Get-AdUser Filter Examples

Get-AdUser cmdlet uses to get one or more active directory users, use Get-AdUser filter or LDAPFilter parameters to search effectively for Ad users with PowerShell.

Get-ADUser Filter parameter uses the PowerShell expression language to write query strings that get adusers objects. Get aduser filter parameter syntax does not support PowerShell wildcards other than * and ? for active directory wildcard search operation.

In this blog, I will explain how to effectively use the Get-AdUser Filter parameter to search, retrieve aduser objects with PowerShell and get multiple filters on get-aduser.

Get-AdUser Filter Syntax

Get-AdUser Filter parameter uses PowerShell expression language as below

<filter> ::= "{" <FilterComponentList> "}"

Where, <FilterComponentList> is

<FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent>

Let’s understand FilterComponentList as below

<FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")"

In the above syntax,

<attr> ::= PropertyName or LDAPDisplayName of attribute

<value> ::= compare value with attr using <FilterOperator>

<FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike"

<FilterOperator> contains different types of operators like equal to, not equal to, greater than, wildcard search, etc.. to get aduser from active directory.

<JoinOperator> ::= "-and" | "-or"

<JoinOperator> has and, or to join the query to get aduser object using the filter.

<NotOperator> ::= "-not"

Let’s understand get aduser filter parameter examples as below

Get-AdUser Filter Name like

To get aduser using filter name like variable specified, run below command

$UserName = "Erick Jones"
Get-AdUser -Filter {Name -like $UserName}

The first command stores the user name in a variable.

The second command gets ad user filter name like variable specified. In the second command, to use a variable in the filter, the filter condition is wrapped in curly braces.

Get-AdUser Filter DistinguishedName

To get aduser filter by distinguishedname from active directory, run below command

Get-ADUser -Filter "DistinguishedName -like 'CN=Erick Jones,OU=HR,DC=SHELLPRO,DC=LOCAL'"

This command gets aduser with distinguishedname like specified 'CN=Erick Jones,OU=HR,DC=SHELLPRO,DC=LOCAL'

Get-AdUser Filter by DistinguishedName
Get-AdUser Filter by DistinguishedName

Get-AdUser Filter SamAccountName

To find an active directory user filter using SamAccountName, run the below command

Get-ADUser -Filter {SamAccountName -eq 'garyw'}

This command gets aduser with SamAccountName equal to garyw.

You can also use other <FilterOperator> like not equal to, like to get ad user using SamAccountName. To use a variable in the Get-AdUser filter, the filter condition is wrapped in curly braces.

Get-AdUser Filter Properties

Get-AdUser cmdlet in Active Directory retrieves the default set of user properties. To get additional properties, use the Properties parameter.

To get a filtered list of users and additional properties where the name like specified, run the below command

Get-ADUser -Filter {Name -like 'Gary Willy'} -Properties *

This command gets aduser filter where the name like Gary Willy and retrieves additional properties.

Get Enabled Users from AD

To find active enabled users from an active directory, run the below command

Get-ADUser -Filter * -Property Enabled | Where-Object {$_.Enabled -like "true"} | FT Name, Enabled -Autosize

In the above PowerShell script,

Get-AdUser cmdlet in active directory retrieves adusers filter by Enabled property and has the value true.

Cool Tip: How to get aduser using userprincipalname in PowerShell!

Get-AdUser Multiple Filters

To get aduser from specific OU having enabled status and passwordlastset in a specific date, use Get-AdUser multiple filters on attributes as below

Get-ADUser -Filter "Enabled -eq 'true' -and PasswordLastSet -lt '08/01/2021'" -SearchBase "OU=HR,DC=SHELLPRO,DC=LOCAL" -Properties * | Select Name,PasswordLastSet

In the above PowerShell script,

We have used multiple filters with the Get-AdUser cmdlet to get ad users having enabled status as true and passwordlastset less than the specified date in OU

In the above command, Get-AdUser Multiple Filters on attributes used are Enabled -eq 'true' and PasswordLastSet -lt '08/01/2021' and both these filters are joined using and operator.

Get-AdUser Filter Examples

Let’s understand other commonly used scripts to get aduser filters by different properties with PowerShell.

Get AdUser Filter using Created Date

To retrieve adusers filter using created date, run below command

Get-ADUser -Filter {Created -lt '08/02/2021'} | Select Name

This command gets ad user created before the specified date.

Get Active Directory Users in Deparment

To get aduser from a specific department in an active directory, run the below command

 Get-ADUser -Filter "Department -like 'HR'"

Get-AdUser Filter by Email Address

To get aduser object in an active directory by email address, run the below command

Get-ADUser -Filter "Mail -like '[email protected]'

Get-AdUser Filter by Country

To find active directory users filter by country, run the below command

Get-ADUser -Filter "Country -eq 'US'"

Cool Tip: Using Get-ADObject to find active directory objects in PowerShell!

Conclusion

I hope the above-detailed article on using the Get-AdUser Filter parameter with examples is helpful to you. We have learned how to get multiple filters on Get-AdUser attributes.

You can retrieve active directory users effectively using the get aduser filter parameter.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.

Leave a Comment