Where-Object -match -contains -like

Welcome Forums General PowerShell Q&A Where-Object -match -contains -like

Viewing 10 reply threads
  • Author
    Posts
    • #265052
      Participant
      Topics: 139
      Replies: 287
      Points: 460
      Rank: Contributor

      I have this one-liner to try and discover only the Groups a User is a memberOf matching/containing/like this string: ‘T1_GOO666’

      ..and it comes up empty (there are a dozen groups with that name prefix). I’ve tried all sorts of various * wildcards, in front and in back of the ( ) and I never get just the groups with that exact prefix. I either retrieve those PLUS many others and I don’t see the string in those other (unwanted) results.

      I’ve tried other operators, read as much as I can understand in the help files but would finally like to understand how to get exactly what I want in PowerShell using wildcards or otherwise partial string names.

    • #265061
      Inactive
      Topics: 7
      Replies: 17
      Points: 0
      Rank: Member

      Hi @Jeff Taylor – I tried with my own account and was able to return membership for groups matching the search criteria by doing the following:

      (Get-ADUser -Filter “SamAccountName -eq ‘UserAccount'” -Properties *).memberof -like “*GroupName*”

      Hope that helps or guides in some manner.

       

    • #265178
      Participant
      Topics: 1
      Replies: 85
      Points: 387
      Helping Hand
      Rank: Contributor

      Your Where-Object condition applies to the returned user object rather than the memberOf list. It is basically saying “if a user has a group matching the string, then return that user.” If you want the condition to filter the groups, then move your Where-Object after your Select-Object command because that is the first place you have asked to return a list of groups.

    • #265322
      Participant
      Topics: 139
      Replies: 287
      Points: 460
      Rank: Contributor

      Yes, that is lean and clean thank you

    • #265328
      Participant
      Topics: 139
      Replies: 287
      Points: 460
      Rank: Contributor

      If you want the condition to filter the groups, then move your Where-Object after your Select-Object command because that is the first place you have asked to return a list of groups.

      I tried this but it still pulls in more than what I want:

    • #265346
      Participant
      Topics: 9
      Replies: 170
      Points: 836
      Helping Hand
      Rank: Major Contributor

      This worked for me:

      Get-ADUser -Filter {samAccountName -eq "my.Useraccount"} -Properties memberOf | select memberOf -ExpandProperty memberOf | Where-Object {$_ -match 'T1_GOO666'}
    • #265439
      Participant
      Topics: 2
      Replies: 382
      Points: 523
      Helping Hand
      Rank: Major Contributor

      Is there any reason you’re using Get-ADUser instead of Get-ADPrincipalGroupMembership?

       

    • #265520
      Participant
      Topics: 139
      Replies: 287
      Points: 460
      Rank: Contributor

      This still returned more than what I was after but thank you for the suggestion

    • #265526
      Participant
      Topics: 139
      Replies: 287
      Points: 460
      Rank: Contributor

      Thanks that worked as well Matt, thanks for the reminder on that cmdlet

    • #265529
      Participant
      Topics: 9
      Replies: 677
      Points: 2,680
      Helping Hand
      Rank: Community Hero

      I agree with @Matt that Get-ADPrincipalGroupMembership is probably the better cmdlet to use if you are wanting to just return the groups the user is part of. You’ll be able to choose from the properties of those groups, such as name, DN, etc.

      As for why your command is not returning anything, most likely due to the fact that memberof returns the distinguished name of the group. So you’ll need to either put a * or the identifier CN= in front of the search term.

      or

      Unless that search term is not the complete begining of that group name either should work. If you didn’t want the distinguished name then you’d either have to extract the name or look the group up again, both leading back to Matt’s suggestion.

    • #265556
      Participant
      Topics: 139
      Replies: 287
      Points: 460
      Rank: Contributor

      Yep, I remember trying the CN= as well in all my earlier testing but finally got it sorted out with each of the two member earlier suggestions. Thanks Doug.

Viewing 10 reply threads
  • You must be logged in to reply to this topic.