Author Posts

July 4, 2016 at 2:34 pm

I have a variable that contains a list of AD users i.e "Jay Jones". I want to query AD and check that each user in this list has a corresponding account. The problem is that Get-ADUser looks for the users Identity (SamAccountName), and this is done in the format "jayj". So when i issue a command it comes back that none of the users have accounts:

$UserList | Get-AdUser
Get-ADUser : Cannot find an object with identity: 'Jay Jones' under: 'DC=domain,DC=com'.
At line:1 char:12
+ $UserList | Get-ADUser
+            ~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Jay Jones:ADUser) [Get-ADUser], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

I know that the format "Jay Jones" matches the property type 'Name' of my AD User account. How can i make Get-ADUser reference the $UserList variable based on the 'Name' property of the account rather than the Identity (SamAccountName)? I cant change the format of the users in the variable to the same as the SamAccountName, otherwise i would!

July 4, 2016 at 3:07 pm

foreach ($user in $userlist){Get-ADUser -Filter {Name -eq $user}}

July 4, 2016 at 4:48 pm

To elaborate:

If $userlist is a list of string objects, you need to look and see what Get-ADUser will do with those in terms of pipeline binding ByValue. Looking at the help, it's -Identity that's accepting strings ByValue, not -Name. That's why you're getting the error you are. As the answer above demonstrates, you have to manually push the input to -Name by enumerating the list.

If $userlist had contained values acceptable to -Identity, your first try would have worked.

July 8, 2016 at 10:47 am

Thanks for the explanation.

July 8, 2016 at 11:51 am

get-aduser -filter "anr -eq 'Jay Jones'"