Author Posts

October 10, 2016 at 11:12 pm

I'm trying to get properties for 2 known users using displayName but getting no results that should be there

Get-ADUser -Filter {(displayName -Like "Admin_ML") -And (displayName -Like "AdminMR")} -Credential $creds -Properties *

What am I missing with my Get-ADUser syntax?


October 10, 2016 at 11:54 pm

Have you tried using -OR?

October 11, 2016 at 12:07 am

Yes that had worked earlier but only returns the first User

October 11, 2016 at 6:52 am

May be you should use (displayName -Like "Admin_ML*") -And (displayName -Like "AdminMR*")
node the * in filter.
May be your Displaynames differ from your vision ? spaces after text or so on...

October 11, 2016 at 10:31 am

Agree with max add the wildcards

October 11, 2016 at 1:18 pm

-And will not work here. You're saying the displayname of single account must match both conditions.

Note in a large environment this query is not ideal. Displayname is in the anr set.

'Admin_ML','Adminmr' | % {get-aduser -filter 'anr -eq $_'}

October 11, 2016 at 2:42 pm

Hmm, I'm copy/paste -And. of course there should be -or instead

Dan, on my measurements
Get-ADUser -Filter {(anr -Like "Admin_ML*") -or (anr -Like "Adminmr*")
two times faster than
'Admin_ML*','Adminmr*' | % {get-aduser -filter 'anr -like $_'}

may be because of two requests in your variant 🙂

October 11, 2016 at 3:54 pm

anr -eq and don't use wildcard. Always try to avoid the like operator as the query has to check the condition against all users.

ex. My displayname contains characters before and after potter, dan
get-aduser -Filter "anr -eq 'potter, dan'" -Properties displayname

ANR are indexed attributes so the query is much faster than any other.

  • This reply was modified 1 year, 10 months ago by  Dan Potter.

October 11, 2016 at 5:39 pm

Thanks Dan and everyone, I wasn't at all familiar with ambiguous name resolution until this conversation and it did the trick for me (without the wild cards). I found my two users.

October 12, 2016 at 10:33 am

thanks, Dan, I personally doesn't know that I can use -eq with anr and it works even with partial names 🙂
on my test domain with 10000+ users first request 5 times faster than -like

next requests with the same euery seems cashed and request times almost equal