Get-ADuser dont work with varaible

Hello, we have a lot of users in the Active Directory. With the following query I would like to narrow it down and query it a little more.

My problem is that it returns all users in spite of variables, instead of searching only those in the variable.


$VW = “XXX”


$VWDomain = “


$groups = “$VW1”, “$VW2”, “$VW3”, “$VW5”

#User catch
$alluser=foreach ($group in $groups) {
Get-ADGroupMember $group | select samaccountname

#Here I get all user which are member of the groups before (around 8, perfect - thats what I want)

#Now I want to filter the 8 values, which are in the variable $alluser (user1, user2, user3,…). As soon as I do this, however, he searches me all users of the AD and I suddenly have 40 hits. I get now all user which got the domain, but I only want to look at the 8 hits.

$cleanuser = foreach ($user in $alluser) {
Get-ADUser -filter “userPrincipalName -like ‘*@$VWDomain’”


Welcome to the forum. :wave:t4:

That’s a common issue. Try it this way:

$VWDomain = '*'

Get-ADUser -Filter "userPrincipalName -like '$VWDomain'"

BTW: When you post code, sample data, console output or error messages please format it as code using the preformatted text button ( </> ). Simply place your cursor on an empty line, click the button and paste your code.

Thanks in advance

How to format code in <---- Click :point_up_2:t4: :wink:

H, tanks for your fast reply :slight_smile: - I have changed that, unfortunately I get this error

Get-ADUser : Fehler beim Analysieren der Abfrage: "userPrincipalName -like *" Fehlermeldung: "syntax error" an folgender Position: "25".
In Zeile:19 Zeichen:3
+   Get-ADUser -Filter "userPrincipalName -like $VWDomain"
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ParserError: (:) [Get-ADUser], ADFilterParsingException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

ah … ok … so we need the single quotes inside the filter string … changed my code suggestion above. Try now.

Now it works, but I got the same Problem:

$alluser=foreach ($group in $groups) {
Get-ADGroupMember $group | select samaccountname


This shows me 8 user



$clearuser = foreach ($user in $alluser) {

  Get-ADUser -Filter "userPrincipalName -like $VWDomain"


And then I get all User of the AD with the domain, but I expected max. 8 from the variable



You’re using a loop but you’re not using the loop variable. Actually this should be enough:

$clearuser = 
foreach ($user in $alluser) {
    Get-ADUser -Identity $($user.sAMAccountName)
Get-ADUser : Das Argument für den Parameter "Identity" kann nicht überprüft werden. Die Identitätseigenschaft des Arguments ist NULL oder leer.
In Zeile:19 Zeichen:24
+   Get-ADUser -Identity $user
+                        ~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser

But I need a filter for the 8 hits? :frowning:

Ah … ok … now I see … sometimes it’s hard to see it here in the forum … I changed my last code suggestion. We have to use a subexpression. :wink:

No Problem , Im happy that you support me :slight_smile:

And now in need for the loop a filter, that says only user (of the 8 hits) who got the domain

For Example:
user1 got as userPrincipalName
user4 got as userPrincipalName test@123

So user 4 should remove from $clearuser

Use a Where-Object!? :man_shrugging:t4: :wink: :slightly_smiling_face:

Get-ADUser -Identity $($user.sAMAccountName) | Where-Object "userPrincipalName -like $VWDomain"

I think that is not working :frowning:

??? Did you try?

Please always read the help including the examples for the cmdlets you’re about to use to learn how to use them.

Because the syntax is wrong.

Thanks, I opened the site already, but still dont get it

For Where-Object you always have several options. If you have only one condition you could do this:

Get-ADUser -Identity $($user.sAMAccountName) | 
    Where-Object -Property 'userPrincipalName' -Like -Value $VWDomain

or like this:

Get-ADUser -Identity $($user.sAMAccountName) | 
    Where-Object {$_.userPrincipalName -Like $VWDomain}

The latter one would be the option to go with when you have more than one condition to check.

I got it, Thank you :slight_smile: