Get-ADUser -Filter string array

Welcome Forums General PowerShell Q&A Get-ADUser -Filter string array

This topic contains 4 replies, has 5 voices, and was last updated by

4 years, 7 months ago.

  • Author
  • #16591

    Points: 1
    Rank: Member

    Just trying to simply get the Filter param for Get-ADUser to accept an array of strings for input but having a difficult time at it. Not familiar with tackling with arrays on Powershell. I figured it'd be just as easy as this:

    $userarray = @("user1","user2","user3")
    Get-ADUser -Filter {name -eq $userarray}

    The funny thing is, it will accept the array var without error, but no output given (as if it found nothing matching). Verbose nor Debug params show anything, so I'm not sure if it's just parsing the array in a strange manner or not. It will take the var if it's just a single string value.

    In any case, if this isn't the way an array should be used in this situation, than what's best practice?

    Preemptive thanks!

  • #16592

    Points: 22
    Rank: Member

    The -Filter param on each cmdlet uses that cmdlet's provider to filter results vs. using something like -Include or Where-Object. You could get this done via Where-Object but I don't recommend it since it'd be a lot slower.

    You could do something like this:

    $userarray = 'user1','user2',user3'
    $filterstring = "samaccountname -eq '$($userarray -join "' -or samaccountname -eq '")'"
    Get-AdUser -Filter $filterstring

    That just creates a string from the contents of your user array.

  • #16593

    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    See the help file:


    -Filter doesn't accept an array. PowerShell is turning the array into a single-string delimited list, which is why it doesn't work. You've got to run the command once for each filter you intend it to process.

  • #16605

    Points: 53
    Rank: Member

    Since you're querying Active Directory to return a list of users based on exact matches of what's in each element in the array, you can simply pipe the array to Get-ADUser. This will use the Identity parameter instead of the Filter parameter:

    $userarray = @('user1','user2','user3')
    $userarray | Get-ADUser -ErrorAction SilentlyContinue

    I added -ErrorAction SilentlyContinue to ignore the ones that don't exist in Active Directory otherwise they'll generate errors. If you're using this in a script, I recommend adding error handling instead of ignoring the errors.

    Each element in the array would need to contain one of these for this to work:
    — A Distinguished Name
    — A GUID (objectGUID)
    — A Security Identifier (objectSid)
    — A SAM Account Name (sAMAccountName)

  • #16690

    Points: 21
    Rank: Member

    What you could do if you have an array like yours is use it to construct a working filter, since what you are after here is you are trying to find an account that is either named 1 2 or 3 you could generated the following LDAP search filter. Note that this can also be done using the -Filter property, I'm using LDAP Filters because it is a personal preference of mine:

    $userarray = 'user1','user2','user3'
    $userarray | Foreach-Object -Begin {
        $LDAPFilter = '(|'
    } -Process {
        $LDAPFilter += "(samaccountname=$_)"
    } -End {
        $LDAPFilter += ')'
    Get-ADUser -LDAPFilter $LDAPFilter

    So yes it is possible, but you'll have to use your array to construct the filter yourself as I am by doing using the ForEach-Object cmdlet.

The topic ‘Get-ADUser -Filter string array’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort