Hello, we have a lot of users in the Active Directory. With the following query I would like to narrow it down and query it a little more.
My problem is that it returns all users in spite of variables, instead of searching only those in the variable.
$VW = “XXX”
$VWDomain = “test.com ”
$groups = “$VW1”, “$VW2”, “$VW3”, “$VW5”
#User catch
#Here I get all user which are member of the groups before (around 8, perfect - thats what I want)
#Now I want to filter the 8 values, which are in the variable $alluser (user1, user2, user3,…). As soon as I do this, however, he searches me all users of the AD and I suddenly have 40 hits. I get now all user which got the domain test.com , but I only want to look at the 8 hits.
$cleanuser = foreach ($user in $alluser) {
$clearuser
Olaf
July 21, 2022, 7:12am
2
LewisLH44,
That’s a common issue. Try it this way:
$VWDomain = '*@test.com'
Get-ADUser -Filter "userPrincipalName -like '$VWDomain'"
BTW: When you post code, sample data, console output or error messages please format it as code using the preformatted text button ( </> ). Simply place your cursor on an empty line, click the button and paste your code.
Thanks in advance
How to format code in PowerShell.org <---- Click
H, tanks for your fast reply
Get-ADUser : Fehler beim Analysieren der Abfrage: "userPrincipalName -like *@test.com" Fehlermeldung: "syntax error" an folgender Position: "25".
In Zeile:19 Zeichen:3
+ Get-ADUser -Filter "userPrincipalName -like $VWDomain"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Get-ADUser], ADFilterParsingException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
Olaf
July 21, 2022, 7:37am
4
ah … ok … so we need the single quotes inside the filter string … changed my code suggestion above. Try now.
Now it works, but I got the same Problem:
$alluser=foreach ($group in $groups) {
$alluser
This shows me 8 user
user1
$clearuser = foreach ($user in $alluser) {
Get-ADUser -Filter "userPrincipalName -like $VWDomain"
}
$clearuser
And then I get all User of the AD with the domain, but I expected max. 8 from the variable
user1
Olaf
July 21, 2022, 7:42am
6
You’re using a loop but you’re not using the loop variable. Actually this should be enough:
$clearuser =
foreach ($user in $alluser) {
Get-ADUser -Identity $($user.sAMAccountName)
}
$clearuser
Get-ADUser : Das Argument für den Parameter "Identity" kann nicht überprüft werden. Die Identitätseigenschaft des Arguments ist NULL oder leer.
In Zeile:19 Zeichen:24
+ Get-ADUser -Identity $user
+ ~~~~~
+ CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser
But I need a filter for the 8 hits?
Olaf
July 21, 2022, 7:50am
8
Ah … ok … now I see … sometimes it’s hard to see it here in the forum … I changed my last code suggestion. We have to use a subexpression.
No Problem , Im happy that you support me
And now in need for the loop a filter, that says only user (of the 8 hits) who got the domain test.com
For Example:test@test.com
So user 4 should remove from $clearuser
Get-ADUser -Identity $($user.sAMAccountName) | Where-Object "userPrincipalName -like $VWDomain"
I think that is not working
Olaf
July 21, 2022, 8:05am
12
LewisLH44:
I think
??? Did you try?
Please always read the help including the examples for the cmdlets you’re about to use to learn how to use them.
LewisLH44:
is not working
Because the syntax is wrong.
The Where-Object cmdlet selects objects that have particular property values from the collection of objects that are passed to it. For example, you can use the Where-Object cmdlet to select files that were created after a certain date, events with a...
Thanks, I opened the site already, but still dont get it
Olaf
July 21, 2022, 8:34am
14
LewisLH44:
but still dont get it
For Where-Object you always have several options. If you have only one condition you could do this:
Get-ADUser -Identity $($user.sAMAccountName) |
Where-Object -Property 'userPrincipalName' -Like -Value $VWDomain
or like this:
Get-ADUser -Identity $($user.sAMAccountName) |
Where-Object {$_.userPrincipalName -Like $VWDomain}
The latter one would be the option to go with when you have more than one condition to check.
- I have changed that, unfortunately I get this error
