0 
$ADInfo = Get-ADUser -filter {Surname -Like $ntaccount1} | Sort-Object Name

$ADInfo `
    | Format-Table `
        @{ Name = "Full Name"; Expression = { $_.name } },
        @{ Name = "User ID"; Expression = { $_.samaccountname } } -Autosize;

This will only search the Directory by Surname (Last name) and then it outputs the full name and user id of the results. How do I have it look for every variable instead of just Surname? I want to mimic as if you were searching in the actual active directory program, but in powershell.

Improve this question
5
  • You would need to change your Filter to account for all the variances you are looking for. Might be able to use a small hashtable to make it easier. Someone might have a better solution. Commented Dec 2, 2014 at 13:43
  • What exactly do you mean by "every variable"? Commented Dec 2, 2014 at 16:23
  • @AnsgarWiechers Searching AD for the word "smith" but instead of searching last name, look in first name, user id, etc etc. Commented Dec 2, 2014 at 16:32
  • User objects in AD have more than 200 attributes. Which of them do you want to check? Commented Dec 2, 2014 at 19:18
  • @AnsgarWiechers Mainly last name, user id, first name. I just want a way to search multiple variables and display results from all of them. Commented Dec 2, 2014 at 22:54

1 Answer 1

Reset to default
1

I'm looking into other ideas but just to see if this is in the direction you are looking for I made up and LDAP filter for what I think the AD Find does

$searchString = "Matt"
get-aduser -LDAPFilter "(|(displayName=$($searchString)*)(sn=$($searchString)*)(givenName=$($searchString)*)(cn=$($searchString)*)(samaccountname=$($searchString)*))"

So this will search all of the properties in AD and return users if they match "Matt*". Following the same logic but making the seach more configurable to suit your needs. Results should be the same for both as written. This way you can add/remove properties to search for.

$searchString = "Matt"
$properties = "displayName","sn","givenName","cn","samaccountname"
$ldapFilter = "(|$($properties | ForEach-Object{"($_=$($searchString)*)"}))"

Get-Aduser -LDAPFilter $ldapFilter

Using Plain Filter

For whatever reason -LDAPFilter is not working for you. We can use similar logic to get -Filter working. The property names will change to match the PowerShell Filter

$searchString = "Matt"
$properties = "FirstName","LastName","Name","DisplayName","SamAccountName"
$Filter = ($properties | ForEach-Object{"($_ -Like '$searchString*')"}) -Join " -Or "

Get-Aduser -Filter $Filter
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Does -LDAPFilter use LDAP? We are ditching LDAP soon for AD fully. I trie to do Get-ADUser -filter {samaccountname -Contains "stepanik"} but it says the operator of -contains is not valid. That would be perfect if that worked.
-LDAPFilter uses the LDAP protocol which is support on a wide variety of products. Yes this work on AD. My environment is AD Functional level 2008 r2
-Contains is for checking arrays contain a member. windowsitpro.com/blog/powershell-contains. I will make this work for -Filter
I know this is bad but, is there a way to paste all that code into powershell with the variables in one line to test it? or how do I go about doing that?
@Aaron copy the code from the page and just hit rightclick in the shell. It will paste it all and execute assuming you have a newline on the end. You could also separate the lines with semicolons if you really need it all on one line.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.