Powershell variables in Get-AdUser - powershell

I'm trying to write a simple powershell script.
Get-ADuser -Filter {GivenName -eq $GivenName $hateList} -SearchBase $Container -Properties displayName,telephoneNumber,department|ForEach-Object {"FullName`t: $($_.displayName)`r`nPhone`t`t: $($_.telephoneNumber)`r`nDepartment`t: $($_.department)`r`n"}
The error what I got:
Get-ADUser : Error parsing query: 'GivenName -eq $GivenName $hateList' Error Message: 'syntax error' at position: '26'.
So the problem is that the variables aren't substituted with their values. What do I do wrong?

You Filter parameter is not right. If you want to have GivenName be equal to $GivenName you should do it like this:
{GivenName -eq $GivenName}
If you want it to be equal to $GivenName or $hateList, whatever it is, you should try something like:
{(GivenName -eq $GivenName) -or (GivenName -eq $hateList)}
Check this link for more filter:
http://technet.microsoft.com/en-us/library/ee617241.aspx
You can first get list of users with filter like this:
{GivenName -eq $GivenName}
And the do some post processing:
$users | Where-Object { $hateList -notcontains $_.cn }

If variable expansion doesn't work when passing the variable, try to pass it enclosed in quotes:
{GivenName -eq "$GivenName"}

Related

Powershell Filter ADgroups the right way

Hi im trying to Filter AD-Groups by a string i defined in a variable:
$groupname="string"
Get-ADGroup -filter {GroupCategory -eq "security" -and Name -like ($sgroup_name+"*")}
How do i do this the right way?
String expansion doesn't work well with the -Filter parameter when passing it a script block - use a string filter instead:
$groupname = "string"
Get-ADGroup -Filter "GroupCategory -eq 'security' -and Name -like '${groupname}*'"

Get-ADUser with multiple filters & variables

I'm trying to get AD users into a variable using multiple filters. However one of the filters has variables in it & I can't get it to work... I have searched for similar issues & tried applying those but nothing seems to work.
$FilterBase = "department"
$Filter = "IT"
$ADusers = Get-ADUser -ResultSetSize $null -SearchBase "OU=Users,DC=mydomain,DC=com" -Properties * -Filter {(Enabled -eq $True) -and ($FilterBase -like $Filter) -and (cn -notlike ""SMB_*"")} |
Select-Object distinguishedName |
Sort-Object distinguishedName
I'm trying to fill $ADusers with all enabled users whose commonname doesn't start with "SMB_" (don't ask) & where the department is IT. I used -like to prevent issues if the values in AD would have different casings (uppercase, lowercase, mixed case, ...).
The reason that I'm using variables for this is because in the end the script will be dynamic. At some point $FilterBase is going to be "company" instead of "department" and $Filter is going to be "HR" instead of "IT" etc...
But I just can't seem to get it to work:
Get-ADUser : Error parsing query: '(Enabled -eq $True) -and ($FilterBase -like $Filter) -and (cn -notlike ""SMB_*"")' Error Message: 'syntax error' at position: '74'.
At line:4 char:12
I have tried using quotes around the variables like "$Filter", "$($Filter)", ' $Filter ' but alas. And I know it's not best practice to use variables in Filter but I can't think of any other way to accomplish this.
Any suggestions?
the error has the key to the answer. I'm sure I'll find this again and use it myself because I look this up every year or so...
Error parsing query: '(Enabled -eq $True)...'
In this case the filter needs a simple string 'True' which the variable $True does equal.
Two options will work, either
Enabled -eq 'True'
or
Enabled -eq '$True'
but
Enabled -eq $True
will not.
This should work
Replaced the braces with double quotes so inside them the variables still parse
Put single quotes around all strings and variables that resolve into strings
'$True'
'$Filter'
'SMB_*'
$FilterBase = "department"
$Filter = "IT"
$ADusers = Get-ADUser -ResultSetSize $null -SearchBase "OU=Users,DC=mydomain,DC=com" -Properties CN -Filter "(Enabled -eq '$True') -and ('$FilterBase' -like '$Filter') -and (CN -notlike 'SMB_*')" |
Select-Object distinguishedName |
Sort-Object distinguishedName
Important to note the above syntax highlighting will make the sample above look wrong because it misses the tokens like $FilterBase and $Filter when there are inside single quotes inside double quotes. Remember that single quotes are just apostrophes when inside double quotes, therefore the tokens should be colored differently and not look like strings.
> "('$FilterBase' -like '$Filter')"
('department' -like 'IT')
Paste a sample like above and see what it resolves to - best way to figure it out.
its just simply syntax error.
$enabled = 'Enabled'
$EnabledTrueOrFalse = $true
$SN = 'Surname'
$surname = "Doe"
$OU = "OU=Users,DC=mydomain,DC=com"
Get-ADuser -filter{$enabled -eq $EnabledTrueOrFalse -and $SN -eq $surname} -SearchBase $OU -Properties * | Select-Object distinguishedName | Sort-Object distinguishedName
read more about it here
Thanks for the tips guys. I couldn't get it to work with multiple filters so I moved some filters to the where clause.
My current (working) code is now:
$FilterBase = "department"
$Filter = "IT"
$ADusers = Get-ADUser -ResultSetSize $null -SearchBase "OU=Users,DC=mydomain,DC=com" -Properties * -Filter "$FilterBase -like `"$Filter`"" |
Where {$_.Enabled -eq $True -and $_.CN -notlike "SMB_*"} |
Select-Object distinguishedName |
Sort-Object distinguishedName

Get-ADUser -filter parsing

I am running a script which takes a person's first and last name from an SAP extract, and reads AD to get their UPN. For most people, this works; however there are a bunch of users whose first name is an issue. For instance "Philip Davies" (names changed to protect the innocent) in SAP is "Phil Davies" in AD. So: I have used the following command and it works:
Code:
Get-ADUser -SearchBase "OU=CBC Users,DC=cbc,DC=int" -Filter {GivenName -eq "Phil" -and Surname -eq "Davies"}
I then realised I can check for the first three characters which will NORMALLY be the same in the contracted name... so I did this which also works:
Code:
Get-ADUser -SearchBase "OU=CBC Users,DC=cbc,DC=int" -Filter {GivenName -like "Phi*" -and Surname -eq "Davies"}
Next step: variables; so I try this and it works:
Code:
$fna="Phil"
Get-ADUser -SearchBase "OU=CBC Users,DC=cbc,DC=int" -Filter {GivenName -eq $fna -and Surname -eq "Davies"}
But if I try this:
Code:
$fna="Philip"
$fna=$fna.Substring(0,3)
Get-ADUser -SearchBase "OU=CBC Users,DC=cbc,DC=int" -Filter {GivenName -like $fna* -and Surname -eq "Davies"}
I get no result. It doesn't matter if I use brackets, double-quotes, single-quotes, anything. As soon as I try to parse a variable AND use a wildcard, it either produces an error message or no result.
Can anyone please help me with this either by using the "-ldapfilter" method or telling me how to parse AND wildcard?
Thanks
You should not use the wildcard with a variable since you wish to check it with a name which is a string. So what you can do is directly wrap the string with the wildcard and store the final thing in a variable like:
$fna="Philip"
$fna="$($fna.Substring(0,3))*"
Get-ADUser -SearchBase "OU=CBC Users,DC=cbc,DC=int" -Filter {GivenName -like $fna -and Surname -eq "Davies"}
or you can use the LDAP Filter directly like :
Get-ADUser -SearchBase "OU=CBC Users,DC=cbc,DC=int" -LDAPFilter "(&(GivenName=$fna)(Sn=Davies))"
Hope it helps.

Get-ADUser for not exact username

The script below lists some user details, it works only in case I've entered the EXACT user name. Is there a method I could use to get results if I type a partial username?
I mean if for example I enter "elibukin" or "eli.buk" instaed of "eli.bukin" witch is the correct username.
do {
Write-Host "Who r we looking for ? (type EXIT when u done)"
$User = Read-Host
Get-ADUser $User -Properties * |
fl empl*,title, sam*, disp*, mail*, manager*, depa*, giv*, l, last*,
logon*, when*
} until ($user -eq "exit")
I would use -LDAPFilter with ambiguous name resolution (ANR).
Get-ADUser -LDAPFilter "(anr=smith)"
See https://support.microsoft.com/en-us/kb/243299 for more information about ANR.
I have actually worked on a script much like this. I used the -like operator to accommodate partial matches. However, this might give you more than one result.
Get-ADUser -Filter ("SamAccountName -like '*$user*'")
Or use something of this format to narrow down your result:
Get-ADUser -Filter ("SamAccountName -like '*$user*' -and Name -like '*$FirstName*' -and Surname -like '*$Lastname*'")
Use -or instead of -and for a broader result.
If you want fuzzy matching use the parameter -Filter with the -like operator:
do {
$user = Read-Host -Prompt 'Who are we looking for (type EXIT when done)'
if ($user -ne 'exit') {
Get-ADUser -Filter "SamAccountName -like '*$User*'" -Properties * |
Format-List empl*,title, sam*, disp*, mail*, manager*, depa*, giv*, l,
last*, logon*, when*
}
} until ($user -eq "exit")

Using "-Filter" with a variable

I try to filter out something like this:
Get-ADComputer -Filter {name -like "chalmw-dm*" -and Enabled -eq "true"} ...
This works like a charm and gets exactly what I want...
Now I want the "name -like ..." part as a variable like this:
Get-ADComputer -Filter {name -like '$nameregex' -and Enabled -eq "true"} |
I checked several questions (for example, PowerShell AD Module - Variables in Filter), but this isn't working for me.
I tried it with the following:
$nameRegex = "chalmw-dm*"
$nameRegex = "`"chalmw-dm*`""
And also in the Get-ADComputer command with those ' and without.
Could anyone give me some hints?
You don't need quotes around the variable, so simply change this:
Get-ADComputer -Filter {name -like '$nameregex' -and Enabled -eq "true"}
into this:
Get-ADComputer -Filter {name -like $nameregex -and Enabled -eq "true"}
Note, however, that the scriptblock notation for filter statements is misleading, because the statement is actually a string, so it's better to write it as such:
Get-ADComputer -Filter "name -like '$nameregex' -and Enabled -eq 'true'"
Related. Also related.
And FTR: you're using wildcard matching here (operator -like), not regular expressions (operator -match).
Add double quote
$nameRegex = "chalmw-dm*"
-like "$nameregex" or -like "'$nameregex'"
Try this:
$NameRegex = "chalmw-dm"
$NameR = "$($NameRegex)*"
Get-ADComputer -Filter {name -like $NameR -and Enabled -eq $True}
Or
-like '*'+$nameregex+'*'
if you would like to use wildcards.