header image

AD cmdlets and filters

Posted by: | January 5, 2012 | No Comment |

If you look closely at the AD cmdlets you will see that they have parameters that allow filtering of the result

Get-QADUser has an –LDAPFilter parameter

Get-ADUser has an –LDAPFilter parameter and a –Filter parameter.

How do these work?

if (-not (Get-Module ActiveDirectory)){            
  Import-Module ActiveDirectory            
$name = "NEWTON Isaac"            
"`nMicrosoft LDAP filter"            
Get-ADUser -LDAPFilter "(&(objectclass=user)(objectcategory=user)(cn=$name))" |             
Format-Table Name, DistinguishedName            
"`nMicrosoft filter"            
Get-ADUser -Filter {Name -eq $name} |             
Format-Table Name, DistinguishedName            
"`nQuest LDAP filter"            
Get-QADUser -LDAPFilter "(&(objectclass=user)(objectcategory=user)(cn=$name))" |             
Format-Table Name, DN


Firstly we test to see if the Microsoft ActiveDirectory module is loaded. The Quest cmdlest are supplied as a snapin and loaded in my profile

The LDAPFilter uses an standard LDAP query. We saw examples of these when we used [adsisearcher] if the previous posts

The Filter parameter on Get-ADUser has a different syntax – its bounded by {} and uses the AD property names and the PowerShell comparison operators.

Which should you use?

The Quest cmdlet only gives one choice but with the Microsoft cmdlets you have two. Unless you are very familiar with LDAP query syntax the –Filter parameter is easiest to use. Your choice based on knowledge and previous activity.

under: PowerShell and Active Directory