How to Filter Select results?

mrpaulwass · August 8, 2018, 2:31pm

Hello, I’m a PS beginner! I’m trying to create a report and I want to filter out the results so I only get back certain companies (i.e. Company like “Paul”). When I try adding a -Filter to the Get-AdUser statement, it errors out with

Get-ADUser : Parameter set cannot be resolved using the specified named parameters.
At C:\Work\test.ps1:10 char:34
+ … tNames | % {Get-ADUser -Filter {Company -like “Paul”} -Identity $_.s …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: ( [Get-ADUser], ParameterBindingException
+ FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.ActiveDirectory.Management.Commands.GetADUser

$Details = $sAMAccountNames | % {Get-ADUser -Filter {Company -like “Paul”} -Identity $_.sAMAccountName -Properties DisplayName, LastlogonDate, Enabled, AccountLockoutTime, LastBadPasswordAttempt, BadPwdCount, LockedOut, Company, Description}

Here is my working code, but without the filter.

$LockedRpt = “c:\work\LockedAccounts.csv”

delete the existing output file

$exists = Test-Path $LockedRpt
If ($exists -like “True”)
{
Remove-Item $LockedRpt
}
Import-module ActiveDirectory -ErrorAction stop
$sAMAccountNames = Search-ADAccount -UsersOnly -LockedOut | Select SamAccountName
$Details = $sAMAccountNames | % {Get-ADUser -Identity $_.sAMAccountName -Properties DisplayName, LastlogonDate, Enabled, AccountLockoutTime, LastBadPasswordAttempt, BadPwdCount, LockedOut, Company, Description}
$Details | Select SamAccountName, DisplayName, LastlogonDate, Enabled, AccountLockoutTime, LastBadPasswordAttempt, BadPwdCount, LockedOut, Company, Description | Export-Csv c:\work\LockedAccounts.csv -NoTypeInformation

Thanks for any help!

donj · August 8, 2018, 3:01pm

You can’t use both -Identity and -Filter at the same time. The online docs (https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-aduser?view=win10-ps) have multiple “blocks” or parameter sets, and you can’t mix and match parameters between them.

mrpaulwass · August 8, 2018, 3:13pm

Is there a way to filter the results after the fact? On the select

$Details | Select SamAccountName, DisplayName, LastlogonDate, Enabled, AccountLockoutTime, LastBadPasswordAttempt, BadPwdCount, LockedOut, Company, Description | Export-Csv c:\work\LockedAccounts.csv -NoTypeInformation

donj · August 8, 2018, 3:21pm

You’d use Where-Object, not Select-Object.

rob-simmers · August 8, 2018, 6:44pm

One of the fundamental things about learning Powershell is the pipeline and how it works. The pipeline allows you to pass objects to another command. If you run the following command to get help:

Get-Help Get-ADUser -Full

You’ll see that -Identity accepts an ADUser and more importantly, pipeline input:

    -Identity 
        
        Required?                    true
        Position?                    0
        Accept pipeline input?       true (ByValue)
        Parameter set name           Identity
        Aliases                      None
        Dynamic?                     true

This basically means that if you pipe ADUser objects to Get-ADUser, it will automatically do a for loop for you. You’ll learn more about this when you start writing functions. This means that we can pipe directly from Search-ADAccount to Get-ADUser. Take a look at the modified script below:

$LockedRpt = "c:\work\LockedAccounts.csv"

If (Test-Path -Path $LockedRpt){
    Remove-Item -Path $LockedRpt -Force
}

Import-module ActiveDirectory -ErrorAction stop

$Details = Search-ADAccount -UsersOnly -LockedOut | 
           Get-ADUser -Properties DisplayName, 
                                  LastlogonDate, 
                                  Enabled, 
                                  AccountLockoutTime, 
                                  LastBadPasswordAttempt, 
                                  BadPwdCount, 
                                  LockedOut, 
                                  Company, 
                                  Description

$Details | Export-Csv -Path $LockedRpt -NoTypeInformation

mrpaulwass · August 9, 2018, 4:47am

Very cool. And then I was able to pipe again into Where-Object and only pull out what I needed. Thank you!

$LockedRpt = "c:\work\LockedAccounts.csv"
# delete the existing output file
$exists = Test-Path $LockedRpt
If ($exists -like "True")
{
Remove-Item $LockedRpt
}
Import-module ActiveDirectory -ErrorAction stop

$Details = Search-ADAccount -UsersOnly -LockedOut |
Get-ADUser -Properties DisplayName,
LastlogonDate,
Enabled,
AccountLockoutTime,
LastBadPasswordAttempt,
BadPwdCount,
LockedOut,
Company,
Description | Where-Object {$_.Company -like "*Paul*" -or $_.Description -like "*Paul*" }

$Details | Export-Csv -Path $LockedRpt -NoTypeInformation

Topic		Replies	Views
Get-ADUser -Filter error PowerShell Help	5	217	March 31, 2022
Get-aduser Filter QUESTION PowerShell Help	10	124	February 26, 2016
Get-ADUser errors out weirdly PowerShell Help	8	163	April 7, 2016
Get-ADUser with Multiple filters PowerShell Help	5	455	June 24, 2020
Get "something" as a result in second column PowerShell Help	5	137	November 29, 2017

How to Filter Select results?

delete the existing output file

Related Topics