I am running a script which takes a person's first and last name from an SAP extract, and reads AD to get their UPN. For most people, this works; however there are a bunch of users whose first name is an issue. For instance "Philip Davies" (names changed to protect the innocent) in SAP is "Phil Davies" in AD. So: I have used the following command and it works:
Code:
Get-ADUser -SearchBase "OU=CBC Users,DC=cbc,DC=int" -Filter {GivenName -eq "Phil" -and Surname -eq "Davies"}
I then realised I can check for the first three characters which will NORMALLY be the same in the contracted name... so I did this which also works:
Code:
Get-ADUser -SearchBase "OU=CBC Users,DC=cbc,DC=int" -Filter {GivenName -like "Phi*" -and Surname -eq "Davies"}
Next step: variables; so I try this and it works:
Code:
$fna="Phil"
Get-ADUser -SearchBase "OU=CBC Users,DC=cbc,DC=int" -Filter {GivenName -eq $fna -and Surname -eq "Davies"}
But if I try this:
Code:
$fna="Philip"
$fna=$fna.Substring(0,3)
Get-ADUser -SearchBase "OU=CBC Users,DC=cbc,DC=int" -Filter {GivenName -like $fna* -and Surname -eq "Davies"}
I get no result. It doesn't matter if I use brackets, double-quotes, single-quotes, anything. As soon as I try to parse a variable AND use a wildcard, it either produces an error message or no result.
Can anyone please help me with this either by using the "-ldapfilter" method or telling me how to parse AND wildcard?
Thanks
You should not use the wildcard with a variable since you wish to check it with a name which is a string. So what you can do is directly wrap the string with the wildcard and store the final thing in a variable like:
$fna="Philip"
$fna="$($fna.Substring(0,3))*"
Get-ADUser -SearchBase "OU=CBC Users,DC=cbc,DC=int" -Filter {GivenName -like $fna -and Surname -eq "Davies"}
or you can use the LDAP Filter directly like :
Get-ADUser -SearchBase "OU=CBC Users,DC=cbc,DC=int" -LDAPFilter "(&(GivenName=$fna)(Sn=Davies))"
Hope it helps.
Related
I want this query to only return enabled users who have a name matching "marketing" or "accounting". However, when I run this it's returning disabled users as well? What am I missing? From my research this is what I came up with but it's not working.
Get-ADuser -filter {(Name -like "*marketing*") -or (Name -like "*accounting*") -and (Enabled -eq "true")} -Properties *
Thanks for any advice!
In Boolean logic in general, AND takes precedence over OR. In other words, AND operations are evaluated first, before OR.
So that command is really asking for accounts where either:
The name contains "marketing", or
The name contains "accounting" and is enabled
To get the results you want, you need to enclose the entire -or expression in parentheses to force it to evaluate it first, and leave the -and outside the parentheses:
Get-ADuser -Filter {(Name -like "*marketing*" -or Name -like "*accounting*") -and Enabled -eq "true"} -Properties *
As mentioned in the comments above, the documentation tells us that the -Filter parameter is technically a string. So if you give it a script block ({ }), PowerShell does some translation on it to convert it to a string. Sometimes that translation can go wrong, so you're often better off giving it the string it should be, which would look something like this:
Get-ADuser -Filter "(Name -like '*marketing*' -or Name -like '*accounting*') -and Enabled -eq 'true'" -Properties *
I am trying to run the get-aduser query below and I keep getting the error Get-AdUser Cannot convert to the type system.string. Any idea what might be the problem? TIA
$Base = (Get-ADOrganizationalUnit -Filter {(Name -like "Department")}).DistinguishedName
Get-ADUser -Filter * -SearchBase $Base -Properties Name
I tested this, and I can confirm that if your call to Get-ADOrganizationalUnit returns more than one OU, then the DistinguishedName property will be an array rather than a plain string. So you will need to change your call to Get-ADOrganizationalUnit so that it returns only one.
You can do that by either using the -ResultSetSize parameter to only use the first result:
$Base = (Get-ADOrganizationalUnit -Filter {(Name -like "Department")} -ResultSetSize 1).DistinguishedName
Or change the Filter so that it matches only one OU. I assume you're using -like because you're using a wildcard in your actual code, so you probably just have to be more specific.
Update: If you want users from all the matched OUs, then you can use ForEach-Object:
Get-ADOrganizationalUnit -Filter {(Name -like "Department")} |
ForEach {
Get-ADUser -Filter * -SearchBase $_.DistinguishedName -Properties Name
}
The script below lists some user details, it works only in case I've entered the EXACT user name. Is there a method I could use to get results if I type a partial username?
I mean if for example I enter "elibukin" or "eli.buk" instaed of "eli.bukin" witch is the correct username.
do {
Write-Host "Who r we looking for ? (type EXIT when u done)"
$User = Read-Host
Get-ADUser $User -Properties * |
fl empl*,title, sam*, disp*, mail*, manager*, depa*, giv*, l, last*,
logon*, when*
} until ($user -eq "exit")
I would use -LDAPFilter with ambiguous name resolution (ANR).
Get-ADUser -LDAPFilter "(anr=smith)"
See https://support.microsoft.com/en-us/kb/243299 for more information about ANR.
I have actually worked on a script much like this. I used the -like operator to accommodate partial matches. However, this might give you more than one result.
Get-ADUser -Filter ("SamAccountName -like '*$user*'")
Or use something of this format to narrow down your result:
Get-ADUser -Filter ("SamAccountName -like '*$user*' -and Name -like '*$FirstName*' -and Surname -like '*$Lastname*'")
Use -or instead of -and for a broader result.
If you want fuzzy matching use the parameter -Filter with the -like operator:
do {
$user = Read-Host -Prompt 'Who are we looking for (type EXIT when done)'
if ($user -ne 'exit') {
Get-ADUser -Filter "SamAccountName -like '*$User*'" -Properties * |
Format-List empl*,title, sam*, disp*, mail*, manager*, depa*, giv*, l,
last*, logon*, when*
}
} until ($user -eq "exit")
I try to filter out something like this:
Get-ADComputer -Filter {name -like "chalmw-dm*" -and Enabled -eq "true"} ...
This works like a charm and gets exactly what I want...
Now I want the "name -like ..." part as a variable like this:
Get-ADComputer -Filter {name -like '$nameregex' -and Enabled -eq "true"} |
I checked several questions (for example, PowerShell AD Module - Variables in Filter), but this isn't working for me.
I tried it with the following:
$nameRegex = "chalmw-dm*"
$nameRegex = "`"chalmw-dm*`""
And also in the Get-ADComputer command with those ' and without.
Could anyone give me some hints?
You don't need quotes around the variable, so simply change this:
Get-ADComputer -Filter {name -like '$nameregex' -and Enabled -eq "true"}
into this:
Get-ADComputer -Filter {name -like $nameregex -and Enabled -eq "true"}
Note, however, that the scriptblock notation for filter statements is misleading, because the statement is actually a string, so it's better to write it as such:
Get-ADComputer -Filter "name -like '$nameregex' -and Enabled -eq 'true'"
Related. Also related.
And FTR: you're using wildcard matching here (operator -like), not regular expressions (operator -match).
Add double quote
$nameRegex = "chalmw-dm*"
-like "$nameregex" or -like "'$nameregex'"
Try this:
$NameRegex = "chalmw-dm"
$NameR = "$($NameRegex)*"
Get-ADComputer -Filter {name -like $NameR -and Enabled -eq $True}
Or
-like '*'+$nameregex+'*'
if you would like to use wildcards.
I'm trying to write a simple powershell script.
Get-ADuser -Filter {GivenName -eq $GivenName $hateList} -SearchBase $Container -Properties displayName,telephoneNumber,department|ForEach-Object {"FullName`t: $($_.displayName)`r`nPhone`t`t: $($_.telephoneNumber)`r`nDepartment`t: $($_.department)`r`n"}
The error what I got:
Get-ADUser : Error parsing query: 'GivenName -eq $GivenName $hateList' Error Message: 'syntax error' at position: '26'.
So the problem is that the variables aren't substituted with their values. What do I do wrong?
You Filter parameter is not right. If you want to have GivenName be equal to $GivenName you should do it like this:
{GivenName -eq $GivenName}
If you want it to be equal to $GivenName or $hateList, whatever it is, you should try something like:
{(GivenName -eq $GivenName) -or (GivenName -eq $hateList)}
Check this link for more filter:
http://technet.microsoft.com/en-us/library/ee617241.aspx
You can first get list of users with filter like this:
{GivenName -eq $GivenName}
And the do some post processing:
$users | Where-Object { $hateList -notcontains $_.cn }
If variable expansion doesn't work when passing the variable, try to pass it enclosed in quotes:
{GivenName -eq "$GivenName"}