Get-ADUser -Filter {String[] -eq String[]} - Possible?

Welcome Forums General PowerShell Q&A Get-ADUser -Filter {String[] -eq String[]} - Possible?

This topic contains 3 replies, has 3 voices, and was last updated by

 
Participant
1 month, 1 week ago.

  • Author
    Posts
  • #123419

    Participant
    Points: 50
    Rank: Member

    Trying to filter the Get-ADUser results by multiple properties, or a single property, determined by a single previously set variable. Below are the two pieces cut from the script

    # Target users with Active Directory user object properties
    $PROPERTY_NAME = 'Surname', 'GivenName'
    $PROPERTY_VALUE = 'Franco', 'Alex'
    
    # Collect all Acitve Directory users matching the property/properties defined above
    $userList = Get-ADUser -Filter {$PROPERTY_NAME -eq $PROPERTY_VALUE} -Properties $PROPERTY_NAME
    It's failing to retrieve any matches because:
    Get-ADUser : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'Properties'. Specified method is not supported.

    I'd rather not have to do something like

    if(PROPERTY_NAME.GetType().Name -eq 'Object[]') {
    	$num = $PROPERTY_NAME.Count
    	$num | % {
    		Get-ADUser -Filter {$PROPERTY_NAME[($_ - 1)] -eq $PROPERTY_VALUE[($_ - 1)]
        }
       # haven't worked out yet what to do from this point, but I'd rather not have to anyways
    }

    Is there a more elegant way to Get-ADUser with multiple property filters?

    Thank you,

    Alex

  • #123743

    Participant
    Points: 355
    Helping Hand
    Rank: Contributor

    There are several approaches, but I've used string concatenation to build the filter

    $groupName = 'group123'
    $dc = 'dc123'
    
    $getGrpParams = @{
        Filter = "Name -eq '$groupName'"
    }
    
    #Add DC to AD commands
    $getGrpParams.Add( "Server", $dc ) 
    
    $group = Get-ADGroup @getGrpParams
    

    Some other options are outlined here:

    https://stackoverflow.com/questions/20075502/get-aduser-filter-will-not-accept-a-variable

    • #123801

      Participant
      Points: 50
      Rank: Member

      Wow, that guy hates using script blocks for filters but has valid points. Had some trouble getting it working with the @params, but was able to get it after a brain break and seeing Logan's example.

      Thank you both, much appreciated

      PS C:\> 
      [String[]]$PROPERTY_NAME = 'GivenName', 'Surname'
      [String[]]$PROPERTY_VALUE = 'Alex', 'Franco'
      
      $n = 0
      $count = $PROPERTY_NAME.Count
      Do {
          $propName = $PROPERTY_NAME[$n]
          $propVal = $PROPERTY_VALUE[$n]
          $string = "($propName -eq `"$propVal`")"
          
          $n++
          if($count -ne $n -and $count -gt 1) {
              $string += ' -and '
          }
      
          $filter += $string
      } Until ($n -eq $count)
      
      $filter
      (GivenName -eq "Alex") -and (Surname -eq "Franco")
      
      PS C:\>
  • #123768

    Participant
    Points: 112
    Helping Hand
    Rank: Participant

    Using the Get-Help Cmdlet provides the key to your answer here, it really boils down to a couple of things. First, what time of input is the parameter expecting (in this case String) and what sort of syntax is expected. You have the choice of a couple of different parameters. -Filter and -LDAPFilter, depending on if you want to use the native PS query syntax or LDAP. If we are working with the -Filter for example we need to group each criteria into separate parentheses' see below for an example

    $filter = '(GivenName -eq "Logan") -and (Surname -eq "Boydell")'
    Get-ADUser -Filter $filter
    

    To go deeper into you can use variable to build your initial filter variable, then pass that along as seen below.

    $first = 'Logan'
    $last = 'Boydell'
    $filter = "(GivenName -eq `"$first`") -and (Surname -eq `"$last`")"
    Get-ADUser -Filter $filter
    

    I hope you find this answer helpful.

You must be logged in to reply to this topic.