (you can read the post more for more info). But passing -Filter as a String should work.
Get-ADUser -Filter "SAMAccountName -eq '$username'"
Alternatively, if you're just wanting to lookup an AD user with the SAMAccountName, you can just do Get-ADUser -Identity $username. That's probably easier. The benefit (or sometimes the consequence) of using the -Filter parameter is that, like you discovered, it won't throw an exception if a user is not found. If you use the -Identity parameter, it WILL throw an exception if a user is not found.
I'm creating a script to manage contacts and users on Exchange 2010 via Powershell. Especially we try to get all distributiongroups of a contact/user.
Is there a way to get the distribution groups of a contact/user? Perhabs without searching in all distributiongroups?
It can be done by using Get-ADObject using the contact's guid:
$contact = Get-MailContact domainname\contactname
(Get-ADObject -Identity $contact.Guid -Properties 'MemberOf').MemberOf
I had errors following the command above, the following tweek worked for me.
(Get-ADObject -Identity $contact.Guid -Properties 'MemberOf' |
Select-Object MemberOf).MemberOf