When you are creating a new user you may want to test if a particular name is already is use. The Quest AD cmdlets provide great functionality but one area of confusion is where you are searching for a user by name:
PS> Get-QADUser -Identity "GREEN Dave" | ft -a
Name Type DN
—- —- —
GREEN Dave user CN=GREEN Dave,CN=Users,DC=Manticore,DC=org
GREEN Dave2 user CN=GREEN Dave2,CN=Users,DC=Manticore,DC=org
But I didn’t ask for the second user. The problem is because the Quest cmdlets use s ANR – ambiguous name resolution when searching. This is equivalent to using "GREEN Dave*" in your search. In other words the cmdlets assume you are appending wildcards.
Way round it is to use an LDAP filter
PS> Get-QADUser -LdapFilter ‘(cn=GREEN Dave)’ | ft -a
Name Type DN
—- —- —
GREEN Dave user CN=GREEN Dave,CN=Users,DC=Manticore,DC=org
LDAP filters are also available with the Microsoft cmdlets (you can’t use name as a search with the identity parameter with the MS cmdlets)
PS> Get-ADUser -LdapFilter ‘(cn=GREEN Dave)’
DistinguishedName : CN=GREEN Dave,CN=Users,DC=Manticore,DC=org
Enabled : True
GivenName : Dave
Name : GREEN Dave
ObjectClass : user
ObjectGUID : 28f0c168-d142-417f-a223-333488cdaa77
SamAccountName : dgreen
SID : S-1-5-21-3881460461-1879668979-35955009-6270
Surname : GREEN
UserPrincipalName : dgreen@manticore.org
All of these alternatives will work
Get-ADUser -LdapFilter ‘(name=GREEN Dave)’
Get-QADUser -LdapFilter ‘(name=GREEN Dave)’
Get-QADUser -LdapFilter ‘(name=green dave)’
Get-ADUser -LdapFilter ‘(name=green dave)’
As an additional bonus with the Microsoft cmdlets you can write the filter using PowerShell syntax
Get-ADUser -Filter {name -eq ‘green dave’}
if you want to unambiguously resolve a name in an AD search – use an LDAP filter