Author Posts

March 21, 2014 at 8:03 am

I am little confused about why my little script I wrote is not having an output. In the beginning I have a read-host and unless I'm not understanding at all, I was under the impression that the $user variable will be filtered through until it matches a property. This seems to be a simple script yet I'm lost on why it is not working. Any help would be greatly appreciated.

Get-ADUser -filter {(Name -like "$user") -or (SAMAccountName -like "$user") -or (SN -like "$user")} `
-Properties * | select Name, EmailAddress, SAMAccountName, SN | fl

March 21, 2014 at 8:06 am

You probably don't need all of that. You can probably do:

Get-ADUser $user

It automatically runs that against the -Identity parameter instead, and tries to match against name, CN, and samAccountName. I don't think it matches against surname, though.

Ultimately, what's probably happening is "$user" is being sent as a literal string to the domain controller, and since you don't have a user named "$user" it isn't working. It's because the script block {} prevents the variable from being evaluated before the filter is shipped off to the DC. People run into the same problem trying to use $null, for example.

As a test, try putting a legit username in place of $user – make sure it works with a hardcoded value, in other words. If it does, then your problem is that it isn't evaluating $user as a variable but is instead sending it as a literal.

March 21, 2014 at 8:07 am

Just for giggles, try it like this. The -Filter parameters to the AD cmdlets actually accept strings, not ScriptBlocks (though all the examples show the wrong syntax, which can be confusing.) Sometimes they don't work the way you'd expect when you pass in a ScriptBlock and allow it to be converted automatically to a string.

Get-ADUser -Properties * -Filter "Name -eq '$user' -or SamAccountName -eq '$user' -or SN -eq '$user'" |
Select-Object Name, EmailAddress, SAMAccountName, SN |
Format-List

March 21, 2014 at 8:25 am

Just had another thought on this: Does your $user variable's value contain wildcards? If so, you'd need to change those -eq operators back to -like in my example (and that might also explain why it's not working the way you expected with the original ScriptBlock syntax.)

March 21, 2014 at 9:00 am

Mr. Jones and Mr. Wyatt,

Thank you for the quick reply and correction. The problem was the script blocks. I was using SAMAccount and SN as tests, because my small vm test network doesn't have exchange to test for mail or a edipi that I will be using to search for users at work.