Inconsistent Behavior with Get-ADGroup

I am working on a script for a company to decommission old VMware Servers. Part of this is to remove the A.D. object, any Security Groups associated with the server name, DNS entries, etc. Most of the script is working, but the deletion of security groups is giving me fits. Security groups for the server are usually along the lines of _RDP, _LocalAdmins, _UserAccess_DL, etc. So this works just fine for finding all of the associated groups:

[PRE]

Get-ADGroup -Filter {(name -like “MyServer7101*”)} | Out-GridView

[/PRE]

However, this does not work:

[PRE]

$sMachine = “MyServer7101”

Get-ADGroup -Filter {(name -like “$($sMachine)*”)} | Out-GridView

[/PRE]

I even tried something like this, but no joy:

[PRE]

$sMachine = “MyServer7101”

Get-ADGroup -Filter {(name -like “$($sMachine)RDP”)} | Out-GridView

[/PRE]

This does work, but obviously is going to be very slow (10 seconds rather than sub-one second), so is not my first choice.

[PRE]

Get-ADGroup -Filter * | where {$_.Name -match $sMachine} | Out-GridView

[/PRE]

Just curious if I am somehow borking the syntax. I have looked up examples online and they all seem to be the same way I am doing it, but using hard-coded strings rather than a variable. I did not find any examples using a variable in a for loop.

 

Use the filter parameter without scriptblock and no need to use the Subexpressions until you have to access any properties of members of an object.

$sMachine = "MyServer7101"
Get-ADGroup -Filter "name -like '$sMachine*'" | Out-GridView

below links will help you in using code posting tags to post code.

To expand on kvprasoon comment.

As far as I know it’s not an inconsistancy with the Get-ADGroup cmdlet.
The gotcha is the -filter property and what it expects.
The same “issue” is there with Get-ADUser and other cmdlets.

So when using the -filter option, make sure it is or ‘becomes’ a valid single string in the end.

E.g.
Changing:

$sMachine = "MyServer7101"

Get-ADGroup -Filter {(name -like "$($sMachine)*")} | Out-GridView

To:

$sMachine = "MyServer7101"

Get-ADGroup -Filter {("name -like '$($sMachine)*'")} | Out-GridView

The online doc’s own examples are inconsistent. Example 2’s filter is a string, and example 4’s filter is a script block. https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-aduser?view=win10-ps

As I mentioned it’s the -filter option that is inconsistent.
Yes Example 4 works and I would speculate that it’s because it’s a simple “hardcoded” string.
{Name -eq $user} works as well.
But do {Name -eq “$user”} and you have a space in the variable, then you need to add single quotes etc.

I’m speculating that it’s the “internal” parser of the -filter option that is limited in functionality or have some “hidden features”.

Without testing a bunch of different variations I would say the following.
If you keep it very simple and think of the filter as a string, then it’s more likely that the filter will work.