Author Posts

June 15, 2017 at 2:37 pm

Hi Guys,

Im trying to do a case sensitive search of AD. Basically old accounts used to use Capital Letters in their login name. I would like to find any records that have a capital letter and then i can put it into a report.

So far i have:

 

Import-Module ActiveDirectory

Get-ADUser -filter { name -ceq "A" } 

I would like to get this to work, before i try and work out how to go through a loop of all alphabetical characters. I get the following error:

 
Get-ADUser : Error parsing query: ' name -clike "A" ' Error Message: 'Operator Not supported: -clike' at position: '7'.
At line:6 char:1
+ Get-ADUser -filter { name -clike "A" }
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ParserError: (:) [Get-ADUser], ADFilterParsingException
    + FullyQualifiedErrorId : Error parsing query: ' name -clike "A" ' Error Message: 'Operator Not supported: -clike' at p 
   osition: '7'.,Microsoft.ActiveDirectory.Management.Commands.GetADUser

Do i have the operator wrong? I was under the impress adding "c" would make it case Sensitive, rather than powershells default insensitive nature?

Any help would be greatly received 😀

June 15, 2017 at 2:41 pm

The PowerShell command actually has to "translate" the PowerShell operators into something AD itself understands. -clike is obviously one that the command doesn't support :(.

Although the -like operators are only really useful when you include a wildcard, as in "A*".

Anyway.

Because you need this to be case-sensitive, you may end up having to write a native LDAP query, and use -LdapFilter instead of -Filter.

June 15, 2017 at 2:43 pm

Probably you could use a Where-Object pipe with a regex match like '^[A-Z].*' for the SamAccountName.

June 15, 2017 at 2:43 pm

Thank you Don, i will go ahead and use LdapFilter and see if i can get something going!

June 16, 2017 at 8:04 am

Hi Olaf,

So i tried to incorperate some REGEX, but i'm not sure if i have it completely correct, could you have a peek for me?


import-module ActiveDirectory

Get-ADUser -Filter * -SearchBase " CN=Students,DC=***,DC=***" -Properties GivenName, SamAccountName |

Where-object {$_.SamAccountName -cmatch '^[A-Z].*'} | Select GivenName, SamAccountName |

Export-csv C:\CaseSensitive.csv  -NoTypeInformation

It exports the CSV, but it's empty, so probably my regex isn't quite right?

June 16, 2017 at 10:18 am

Chris,
I tried it in my environment and it works actually ...

Get-ADUser -Filter * -SearchBase "OU=***,DC=***,DC=***" -OutVariable AllUsers |
Where-Object {$_.SamAccountName -cmatch '^[A-Z]'} -OutVariable VersalUsers | 
Select-Object -Property GivenName, SamAccountName -OutVariable OutList |
Export-Csv -Path C:\_temp\CaseSensitive.csv -NoTypeInformation -Delimiter ';' -Encoding UTF8

To check every single step of your pipeline you can use -OutVariable. After your complete command executed you can inspect the "output" after each step ...

$AllUsers
$VersalUsers
$OutList

June 16, 2017 at 10:38 am

Hi Olaf,

That's odd then, i ran the code and echo'd out the contents of the variables, which appeared....empty! So either (i guess) the samAccountName doesn't contain an uppercase letter at all, or i'm referencing something wrong in the search-base, the entire OU path is Campus -> SDC -> Users -> Non-Teaching Staff. But isolating Non-Teaching Staff should work right?

A wierd one for sure. Worth a mention, i can't reference the OU by "OU", it throws an error, until i replace "OU" with "CN" in the search-base query, the output to the csv is a bunch of random characters : ""

June 16, 2017 at 10:56 am

Hi Olaf! It was my -searchbase query, it wasn't quite correct, so i just pulled it directly from AD, that will teach me for trying to remember it off hand! Thank you so much 😀