开发者

How to filter AD with a concatenated variable in Powershell

问答 作者:

I'm using PowerShell v2 and Microsoft's AD module to search our AD for accounts whose EmployeeID match a particular ID. The ID is usually stored in AD as "00000123456" but the value i have to search with is only the "123456" 开发者_开发知识库part. problem is i cannot figure out how to do a -like search in AD. here's my current code

$EmpInfo = Import-csv "PSfile.csv"
$EmplID = EmpInfo.ID 
$EmpAD = get-aduser -Filter {employeeId -like "*$EmplID"} -Properties * -EA Stop

At this point, EmpAD is always empty

I can work around this by modifying EmpID to contain "*123456" before I call Get-ADUser and this works. But I can't help but think there is a syntax problem preventing the obvious approach. Research to resolve it has been fruitless.

If your string is really in employeeID attribute you can test :

$EmpAD = get-aduser -LDAPFilter "(employeeId=*$EmplID)" -SearchBase 'DC=dom,DC=fr' -Properties *

you can use LDP.EXE (or ADSI.EXE) to verify what exactly exists your Directory.

-----Edited-----

For me it works, if I test with LDIF:

C:\temp>ldifde -f eid.ldf -d "dc=dom,dc=fr" -r "(employeeId=*)"
Connexion à « WM2008R2ENT.dom.fr » en cours
Connexion en tant qu'utilisateur actuel en utilisant SSPI
Exportation de l'annuaire dans le fichier eid.ldf
Recherche des entrées...
Création des entrées...
3 entrées exportées

There are 3 objects

In PowerShell with AD Cmdlets it gives the following :

PS C:\>  get-aduser -LDAPFilter "(employeeID=*)" | Measure-Object

    Count    : 3

And

    $var = "123456"
    PS C:\>  get-aduser -LDAPFilter "(employeeID=*$var)" -properties employeeID

    DistinguishedName : CN=user1 Users,OU=MonOu,DC=dom,DC=fr
    EmployeeID        : 00000123456
    Enabled           : True
    GivenName         : user1
    Name              : user1 Users
    ObjectClass       : user
    ObjectGUID        : b5e5ea59-93a6-4b24-9c3e-043a825c412e
    SamAccountName    : user1
    SID               : S-1-5-21-3115856885-816991240-3296679909-1107
    Surname           : Users
    UserPrincipalName : user1@dom.fr

Be carefull : I don't understand why, but it took some time between the modification in the directory with MMC and the result in the PowerShell prompt. I reload a new PowerShell interpreter and re import AD module.

From a performance perspective, if you know that the IDs are always a certain number of digits (with leading zeroes), you're going to be WAY better off just formatting the ID ahead of time.

If your ID is supposed to be 11 digits, do something like this $EmplID.ToString("D11") to get it padded out.

继续阅读:active-directorypowershell-2.0

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9