Pulling ADUser Info

This topic contains 4 replies, has 3 voices, and was last updated by Profile photo of Eric Salamone Eric Salamone 3 years, 3 months ago.

  • Author
    Posts
  • #13981
    Profile photo of Eric Salamone
    Eric Salamone
    Participant

    I am little confused about why my little script I wrote is not having an output. In the beginning I have a read-host and unless I'm not understanding at all, I was under the impression that the $user variable will be filtered through until it matches a property. This seems to be a simple script yet I'm lost on why it is not working. Any help would be greatly appreciated.

    Get-ADUser -filter {(Name -like "$user") -or (SAMAccountName -like "$user") -or (SN -like "$user")} `
    -Properties * | select Name, EmailAddress, SAMAccountName, SN | fl

  • #13982
    Profile photo of Don Jones
    Don Jones
    Keymaster

    You probably don't need all of that. You can probably do:

    Get-ADUser $user

    It automatically runs that against the -Identity parameter instead, and tries to match against name, CN, and samAccountName. I don't think it matches against surname, though.

    Ultimately, what's probably happening is "$user" is being sent as a literal string to the domain controller, and since you don't have a user named "$user" it isn't working. It's because the script block {} prevents the variable from being evaluated before the filter is shipped off to the DC. People run into the same problem trying to use $null, for example.

    As a test, try putting a legit username in place of $user – make sure it works with a hardcoded value, in other words. If it does, then your problem is that it isn't evaluating $user as a variable but is instead sending it as a literal.

  • #13983
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Just for giggles, try it like this. The -Filter parameters to the AD cmdlets actually accept strings, not ScriptBlocks (though all the examples show the wrong syntax, which can be confusing.) Sometimes they don't work the way you'd expect when you pass in a ScriptBlock and allow it to be converted automatically to a string.

    Get-ADUser -Properties * -Filter "Name -eq '$user' -or SamAccountName -eq '$user' -or SN -eq '$user'" |
    Select-Object Name, EmailAddress, SAMAccountName, SN |
    Format-List
    
  • #13984
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Just had another thought on this: Does your $user variable's value contain wildcards? If so, you'd need to change those -eq operators back to -like in my example (and that might also explain why it's not working the way you expected with the original ScriptBlock syntax.)

  • #13985
    Profile photo of Eric Salamone
    Eric Salamone
    Participant

    Mr. Jones and Mr. Wyatt,

    Thank you for the quick reply and correction. The problem was the script blocks. I was using SAMAccount and SN as tests, because my small vm test network doesn't have exchange to test for mail or a edipi that I will be using to search for users at work.

You must be logged in to reply to this topic.