Need help in PowerShell script to find AD user account based on Display Name ?

Welcome Forums General PowerShell Q&A Need help in PowerShell script to find AD user account based on Display Name ?

This topic contains 5 replies, has 5 voices, and was last updated by

js
 
Participant
1 week, 3 days ago.

  • Author
    Posts
  • #144621

    Participant
    Points: 141
    Rank: Participant

    I need some help in fixing the below PowerShell script to search for user samAccountName or Alias or Display Name like First Lastname in Active Directory from input typed by the user:

    The problem with the script is as follows:

     

    Do {
        Write-Host -Object 'Enter a samaccountname / Alias or even "First Lastname", or nothing (Press Enter) to leave; wildcards and a space separated list are not supported.'
        $Input = Read-Host -Prompt 'User/List'
        If ($Input) {
            $(ForEach ($Username in $Input.Split(' ', [StringSplitOptions]::RemoveEmptyEntries)) {
                    If ($ADUser = Get-ADUser -Filter {samAccountName -like $UserName} -Properties DisplayName) {
                        Write-Verbose -Message "Processing $($ADUser.DisplayName)"
                        
                        "The samaccountname $($input) matching '$($UserName)'!"
                        
                        Else {
                            "Could not find a user with a samaccountname matching '$($UserName)'!" | Write-Warning
                        }
                    }
            })
        }
    } Until (-not $Input)

    1. When there is valid First.Lastname alias found the script is not showing any confirmation?

    2. I cannot find my username that I typed as First Lastname even if my AD account is exist?

    3. When there is a random string typed, it does not show about the error user cannot be found?

    Any help would be greatly appreciated.

  • #144689

    Participant
    Points: 265
    Helping Hand
    Rank: Contributor

    Try using -Match

    
    Get-ADUser -Filter * |? { $_.samaccountname -match $UserName -Or $_.displayName -Match $UserName}
    
    

    I also had this working as expected if I passed a full samAccountName or full DisplayName

    
    Get-ADUser -Filter {samAccountName -eq $UserName -Or displayName -eq $UserName} -Properties DisplayName | Select DisplayName
    
    

     

  • #144705

    Participant
    Points: 364
    Helping Hand
    Rank: Contributor

    Don't know how your AD attributes look like but the main problem as I see it is that you don't consider what the user inputs.
    You're also only checking against the samAccountName attribute later on.
    And with the split in the line before that you may end up with a firstname only which are then checked against the samAccountName.

    My suggestion is that you first start with a single check for each scenario that you want to cover.
    Like what Iain have given you a couple of examples of.

    Once you got the Get-ADUser commands figured out then start building around that.
    You will then also know what kind of input you need and check for.

  • #144708
    js

    Participant
    Points: 744
    Helping Hand
    Rank: Major Contributor

    But an ad filter is not a script block. Oh nevermind...

  • #144728

    Participant
    Points: 638
    Helping Hand
    Rank: Major Contributor

    What is the eventual goal here? The search is straight-forward, but what are you doing with the results? If you are doing and SET operations, this is a realllllllly bad idea. When you do any wildcard search and let users put what they want, it's really dangerous, especially from a command line. Say you're trying to create a process to reset a password. You type in Smith, find the smith and then the user needs to do a search for the full displayname again to return a single user to perform the SET operation. Even in the below example, without wrappers, you can just type nothing and it would return ALL users. Before you implement anything with this, you may want to ask the community how to solve the final solution you are working towards because wildcards are super dangerous.

    With fair warning given, a basic example:

    $usrinput = 'Simmers'
    $search = "*$usrinput*"
    
    $results = Get-ADUser -Filter {(Name -like $search) -and (Enabled -eq $true)}
    
    if ($results) {
        'Found {0} users with search {1}' -f @($results).Count, $search
        $results | Select Name
    }
    else {
        'No user found with search {0}' -f $search
    }
    

    Edit: Updated $input to $usrinput per JS as input is reserved

  • #144738
    js

    Participant
    Points: 744
    Helping Hand
    Rank: Major Contributor

    $input seems to be a reserved variable. Try $input2 or something else. -like without * is the same as -eq.

    Again, an ad filter is not a script block. This is the only possible way to quote it and make it work:

    get-aduser -filter "samaccountname -like '*$username*'"
    

    Actually Rob Simmers's method will work, except for the $input name.

You must be logged in to reply to this topic.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort