Get-ADUser -Filter string array

This topic contains 4 replies, has 5 voices, and was last updated by Profile photo of Jaap Brasser Jaap Brasser 2 years, 5 months ago.

  • Author
    Posts
  • #16591
    Profile photo of VirGnar
    VirGnar
    Participant

    Just trying to simply get the Filter param for Get-ADUser to accept an array of strings for input but having a difficult time at it. Not familiar with tackling with arrays on Powershell. I figured it'd be just as easy as this:

    $userarray = @("user1","user2","user3")
    
    Get-ADUser -Filter {name -eq $userarray}
    

    The funny thing is, it will accept the array var without error, but no output given (as if it found nothing matching). Verbose nor Debug params show anything, so I'm not sure if it's just parsing the array in a strange manner or not. It will take the var if it's just a single string value.

    In any case, if this isn't the way an array should be used in this situation, than what's best practice?

    Preemptive thanks!

  • #16592
    Profile photo of Adam Bertram
    Adam Bertram
    Participant

    The -Filter param on each cmdlet uses that cmdlet's provider to filter results vs. using something like -Include or Where-Object. You could get this done via Where-Object but I don't recommend it since it'd be a lot slower.

    You could do something like this:

    $userarray = 'user1','user2',user3'
    $filterstring = "samaccountname -eq '$($userarray -join "' -or samaccountname -eq '")'"
    Get-AdUser -Filter $filterstring

    That just creates a string from the contents of your user array.

  • #16593
    Profile photo of Don Jones
    Don Jones
    Keymaster

    See the help file:

    -filter 
    

    -Filter doesn't accept an array. PowerShell is turning the array into a single-string delimited list, which is why it doesn't work. You've got to run the command once for each filter you intend it to process.

  • #16605
    Profile photo of Mike F Robbins
    Mike F Robbins
    Participant

    Since you're querying Active Directory to return a list of users based on exact matches of what's in each element in the array, you can simply pipe the array to Get-ADUser. This will use the Identity parameter instead of the Filter parameter:

    $userarray = @('user1','user2','user3')
    $userarray | Get-ADUser -ErrorAction SilentlyContinue
    

    I added -ErrorAction SilentlyContinue to ignore the ones that don't exist in Active Directory otherwise they'll generate errors. If you're using this in a script, I recommend adding error handling instead of ignoring the errors.

    Each element in the array would need to contain one of these for this to work:
    — A Distinguished Name
    — A GUID (objectGUID)
    — A Security Identifier (objectSid)
    — A SAM Account Name (sAMAccountName)

  • #16690
    Profile photo of Jaap Brasser
    Jaap Brasser
    Participant

    What you could do if you have an array like yours is use it to construct a working filter, since what you are after here is you are trying to find an account that is either named 1 2 or 3 you could generated the following LDAP search filter. Note that this can also be done using the -Filter property, I'm using LDAP Filters because it is a personal preference of mine:

    $userarray = 'user1','user2','user3'
    $userarray | Foreach-Object -Begin {
        $LDAPFilter = '(|'
    } -Process {
        $LDAPFilter += "(samaccountname=$_)"
    } -End {
        $LDAPFilter += ')'
    } 
    Get-ADUser -LDAPFilter $LDAPFilter

    So yes it is possible, but you'll have to use your array to construct the filter yourself as I am by doing using the ForEach-Object cmdlet.

You must be logged in to reply to this topic.