Looking for a little explanation as to why this isn't working and what I might be doing wrong. Any Help would be great!
Expected Results :
BSMITH
Get-Aduser -filter {(givenname -eq "Bob") -and (surname -eq "Smith"))} | select-object SamAccountName
Result :
BSMITH
Works Fine. Good to go
Expected Result :
BSMITH
$textbox_FirstName = "Bob"
$textbox_LastName = "Smith"
Get-Aduser -filter {(givenname -eq "$textbox_FirstName.text") -and (surname -eq "$textbox_LastName.text")} | select-object SamAccountName
Result : (Blank Nothing)
I have tried givenname -eq "$textbox_FirstName.text" without quotes, without .text, with no quotes at all. Still no results :(
Both variables are of the type string they don't have a .text property, in addition adding double quotes to your variable would expand the variable and concatenate .text:
$textbox_FirstName = "Bob"
"$textbox_FirstName.Text" => Bob.Text
Any of these options should give you the output you expect:
Get-Aduser -Filter {GivenName -eq $textbox_FirstName -and Surname -eq $textbox_LastName}
Get-Aduser -Filter "GivenName -eq '$textbox_FirstName' -and Surname -eq '$textbox_LastName'"
Get-Aduser -LDAPFilter "(&(GivenName=$textbox_FirstName)(Surname=$textbox_LastName))"
Related
I have the following problem. I get no output with the following command and no error message either. However, if I take the line by itself and replace $n with the username or just part of it, it works.
$n = Read-Host -Prompt "Benutzer eingeben"
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False -and Name -like "*$n*"} -Properties Name, DisplayName, msDS-UserPasswordExpiryTimeComputed | Select-Object -Property Name, Displayname,#{Name="Expiration Date";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
I would be grateful for a tip
If curly braces are used to enclose the filter, the variable(in this case it's $n) should not be quoted.
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False -and Name -like $n} -Properties Name, DisplayName, msDS-UserPasswordExpiryTimeComputed | Select-Object -Property Name, Displayname,#{Name="Expiration Date";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Here is the relevant part from the documentation.
if the filter expression is double-quoted, the variable should be
enclosed using single quotation marks: Get-ADUser -Filter "Name -like '$UserName'". On the contrary, if curly braces are used to enclose the
filter, the variable should not be quoted at all: Get-ADUser -Filter {Name -like $UserName}.
I'm trying to get AD users into a variable using multiple filters. However one of the filters has variables in it & I can't get it to work... I have searched for similar issues & tried applying those but nothing seems to work.
$FilterBase = "department"
$Filter = "IT"
$ADusers = Get-ADUser -ResultSetSize $null -SearchBase "OU=Users,DC=mydomain,DC=com" -Properties * -Filter {(Enabled -eq $True) -and ($FilterBase -like $Filter) -and (cn -notlike ""SMB_*"")} |
Select-Object distinguishedName |
Sort-Object distinguishedName
I'm trying to fill $ADusers with all enabled users whose commonname doesn't start with "SMB_" (don't ask) & where the department is IT. I used -like to prevent issues if the values in AD would have different casings (uppercase, lowercase, mixed case, ...).
The reason that I'm using variables for this is because in the end the script will be dynamic. At some point $FilterBase is going to be "company" instead of "department" and $Filter is going to be "HR" instead of "IT" etc...
But I just can't seem to get it to work:
Get-ADUser : Error parsing query: '(Enabled -eq $True) -and ($FilterBase -like $Filter) -and (cn -notlike ""SMB_*"")' Error Message: 'syntax error' at position: '74'.
At line:4 char:12
I have tried using quotes around the variables like "$Filter", "$($Filter)", ' $Filter ' but alas. And I know it's not best practice to use variables in Filter but I can't think of any other way to accomplish this.
Any suggestions?
the error has the key to the answer. I'm sure I'll find this again and use it myself because I look this up every year or so...
Error parsing query: '(Enabled -eq $True)...'
In this case the filter needs a simple string 'True' which the variable $True does equal.
Two options will work, either
Enabled -eq 'True'
or
Enabled -eq '$True'
but
Enabled -eq $True
will not.
This should work
Replaced the braces with double quotes so inside them the variables still parse
Put single quotes around all strings and variables that resolve into strings
'$True'
'$Filter'
'SMB_*'
$FilterBase = "department"
$Filter = "IT"
$ADusers = Get-ADUser -ResultSetSize $null -SearchBase "OU=Users,DC=mydomain,DC=com" -Properties CN -Filter "(Enabled -eq '$True') -and ('$FilterBase' -like '$Filter') -and (CN -notlike 'SMB_*')" |
Select-Object distinguishedName |
Sort-Object distinguishedName
Important to note the above syntax highlighting will make the sample above look wrong because it misses the tokens like $FilterBase and $Filter when there are inside single quotes inside double quotes. Remember that single quotes are just apostrophes when inside double quotes, therefore the tokens should be colored differently and not look like strings.
> "('$FilterBase' -like '$Filter')"
('department' -like 'IT')
Paste a sample like above and see what it resolves to - best way to figure it out.
its just simply syntax error.
$enabled = 'Enabled'
$EnabledTrueOrFalse = $true
$SN = 'Surname'
$surname = "Doe"
$OU = "OU=Users,DC=mydomain,DC=com"
Get-ADuser -filter{$enabled -eq $EnabledTrueOrFalse -and $SN -eq $surname} -SearchBase $OU -Properties * | Select-Object distinguishedName | Sort-Object distinguishedName
read more about it here
Thanks for the tips guys. I couldn't get it to work with multiple filters so I moved some filters to the where clause.
My current (working) code is now:
$FilterBase = "department"
$Filter = "IT"
$ADusers = Get-ADUser -ResultSetSize $null -SearchBase "OU=Users,DC=mydomain,DC=com" -Properties * -Filter "$FilterBase -like `"$Filter`"" |
Where {$_.Enabled -eq $True -and $_.CN -notlike "SMB_*"} |
Select-Object distinguishedName |
Sort-Object distinguishedName
I'm trying to get a list of Active Directory users who have no description set.
I start with getting a list of users:
$users = Get-AdUser -Filter {(Enabled -eq "True" )} -Properties Description
And then I tried these options (to get list of users with no description):
$NoDescrUsers = $users | Where-Object {$_.Description -eq ""}
$NoDescrUsers = $users | Where-Object {$_.Description -eq ''}
$NoDescrUsers = $users | Where-Object $_.Description -eq ""
$NoDescrUsers = $users | Where-Object {$_.Description -match ""}
$NoDescrUsers = $users | Where-Object -not {$_.Description -like '*'}
None of these work (or it returns 0 in a foreach or returns everyone). What should my command look like?
I'm not sure why none of the options you tried worked (it seems like they should). Having Googled the general consensus seems to be that you can do this successfully (and more efficiently) within the initial -filter. For example:
$NoDescrUsers = Get-AdUser -Filter {(Enabled -eq "True" ) -and (description -notlike '*')} -Properties Description
If you filter description -like or -notlike
'*'
) that means you'll take any character (or not).
If you want filter only empty description in your AD request, you could do:
$NoDescrUsers = Get-AdUser -Filter {(Enabled -eq "True" ) -Properties Description
if ($NoDescrUsers.Description -eq $null)
{write-host "no description"}
I have limited, self-taught experience with PowerShell so this is probably something basic but I can't seem to get it right.
I'm in Active Directory and I need to pull a list of users who's email address doesn't start with their SamAccountName.
(So if your login is jdoe but your email is johndoe#mycompany.com then your profile would be returned)
I've got most of what I need...but I can't figure out how to compare the two properties against eachother.
Right now I have
Get-ADUser -Filter 'enabled -eq $true' -Properties *|
Where {$_.PasswordNeverExpires -eq $false} |
Select Name, SamAccountName, EmailAddress, PasswordNeverExpires
I've tried a few different things to filter what I need, the following command shows exactly what I want (but of course this syntax doesn't work)
Get-ADUser -Filter 'enabled -eq $true' -Properties *|
Where {$_.PasswordNeverExpires -eq $false} |
Where-Object EmailAddress -Contains SamAccountName |
Select Name, SamAccountName, EmailAddress, PasswordNeverExpires
Thanks!
Use a scriptblock for the Where-Object filter like in your second pipeline element:
Where-Object { $_.EmailAddress -notlike "$($_.SamAccountName)*" }
You can even combine it with the first filter, using the -and operator:
Where-Object { $_.PasswordNeverExpires -eq $false -and $_.EmailAddress -notlike "$($_.SamAccountName)*" }
Finally, specify only the properties you need rather that -Properties * (no need to wait for the Domain Controller to return data you won't need):
$Properties = 'Name','SamAccountName','EmailAddress','PasswordNeverExpires'
Get-ADUser -Filter 'enabled -eq $true' -Properties $Properties |Where-Object {
$_.PasswordNeverExpires -eq $false -and
$_.EmailAddress -notlike "$($_.SamAccountName)*"
} |Select-Object $Properties
I try to filter out something like this:
Get-ADComputer -Filter {name -like "chalmw-dm*" -and Enabled -eq "true"} ...
This works like a charm and gets exactly what I want...
Now I want the "name -like ..." part as a variable like this:
Get-ADComputer -Filter {name -like '$nameregex' -and Enabled -eq "true"} |
I checked several questions (for example, PowerShell AD Module - Variables in Filter), but this isn't working for me.
I tried it with the following:
$nameRegex = "chalmw-dm*"
$nameRegex = "`"chalmw-dm*`""
And also in the Get-ADComputer command with those ' and without.
Could anyone give me some hints?
You don't need quotes around the variable, so simply change this:
Get-ADComputer -Filter {name -like '$nameregex' -and Enabled -eq "true"}
into this:
Get-ADComputer -Filter {name -like $nameregex -and Enabled -eq "true"}
Note, however, that the scriptblock notation for filter statements is misleading, because the statement is actually a string, so it's better to write it as such:
Get-ADComputer -Filter "name -like '$nameregex' -and Enabled -eq 'true'"
Related. Also related.
And FTR: you're using wildcard matching here (operator -like), not regular expressions (operator -match).
Add double quote
$nameRegex = "chalmw-dm*"
-like "$nameregex" or -like "'$nameregex'"
Try this:
$NameRegex = "chalmw-dm"
$NameR = "$($NameRegex)*"
Get-ADComputer -Filter {name -like $NameR -and Enabled -eq $True}
Or
-like '*'+$nameregex+'*'
if you would like to use wildcards.