I am looking for all accounts that have “(FUR)” in the begging of their AD account description. I need these for any and all OUs under Office/Users. All of these accounts that Have “(FUR)” in the description, I need the following exported;
User Logon Name
Description
extensionattribute11
This is what I have come up with so far:
Import-Module ActiveDirectory;
$creds = Get-Credential
$OUPath = 'OU=Standard Users,OU=NY,OU=users,OU=Offices,DC=US,DC=FLN,DC=NET'
Get-ADUser -Properties Description -Filter "(FUR)" -SearchBase $OUPath
This is the error I get:
Get-ADUser : Error parsing query: '(FUR)' Error Message: 'syntax
error' at position: '5'. At line:2 char:1
+ Get-ADUser -Properties Description -Filter "(FUR)" -SearchBase $OUPat ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Get-ADUser], ADFilterParsingException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
When using the -Filter parameter, you must pass a string that contains the syntax propertyName -operator value.
Get-ADUser -Properties Description -Filter "Description -like '(FUR)*'" -SearchBase $OUPath
(FUR)* would match a value that begins with (FUR). You would need to use *(FUR)* if you do not know where (FUR) exists within the value.
See Get-ADUser for a more in-depth description.
Related
For a lab working on PowerShell, I have to target a specific OU and list the following information in a text file.
DistinguishedName
DNSHostName
Enabled
Name
ObjectClass
ObjectGUID
SamAccountName
SID
UserPrincipleName
I've found a ton of resources online on how to do this and continuously get an error no matter how I format it.
Here is my code:
$ou = 'OU=Testing,OU=Labs,OU=UWEC Computers DC=uwec, DC=edu'
$Computers = Get-ADComputer -Filter '*' -SearchBase $ou
$Computers | foreach {
$_.DNSHostName
} | Out-File -Filepath "C:\Windows\Temp\Lab7.txt"
I continuously get this error no matter what syntax I use:
Get-ADComputer : The object name has bad syntax
At line:1 char:1
+ Get-ADComputer -Filter '*' -SearchBase 'OU=Testing,OU=Labs,OU=UWEC Co ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ADComputer], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8335,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
The code you posted does not match the error you posted. However, the most likely reason for the error is a missing comma in your OU:
$ou = 'OU=Testing,OU=Labs,OU=UWEC Computers DC=uwec, DC=edu'
# ^right here
Change that into
$ou = 'OU=Testing,OU=Labs,OU=UWEC Computers,DC=uwec, DC=edu'
and the problem should disappear.
I am trying to set up a method in which a user can tell me there username, I plug it in and it will return me their computerName.
//Get the Username
$username = Read-Host -prompt 'Username'
//Get the DistinguishedName and store it
$usernameDN = Get-ADUser $username -properties * | SELECT DistinguishedName
//Get the ComputerName
//This one fails everytime
Get-ADComputer -Filter {ManagedBy -eq $usernameDN} -properties * | SELECT CN,ManagedBy
//Error I receive...almost as if it has to be a string
Get-ADComputer : Invalid value: '' specified for extended attribute:
'ManagedBy'. At line:1 char:1
+ Get-ADComputer -Filter {ManagedBy -eq $usernamedn} -properties * | SE ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-ADComputer], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Comm
ands.GetADComputer
//So you put it as a string
PS C:\WINDOWS\system32> Get-ADComputer -Filter {ManagedBy -eq '$usernamedn'} -properties * | SELECT CN,ManagedBy
//Error
Get-ADComputer : Identity info provided in the extended attribute:
'ManagedBy' could not be resolved. Reason: 'Cannot find an object with
identity: '$usernamedn' under: 'DC=****,DC=*****'.'. At line:1 char:1
+ Get-ADComputer -Filter {ManagedBy -eq '$usernamedn'} -properties * | ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-ADComputer], ADIdentityResolutionException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityResolutionException
,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
//However if you replace the variable with the literal DistinguishedName...it will work
PS C:\WINDOWS\system32> Get-ADComputer -Filter {ManagedBy -eq 'CN=*******\, ***** *.,OU=********,OU=*****,OU=******,DC=*****,DC=******'} -properties * | SELECT CN,ManagedBy
//Result
CN ManagedBy
-- ---------
********* CN=**\, ** *.,OU=***,OU=***,OU=***,DC=***,DC=**
********* CN=**\, ** *.,OU=***,OU=***,OU=***,DC=***,DC=**
So I'm thinking my issue is that the Filter requires it to be string, but I can't figure out the right escape to make the variable read that way.
I tried to do the string formatting as well, but I don't completely understand that yet
Thanks,
I recommend using -LDAPFilter instead of -Filter and using an LDAP filter string:
Get-ADUser -LDAPFilter "(managedBy=$usernameDN)"
It is worth your while to learn the LDAP search filter syntax, since that's what PowerShell has to "translate" the -Filter into anyway.
This was simply an expression problem, your example works fine for me. You are just missing the () inside the {}.
Get-ADComputer -Filter {(ManagedBy -eq $usernameDN)} -properties * | SELECT CN,ManagedBy
I am trying to delete all users within an OU using powershell, I have the below which gets stuck when it comes to the SAMAccount name, I want it to delete all the found users.
What am I doing wrong here please?
$search="OU=Staff,OU=Users,DC=Testing, DC=Local"
$deletes= Get-ADUser -SearchBase $search -filter * -properties SamAccountName | Select-Object SamAccountName
$numusers=($deletes.count)
echo "$numusers Users Found"
foreach ($delete in $deletes)
{
echo "Deleting user account $delete . . . "
remove-aduser -identity $delete -confirm:$false
}
This is the output. Seemingly going wrong here -- Cannot convert the "#{SamAccountName=bbonhomme}"
7 Users Found
Deleting user account #{SamAccountName=bbonhomme} . . .
Remove-ADUser : Cannot bind parameter 'Identity'. Cannot convert value "#{SamAccountName=bbonhomme}" to type
"Microsoft.ActiveDirectory.Management.ADUser". Error: "Cannot convert the "#{SamAccountName=bbonhomme}" value of type
"Selected.Microsoft.ActiveDirectory.Management.ADUser" to type "Microsoft.ActiveDirectory.Management.ADUser"."
At C:\Users\Administrator\Desktop\import\getadusers.ps1:11 char:29
+ remove-aduser -identity #delete -confirm:$false
+ ~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Remove-ADUser], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.ActiveDirectory.Management.Commands.RemoveADUser
Replace the
$deletes= Get-ADUser -SearchBase $search -filter * -properties SamAccountName | Select-Object SamAccountName
by
$deletes= Get-ADUser -SearchBase $search -filter * -properties SamAccountName
Adding Select-Object implies converting ADUser "object" to "Psobject". By consequence subsequent command remove-ADuser does not recognize this type of object.
Replace also :
remove-aduser -identity $deletes -confirm:$false
By
remove-aduser -identity $delete.SamAccountName -confirm:$false
changed $deletes by $delete (you cannot specify a collection in -Identity parameter)
I am trying to get the AD user account via Powershell, I need to import the name from csv and retrieve their AD results.
The list is only stored with "Display Name"
test.csv
name
Peter Chan
John Wu
Tom Wong
PS script
$list = Import-Csv '.\test.csv'
foreach ($i in $list) {
Get-ADUser -Filter "Name -eq '$i.name'"
}
Error
Get-ADUser : Error parsing query: 'Name -eq #{name=Peter Chan}.name' Error Message: 'syntax error' at position: '10'.
At line:2 char:1
+ Get-ADUser -Filter "Name -eq $i.name"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Get-ADUser], ADFilterParsingException
+ FullyQualifiedErrorId : Error parsing query: 'Name -eq #{name=Peter Chan}.name' Error Message: 'syntax error' at
position: '10'.,Microsoft.ActiveDirectory.Management.Commands.GetADUser
When I run Get-ADUser -Filter "Name -like 'Peter Chan'" , I can get the result i want. It shows that it is a array type #{name=Peter Chan}.name, what should I need to change on the code?
Variables get expanded in strings not property expressions.
Change this:
Get-ADUser -Filter "Name -eq '$i.Name'"
TO
Get-ADUser -Filter "Name -eq '$($i.Name)'"
I am attempting to write some scripts to match a partial AD user account name into a get-aduser script to return the objects for another routine.
However, the command when executed it returning a parse error
The strange thing is that when checking the syntax of the output, it looks AOK:
PS C:\Users> $ADUserString = "dcro"
PS C:\Users> write-host get-aduser -filter "{SAMAccountName -like '"$ADUserString*'"}"
get-aduser -filter {SAMAccountName -like "dcro*"}
Note: I have used the right-tick character ` prepeding the quotes on the variable to keep them as a string value
So when executing the command:
PS C:\Users> get-aduser -filter "{SAMAccountName -like "$ADUserString*"}"
get-aduser : Error parsing query: '{SAMAccountName -like "dcro"}' Error Message: 'syntax error' at position: '1'.
At line:1 char:1
+ get-aduser -filter "{SAMAccountName -like "$ADUserString*"}"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Get-ADUser], ADFilterParsingException
+ FullyQualifiedErrorId : Error parsing query: '{SAMAccountName -like "dcro*"}' Error Message: 'syntax error' at position: '1'.,Microsoft.ActiveDirectory.Management.Commands.GetADUser*
However, if I manually type the output from my 'write-host' above, it executes perfectly fine and returns the results I am after:
PS C:\Users> get-aduser -filter {samaccountname -like "dcro*"}
DistinguishedName : CN=Dan*****,OU=A*****port,OU=Development*****************
Enabled : True
GivenName : D****
Name : D*****Cro****
ObjectClass : user
ObjectGUID : 796b**********413-558d*****d73
SamAccountName : dcro*****
SID : S-1******************67
Surname : Cro******
UserPrincipalName : dcro***********
It's pretty odd, and my feeling is that there are some weird special characters at play here.....
Try this:
$ADUserString = "dcro*"
write-host (Get-ADUser -Filter {SamAccountName -like $ADUserString} | Out-String)
Workaround I found was this (not so pretty).
$ADUserString = "dcro"
$AdUserStringWildCard = "$AdUserString*"
Get-ADUser -Filter {SamAccountName -like $AdUserStringWildCard}
Have you tried LDAPFilter anr instead? I know it tends to be iffy but might work in your scenario. It seems good at completing usernames.
Get-ADUser -LDAPFilter "(anr=$ADUserString)"