Get-ADUser -Filter string array

isaac-garvin · June 27, 2014, 4:43am

Just trying to simply get the Filter param for Get-ADUser to accept an array of strings for input but having a difficult time at it. Not familiar with tackling with arrays on Powershell. I figured it’d be just as easy as this:

$userarray = @("user1","user2","user3")

Get-ADUser -Filter {name -eq $userarray}

The funny thing is, it will accept the array var without error, but no output given (as if it found nothing matching). Verbose nor Debug params show anything, so I’m not sure if it’s just parsing the array in a strange manner or not. It will take the var if it’s just a single string value.

In any case, if this isn’t the way an array should be used in this situation, than what’s best practice?

Preemptive thanks!

adbertram · June 27, 2014, 5:04am

The -Filter param on each cmdlet uses that cmdlet’s provider to filter results vs. using something like -Include or Where-Object. You could get this done via Where-Object but I don’t recommend it since it’d be a lot slower.

You could do something like this:

$userarray = 'user1','user2',user3'
$filterstring = "samaccountname -eq '$($userarray -join "' -or samaccountname -eq '")'"
Get-AdUser -Filter $filterstring

That just creates a string from the contents of your user array.

donj · June 27, 2014, 5:04am

See the help file:

-filter

-Filter doesn’t accept an array. PowerShell is turning the array into a single-string delimited list, which is why it doesn’t work. You’ve got to run the command once for each filter you intend it to process.

mikefrobbins · June 27, 2014, 8:02am

Since you’re querying Active Directory to return a list of users based on exact matches of what’s in each element in the array, you can simply pipe the array to Get-ADUser. This will use the Identity parameter instead of the Filter parameter:

$userarray = @('user1','user2','user3')
$userarray | Get-ADUser -ErrorAction SilentlyContinue

I added -ErrorAction SilentlyContinue to ignore the ones that don’t exist in Active Directory otherwise they’ll generate errors. If you’re using this in a script, I recommend adding error handling instead of ignoring the errors.

Each element in the array would need to contain one of these for this to work:
– A Distinguished Name
– A GUID (objectGUID)
– A Security Identifier (objectSid)
– A SAM Account Name (sAMAccountName)

jaap_brasser · June 30, 2014, 3:57pm

What you could do if you have an array like yours is use it to construct a working filter, since what you are after here is you are trying to find an account that is either named 1 2 or 3 you could generated the following LDAP search filter. Note that this can also be done using the -Filter property, I’m using LDAP Filters because it is a personal preference of mine:

$userarray = 'user1','user2','user3'
$userarray | Foreach-Object -Begin {
    $LDAPFilter = '(|'
} -Process {
    $LDAPFilter += "(samaccountname=$_)"
} -End {
    $LDAPFilter += ')'
} 
Get-ADUser -LDAPFilter $LDAPFilter

So yes it is possible, but you’ll have to use your array to construct the filter yourself as I am by doing using the ForEach-Object cmdlet.

Topic		Replies	Views
Get-ADUser -Filter {String[] -eq String[]} - Possible? PowerShell Help	3	159	November 9, 2018
Get-ADUser from Array PowerShell Help	2	215	April 27, 2018
Using -filter with variables in string PowerShell Help	24	262	July 22, 2019
Get-ADuser in a function PowerShell Help	0	135	December 31, 2011
Get-aduser Filter QUESTION PowerShell Help	10	125	February 26, 2016

Get-ADUser -Filter string array

Related Topics