Active Directory – Search for a particular value in name of MEMBER OF

Welcome Forums General PowerShell Q&A Active Directory – Search for a particular value in name of MEMBER OF

Viewing 8 reply threads
  • Author
    Posts
    • #278502
      Participant
      Topics: 1
      Replies: 5
      Points: 26
      Rank: Member

      In Active Directory, Would like to look at all users in one particular OU,

      Look at value in: MEMBER OF,

      Get all members that contain “Something” in value in name of MEMBER OF

      then show user’s name and the value in name of MEMBER OF.

      I know I would use like this:

      -searchbase “OU=Somethingx,OU=Something,OU=Something,DC=Something,DC=Something,DC=net”

      I am pretty green at this, I am studying several books.

      Then, later I want to search several OU ‘s   and the output would show OU, Name of user,  Name & whole value in  name of MEMBER OF   which contains “Something”

      I think I would use this? Get-ADGroupMember

      Thanks, This would be useful for us here at work.

    • #278511
      Participant
      Topics: 17
      Replies: 1951
      Points: 3,986
      Helping Hand
      Rank: Community Hero

      MemberOf is a property of a user, so you need to specify that you want that when performing the query. Once you have the user information including MemberOf, then you can just filter the array:

      Ideally, you want to filter left meaning rather than returning all users with Filter * and then filtering, it’s better to Filter to only get what you want from Get-ADUser. Per Richard Meuller on this forum:

      You cannot use a wildcard in a filter with any DN syntax attribute, like memberOf, member, or distinguishedName. You can only use the -eq and -ne operators with DN syntax attributes. The only workaround is to pipe to a Where clause.

      But that is only the -Filter param with that limitation, I think that you can also use the LDAP filter to only return what you want like so:

      Do not have AD in front of me at the moment, but should be close.

    • #278532
      Participant
      Topics: 1
      Replies: 5
      Points: 26
      Rank: Member

      Rob Simmers,

      In the book I am studying very hard, Learn PowerShell In a Month of Lunches, Don Jones says to Filter Left, yes.   And I know enough from page 114 in his book to recognize a hash table and script block.  But I had to go to his PowerShell in Depth book to really understand  a hash table and script block.

      I am not sure how all the above fits together but I will work with it .  This looks good, I am encouraged.  I will try this tonight and let you know how it is going.

      Many Thanks,

    • #278541
      Participant
      Topics: 17
      Replies: 1951
      Points: 3,986
      Helping Hand
      Rank: Community Hero
    • #278571
      Participant
      Topics: 1
      Replies: 5
      Points: 26
      Rank: Member

      Rob Simmers,

      I have tried it.  And I am studying Where-Object -FilterScript.   Where-Object help says: Selects objects from a collection based on their property values.

      Is this what allows more than one object in MEMBEROF   to be examined by Powershell?    Is this the proper terminology:  All the objects’ property values of  MEMBEROF  ??

      The commands result is that MemberOf  is added to the usual Properties shown.  And it shows the values on   -some of them.  For Some of the values, it only shows a location!    Don’t know why yet.  It may be that the value for the Group is not in the OU specified in the filtering.

      I have only studied splatting a little, I must go study it thoroughly.   And LDAP is a mystery to me but I will study it.

      It does select only the users that have that value in MEMBEROF.     I have compared the results by looking at the GUI  in Active Directory.  This is great.

      I will show you as soon as I learn how to past code in here properly.

    • #278574
      Participant
      Topics: 1
      Replies: 5
      Points: 26
      Rank: Member

      Rob Simmers,

      I have tried it.  And I am studying Where-Object -FilterScript.   Where-Object help says: Selects objects from a collection based on their property values.

      Is this what allows more than one object in MEMBEROF   to be examined by Powershell?    Is this the proper terminology:  All the objects’ property values of  MEMBEROF  ??

      The commands result is that MemberOf  is added to the usual Properties shown.  And it shows the values on   -some of them.  For Some of the values, it only shows a location!    Don’t know why yet.  It may be that the value for the Group is not in the OU specified in the filtering.

      I have only studied splatting a little, I must go study it thoroughly.   And LDAP is a mystery to me but I will study it.

      It does select only the users that have that value in MEMBEROF.     I have compared the results by looking at the GUI  in Active Directory.  This is great.

      I will show you as soon as I learn how to paste code in here properly.

    • #278823
      Participant
      Topics: 17
      Replies: 1951
      Points: 3,986
      Helping Hand
      Rank: Community Hero

      There is a lot to learn. Think of a basic object as an array of hashtables (it is more complex than this, but for simplistic visuals):

      There is an array called object, we are adding a hash table. A hash table has unique keys, so for instance you cannot have two Name keys in the same hashtable. We want to collect information on multiple things usually, users, computers, etc., so we have a PSObject that allows us to have an array of hashtables. The above example is flat, one key with one value. There are two keys to filter on, Name and Hobby and then there are comparison operators (-eq, -like, -ne, etc.) and logical operators (-and, -or, etc.). This allows you to search with Where-Object to find exactly what you are looking for:

      When you get into things like MemberOf, that is a multi-value attribute (there are several AD Properties like otherMail that are multi-value), which is an array typically. So, our folks above have more than one hobby just like someone has more that one AD Group:

      This allows you to use the same operators as above to filter result. This of course can get more complicated with object nested in objects, but it’s important to understand the basic structure of data to ensure you are filtering correctly. The Hobby values are now surrounded by curly brackets to indicate an array:

      But Powershell makes it easy to use the same filters:

    • #278829
      Participant
      Topics: 1
      Replies: 5
      Points: 26
      Rank: Member

      Rob Simmers,

      Yes, indeed, there is a lot to learn.  I am busy today at work.  I will reply more later.  Many thanks, Rob.

    • #279657
      Participant
      Topics: 1
      Replies: 5
      Points: 26
      Rank: Member

      Rob Simmers,

      Suddenly, I am working 12 hour days at work.  I will have to go over your replies at a later time.  You got me started.  I appreciate it.  I have been experimenting and learning from what you showed me.  I need to study more so I can be fluent.  I know the syntax and how to use help.  But lots of the help and other explanatory texts from books are difficult because it is so foreign to me.  Hash Tables were a big mystery, I studied hash tables for several days and it was very rewarding when the light bulb finally came on.   The light bulb still hasn’t come on about Objects.  Don Jones says it is a Row.    I have read from many sources and I know I will get it.  I will keep after it.  I will follow up later.

Viewing 8 reply threads
  • You must be logged in to reply to this topic.