Need help in PowerShell script to find AD user account based on Display Name ?

Welcome Forums General PowerShell Q&A Need help in PowerShell script to find AD user account based on Display Name ?

This topic contains 5 replies, has 5 voices, and was last updated by

2 months, 1 week ago.

  • Author
  • #144621

    Topics: 16
    Replies: 17
    Points: 141
    Rank: Participant

    I need some help in fixing the below PowerShell script to search for user samAccountName or Alias or Display Name like First Lastname in Active Directory from input typed by the user:

    The problem with the script is as follows:


    Do {
        Write-Host -Object 'Enter a samaccountname / Alias or even "First Lastname", or nothing (Press Enter) to leave; wildcards and a space separated list are not supported.'
        $Input = Read-Host -Prompt 'User/List'
        If ($Input) {
            $(ForEach ($Username in $Input.Split(' ', [StringSplitOptions]::RemoveEmptyEntries)) {
                    If ($ADUser = Get-ADUser -Filter {samAccountName -like $UserName} -Properties DisplayName) {
                        Write-Verbose -Message "Processing $($ADUser.DisplayName)"
                        "The samaccountname $($input) matching '$($UserName)'!"
                        Else {
                            "Could not find a user with a samaccountname matching '$($UserName)'!" | Write-Warning
    } Until (-not $Input)

    1. When there is valid First.Lastname alias found the script is not showing any confirmation?

    2. I cannot find my username that I typed as First Lastname even if my AD account is exist?

    3. When there is a random string typed, it does not show about the error user cannot be found?

    Any help would be greatly appreciated.

  • #144689

    Topics: 33
    Replies: 128
    Points: 305
    Helping Hand
    Rank: Contributor

    Try using -Match

    Get-ADUser -Filter * |? { $_.samaccountname -match $UserName -Or $_.displayName -Match $UserName}

    I also had this working as expected if I passed a full samAccountName or full DisplayName

    Get-ADUser -Filter {samAccountName -eq $UserName -Or displayName -eq $UserName} -Properties DisplayName | Select DisplayName


  • #144705

    Topics: 12
    Replies: 215
    Points: 383
    Helping Hand
    Rank: Contributor

    Don't know how your AD attributes look like but the main problem as I see it is that you don't consider what the user inputs.
    You're also only checking against the samAccountName attribute later on.
    And with the split in the line before that you may end up with a firstname only which are then checked against the samAccountName.

    My suggestion is that you first start with a single check for each scenario that you want to cover.
    Like what Iain have given you a couple of examples of.

    Once you got the Get-ADUser commands figured out then start building around that.
    You will then also know what kind of input you need and check for.

  • #144708

    Topics: 21
    Replies: 592
    Points: 1,151
    Helping Hand
    Rank: Community Hero

    But an ad filter is not a script block. Oh nevermind...

  • #144728

    Topics: 8
    Replies: 1190
    Points: 639
    Helping Hand
    Rank: Major Contributor

    What is the eventual goal here? The search is straight-forward, but what are you doing with the results? If you are doing and SET operations, this is a realllllllly bad idea. When you do any wildcard search and let users put what they want, it's really dangerous, especially from a command line. Say you're trying to create a process to reset a password. You type in Smith, find the smith and then the user needs to do a search for the full displayname again to return a single user to perform the SET operation. Even in the below example, without wrappers, you can just type nothing and it would return ALL users. Before you implement anything with this, you may want to ask the community how to solve the final solution you are working towards because wildcards are super dangerous.

    With fair warning given, a basic example:

    $usrinput = 'Simmers'
    $search = "*$usrinput*"
    $results = Get-ADUser -Filter {(Name -like $search) -and (Enabled -eq $true)}
    if ($results) {
        'Found {0} users with search {1}' -f @($results).Count, $search
        $results | Select Name
    else {
        'No user found with search {0}' -f $search

    Edit: Updated $input to $usrinput per JS as input is reserved

  • #144738

    Topics: 21
    Replies: 592
    Points: 1,151
    Helping Hand
    Rank: Community Hero

    $input seems to be a reserved variable. Try $input2 or something else. -like without * is the same as -eq.

    Again, an ad filter is not a script block. This is the only possible way to quote it and make it work:

    get-aduser -filter "samaccountname -like '*$username*'"

    Actually Rob Simmers's method will work, except for the $input name.

You must be logged in to reply to this topic.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort