Get-ADUser -Filter {extensionAttribute1 -ne "aaa"} to get the users

Similar Messages

• Using get-aduser -filter to find blank spaces only

  Hello all,
  What I'm trying to do is pretty simple. I want to use the -filter parameter of the get-aduser cmdlet to find a defined attribute that only contains a space. For example, I want to find any users that have extensionattribute1 equal to " ". I've
  tried the following code but I get the error "the search filter cannot be recognized":
  get-aduser -filter {extensionattribute1 -eq " "}
  What I don't want to use is -like "* *", as that will give me values that contain a space anywhere. I only want to return users that have extensionattribute1 equal to one space.
  Any ideas?

  Yes, in LDAP syntax you can escape any character with the backslash escape character followed by the two character hex ASCII representation of what you want. You can get foreign characters this way. More on escaping characters here:
  http://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx
  Richard Mueller - MVP Directory Services

• Help with get-aduser -filter command

  Hi! I'm having problems with getting user info from displayname
  function searchuzv {
  $uzvinfo=$InputBoxuzv.text;
  $uzvcheck = Get-ADUser -filter "DisplayName -like '*$uzvinfo*'"
  If i run Get-ADUser -filter "DisplayName -like '*$uzvinfo*'" line separately, everything is ok, and working, but when I run function, I m getting error "Get-ADUser : The search filter cannot be recognized"
  My objective is get user info when only part of displayname is provided.
  I suppose there is problem with syntax, but I can't find anything about this.
  Any suggestions?
  Bert regards,
  Ronald

  Hi Ronald,
  Try this.
  function searchuzv
  $uzvinfo=$InputBoxuzv.text
  $uzvDisp = "*"+$uzvinfo+"*"
  $uzvcheck = Get-ADUser -filter "DisplayName -like $uzvDisp"
  Regards,
  Satyajit
  Please “Vote As Helpful”
  if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• Get-aduser -Filter email address

  Hi, I have a csv file with a email address and the employ ID. I which to update the emply id according to the email address
  csv:
  Email;employerID;FirstName;LastName;
  [email protected];123456789;a;a;
  [email protected];789456123;b;b;
  I tried querying the user according to email but the user is not found:
  $test = Import-csv -Path \\tsclient\c\temp\test.csv -delimiter ";"
  Foreach ($u in $test) {Get-aduser -Filter { emailaddress -Like $u.email} -Properties emailaddress}
  Which i find strange, because when i run following commandlet the correct address are displayed.
  $test = Import-csv -Path \\tsclient\c\temp\test.csv -delimiter ";"
  Foreach ($u in $test) {write-host $u.email}
  I even tried, but same result:
  $test = Import-csv -Path \\tsclient\c\temp\test.csv -delimiter ";"
  Foreach ($u in $test) {Get-aduser -Filter { emailaddress -Like $($u.email)} -Properties emailaddress}
  What am i doing wrong?
  Answers provided are coming from personal experience, and come with no warranty of success. I as everybody else do make mistakes.

  Get-aduser : Property: 'email' not found in object of type: 'System.Management.Automation.PSCustomObject'.This implies that the object $u does not have a property named email.$test = Import-csv -Path \\tsclient\c\temp\test.csv -delimiter ";"
  Foreach ($u in $test) {$u.email}

• Get-aduser -filter -memberof group name issues

  I want to use powershell to return all users who are domain admins into a CSV
  Are these commands close to what I should be doing?
  get-aduser -filter -memberof "domain admin" 
  get-adgroupmember -filter "-eq 'Domain Admin'"
  Then I will exporting to CSV with this working part of the script.
  -Properties * | Select-Object -Property Name,DisplayName,Title,EmailAddress,GivenName,sn,StreetAddress,Office,City,State,PostalCode,Country,OfficePhone,Company,HomePhone,mobile,Department | Sort-Object -Property Name | export-csv c:\UserPropertiesCSV.csv

  If you want more information than is being returned by Get-ADGroupMember, you can pipe the results into Get-ADUser.
  Get-ADGroupMember "Domain Admins" |
  Get-ADUser -properties Displayname, Title, EmailAddress, GivenName, sn, StreetAddress, Office, City, State, PostalCode, Country, OfficePhone, Company, HomePhone, Mobile, Department |
  Select-Object Name, DisplayName, Title, EmailAddress, GivenName, sn, StreetAddress, Office, City, State, PostalCode, Country, OfficePhone, Company, HomePhone, Mobile, Department |
  Export-CSV ".\results.csv"

• Get-AdUser -Filter for homeDirectory

  I guess there's something I don't know about -filter syntax for this command...
  get-aduser -filter {homeDirectory -like "*\faculty\homes\*"} -property homeDirectory
  returns results, but...
  get-aduser -filter {homeDirectory -like "\\faculty\homes\*"} -property homeDirectory
  ...will not. All results returned by the first have homes starting with \\faculty\homes\...
  What gives?

  Hi,
  you need to use the LDAP escape character for \, which is \5c
  So, you could write it like this:
  $DirectoryInfo = Get-Item \\server\share\User1HomeDirectory
  $strFilter = $DirectoryInfo.FullName.Replace("\","\5c")
  $AdUser = Get-AdUser -Filter {homeDirectory -like $strFilter}
  If ($AdUser.HomeDirectory -like $DirectoryInfo.FullName) { #not abandoned home directory }
  /Fridden
  Just a simple hacker

• Powershell get-aduser filter problem

  Powershell'Filter' = {(Enabled -eq $True) -and ((Office -ne "EXCLUDE") -or (Office -notlike '*'))}
  The filter parameter isn't very user friendly.  Try this and see if it is what you want.

  Hello all, I am trying to filter a script I found here from Martin9700to get users from an ad ou. The original line: 'Filter' = {Enabled -eq $True} works and I am trying to add a filter to exclude users that have Office value of EXCLUDE. If I use: 'Filter' = {(Enabled -eq $True) -and (office -eq "EXCLUDE")} then it will get the user that has EXCLUDE but I can't get any negative to work. I have tried -ne, -notlike and several combos of syntax but I really don't understand much of it. Any help would be greatly appreciated! The complete script is below. Thanks!

• WDA Table: Getting column sequence as it really is for the user

  Hi Folks!
  I need the current sequence of table columns as it really is for the user. He may have personalized his table: he may have removed some columns and may have changed the sequence of some columns. And this is what I need to know.
  But unfortunately so far I could only get the column sequence as it is defined in the View Layout using this coding:
    DATA lo_table TYPE REF TO cl_wd_table.
    DATA lo_table_columns TYPE cl_wd_table_column=>tt_table_column.
    DATA lo_table_column TYPE REF TO cl_wd_table_column.
    DATA lt_abstr_table_columns TYPE STANDARD TABLE OF REF TO cl_wd_abstr_table_column.
    DATA ls_abstr_table_column TYPE REF TO cl_wd_abstr_table_column.
    lo_table ?= wd_this->mv_view->get_element( 'RLTAB' ).
    lt_abstr_table_columns = lo_table->get_grouped_columns( ).
    LOOP AT lt_abstr_table_columns INTO ls_abstr_table_column.
      lo_table_column ?= ls_abstr_table_column.
    ENDLOOP.
  Thus: How to get the table column information as they are currently outside in the reald user world (only visible columns in the displayed sequence).
  Background: I need this information, because I want to export the table to excel and/or print it in exactly the state the user currently sees it (in personalized state).
  Thanx and points for any useful hints - ideally coding snippets!
  Regards,
  Volker

  Hi both!
  1) I have searched the framework like a mad man an dI think I will dream of all these IF_WD... and CL_WD... most having the useful information in protected or even private areas. A fact I cannot really understand.
  2) Although some kind of "criminal" I trewd to go the way in the second answer by creating child classes for cl_wd_abstr_table_column and cl_wd_table_column both containing the protected attribute PERSINDEX I need.
  I added a public class get_pers_index to the child classes. So far so good.
  But when I try to type-cast SAP standard instance to my instance vairables I get type-cast errors in both cases.
  Any ideas?
  Here's the relevant coding snippet:
  DATA lo_table TYPE REF TO cl_wd_table.
    DATA lo_table_columns TYPE cl_wd_table_column=>tt_table_column.
    DATA lo_table_column TYPE REF TO cl_wd_table_column.
    DATA lo_table_column2 TYPE REF TO /rand/cl_wd_table_column.
    DATA lt_abstr_table_columns TYPE STANDARD TABLE OF REF TO cl_wd_abstr_table_column.
    DATA ls_abstr_table_column TYPE REF TO cl_wd_abstr_table_column.
    data lo_abstr_table_column type ref to /rand/cl_wd_abstr_table_column.
    data lv_pers_index type i.
    lo_table ?= wd_this->mv_view->get_element( 'RLTAB' ).
    lt_abstr_table_columns = lo_table->get_grouped_columns( ).
    LOOP AT lt_abstr_table_columns INTO ls_abstr_table_column.
      lo_table_column ?= ls_abstr_table_column.                 "this casting is successful
      lo_table_column2 ?= lo_table_column.                      "this casting throws type-cast exception
      lv_pers_index = lo_table_column2->get_pers_index( ).
      lo_abstr_table_column ?= ls_abstr_table_column.           "this casting throws type-cast exception, too
      lv_pers_index = lo_abstr_table_column->get_pers_index( ).
    ENDLOOP.
  Any help very welcome.
  Thanx and Regards,
  Volker

• Get-Aduser Filtering Issue

  Hey Guys,
  I'm trying to do a get-aduser filter based on two criteria 
  1. the account is enabled
  2. the samaccountname does not contain the word health
  I'm stumped on this one. Here's what i have thus far. I have to be close
  Get-ADuser -Filter 'enabled -eq $true' -and 'SamAccountName -ne "Health*"'
  Thoughts ? This is driving me crazy.
  Rich
  Rich Thompson

  Hi,
  afaik the -Filter-parameter only applies to AD-properties. enabled is a powershell-AD-object property. It is represented by the UserAccountControl flag in the ActiveDirectory (see description
  here) and you'l combine it with the SAMAccountName, similiar to something like this:
  Get-ADUser -filter {((userAccountControl -like "512") -and (samaccountname -notlike "Health*"))}
  Regards
  Sebastian
  You can filter on the Enabled property with no issues. Also, just FYI, -Filter wants a string, not a scriptblock. Scriptblocks will generally work, but not always.
  Don't retire TechNet! -
  (Don't give up yet - 13,085+ strong and growing)

• Error troubleshooting in AD Module - Get-Aduser w/created filter

  Hi All,
  I'm working as an intern with my university, and I've been tasked with clearing out old student accounts in AD. There are currently over 4000 users in our system, and it's estimated that there are over 3500 old accounts that need to be deleted.
  We are at the 2008 R2 Domain Functional Level.
  I am going to script this through Powershell, but I'm having a terrible time getting a certain query to run properly.
  I am using the following:
  get-aduser -filter {created -lt '1/1/2010' -and lastlogontimestamp -notlike '*'} -properties created
  I will sometimes narrow my query by adding another filter for created -gt '1/1/2008', for instance.
  When I run the command as written, however, it will return several hundred users, but then it spits out the following error after the last displayed result:
  Get-ADUser : The specified method is not supported
  At C:\Users\Administrator.CSC\Desktop\test1.ps1:4 char:15
  + get-aduser <<<< -filter {created -lt '1/1/2010'} -properties created | ft name,samaccountname,created
  + CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException
  + FullyQualifiedErrorId : The specified method is not supported,Microsoft.ActiveDirectory.Management.Commands.GetADUser
  If I narrow my search scope by created date, I can sometimes get the error to not appear. My guess is that there are several accounts in the database that trigger the error (or at least, that's how it appears).
  I have tried running this on both a DC and a non-dc server with server management tools installed. It doesn't matter what other filters are used, so omitting the lastlogontimestamp filter doesn't prevent the error.
  My supervisor seems to think there may be errors in the AD database, but I've done every AD health check I can think of.
  Does anyone have any suggestions?
  Thanks,
  Brandon

  If you have access to Microsoft Connect (I believe you must be an MVP), it would help to vote on this report, as that should help prioritize it.
  You don't need to be a MVP for access to Connect, here's a direct link to the bug report Richard opened:
  https://connect.microsoft.com/PowerShell/feedbackdetail/view/963333/ad-module-cmdlets-raise-error-if-there-are-more-than-256-results
  The command from the report does appear to work for me in v4 (Win7):
  PS C:\> Get-ADUser -Properties Created -Filter "Created -gt '9/1/2014'" | measure
  Count : 260
  I also tested the command that failed in the post above and v3 appears to be working for me as well (WS2012):
  PS C:\> $start = (Get-Date).AddDays(-1)
  PS C:\> get-aduser -filter {modified -gt $start} | measure
  Count : 263
  Perhaps the count needs to be higher to replicate this.
  EDIT: I just created a bunch of new user accounts and I still can't replicate this (v3 on WS2012 again):
  PS C:\> $start = (Get-Date).AddDays(-1)
  PS C:\> get-aduser -filter {modified -gt $start} | measure
  Count : 1803
  EDIT2: DC is WS2008SP2.
  Don't retire TechNet! -
  (Don't give up yet - 13,085+ strong and growing)

• Get-aduser compare attributes inside the -filter parameter

  Hello all,
  What I would like to do is use the -filter parameter of get-aduser to compare 2 attributes within the search itself, instead of having to process the differences afterwards.
  So here is how I normally use -filter:
  get-aduser -filter {(name -like "*") -and (displayname -like "*")} -Properties displayname | `
  Foreach-object{
  If($_.name -eq $_.displayname){
  "Match!"
  As you can see, I have to get all the users and their properties first, and then subsequently I have to use a ForEach-Object loop to determine if there are any matches.
  What I would like to do is do the comparison in the -filter parameter. Something like this:
  get-aduser -filter {name -eq displayname}
  However, I'm not aware of any way to compare attributes within -filter, and I wonder if anyone knows of a way? Or is a subsequent loop the only way to compare?

  Hi,
  You can use -and in the filter:
  Get-ADUser -Filter "SamAccountName -eq 'smithr' -and GivenName -eq 'Robert'"
  I'm not exactly sure if this is what you're asking about though.
  EDIT: I think I know what you're asking now. AFAIK, there is no way to use -Filter to return users who have the same DisplayName attribute as their Name attribute. You need to have something concrete to test against inside of the filter.
  Don't retire TechNet! -
  (Don't give up yet - 12,950+ strong and growing)

• How do I run Get-ADUser and filter out two separate OUs

  Ha! I was assuming that Where-Object wouldn't do me any better. Well, I guess I made an ass out of me. ;)
  Your first script is what I will use. We have some user accounts in other OUs that are disabled for other reasons.
  It's little quirks like this that keep me from using Powershell more often.
  Thanks Matt!

  Hi again all!I am trying to write a script that will search for AD users that have the "Password Never Expires" box checked, but not if they are in one of two OUs. These OUs are not parent/child, they are separate.If I run this, I get about 30 results:
  Powershellget-aduser -filter { PasswordNeverExpires -eq $true }Some of the results are in the "Disabled Accounts" OU, some are in the "Contractors" OU, and the rest are in neither.
  If I run either of these, I get zero results:
  Powershellget-aduser -filter { PasswordNeverExpires -eq $true -and DistinguishedName -notlike "*Disabled*"}get-aduser -filter { PasswordNeverExpires -eq $true -and ( DistinguishedName -notlike "*Disabled*" -and DistinguishedName -notlike "*Contractors*")}I know for a fact that I have users that are not in either of these two OUs that have that box checked because I...
  This topic first appeared in the Spiceworks Community

• How do I use Get-ADUser to get just the Managers attribute? And then get rid of duplicates in my array/hash table?

  Hello,
        I am trying to just get the Managers of my users in Active Directory. I have gotten it down to the user and their manager, but I don't need the user. Here is my code so far:
  Get-ADUser-filter*-searchbase"OU=REDACTED,
  OU=Enterprise Users, DC=REDACTED, DC=REDACTED"-PropertiesManager|SelectName,@{N='Manager';E={(Get-ADUser$_.Manager).Name}}
  |export-csvc:\managers.csv-append 
  Also, I need to get rid of the duplicate values in my hash table. I tried playing around with -sort unique, but couldn't find a place it would work. Any help would be awesome.
  Thanks,
  Matt

  I would caution that, although it is not likely, managers can also be contact, group, or computer objects. If this is possible in your situation, use Get-ADObject in place of Get-ADUser inside the curly braces.
  Also, if you only want users that have a manager assigned, you can use -LDAPFilter "(manager=*)" in the first Get-ADUser.
  Finally, if you want all users that have been assigned the manager for at least one user, you can use:
  Get-ADUser
  -LDAPFilter "(directReports=*)" |
  Select @{N='Manager';E={ (Get-ADUser
  $_.sAMAccountName).Name }}
  -Unique | Sort Manager |
  Export-Csv .\managerList.csv -NoTypeInformation
  This works because when you assign the manager attribute of a user, this assigns the user to the directReports attribute of the manager. The directReports atttribute is multi-valued (an array in essence).
  Again, if managers can be groups or some other class of object (not likely), then use Get-ADObect throughout and identify by distinguishedName instead of sAMAccountName (since contacts don't have sAMAccountName).
  Richard Mueller - MVP Directory Services

• Setting default value to NULL values when using Get-ADUser

  I am running a simple command of
  Get-ADUser -properties * | Select firstname, lastname, department | Export-Csv results.csv -NoTypeInformation
  If the users department field is NULL, I would like to set a default value of "NODEPT" within my CSV results. I have tried a ForEach loop statement but I can't seem to figure this one out.
  What is not explicitly allowed should be implicitly denied

  Hi,
  Try this:
  Get-ADUser -Filter * -Properties department |
  Select GivenName,Surname,@{N='Department';E={ If ($_.Department) { $_.Department } Else { 'NODEPT' } }} |
  Export-Csv .\userList.csv -NoTypeInformation
  https://technet.microsoft.com/en-us/library/ff730948.aspx
  Don't retire TechNet! -
  (Don't give up yet - 13,225+ strong and growing)

• Get-ADUser and Get-ADPrincipalGroupMembership combined

  I'm trying to get a list of template user account and what their membership are exported to a csv file. I'm trying to combine the tables on them but having a hard time figuring it out. I spent the day racking my brain on this and figured I would reach out
  for help. This gets all my template users.
  Import-Module ActiveDirectory
  $User = "*Template*"
  $usernames = (Get-ADUser -Filter "DisplayName -like '*$User*'" -Properties * | format-table Displayname, SamAccountName)
  $usernames
  I can use this to get all the members of the groups, but since the groups repeat it doesnt break down where one user stops and the others begin. 
  $groups = Get-ADUser -Filter "SamAccountName -like '*$Usr*'" -Properties DisplayName | foreach-object{Get-ADPrincipalGroupMembership -Identity $_.SamAccountName} | format-table name
  I was thinking of joining the tables but that wasnt much help to me since I cant figure out what to join on. I also thought about looping through the first table with a foreach loop but it was assigning the whole table in the first pass and displaying nothing.
  If anyone could help or suggest something, I would greatly appreciate.
  Matt

  Hi Matt,
  Give this a shot:
  Get-ADUser -Filter "DisplayName -like '*Template*'" -Properties MemberOf | ForEach {
  $username = $_.SamAccountName
  $_.MemberOf | ForEach {
  $props = @{
  Username = $username
  GroupName = (Get-ADGroup $_).Name
  New-Object PsObject -Property $props
  } | Sort Username,GroupName |
  Select Username,GroupName |
  Export-Csv .\GroupMemberships.csv -NoTypeInformation
  Don't retire TechNet! -
  (Don't give up yet - 13,225+ strong and growing)