You can retrieve specific Active Directory user accounts using the Get-AdUser cmdlet combined with -LDAPFilter using the filters rule enclosed within parentheses ( ). LDAP is a Lightweight Directory Access Protocol to access and modify different objects in the Active Directory.
Here is a sample command using the Get-AdUser with an LDAP filter:
# Get users from a specific organizational unit (OU)
Get-ADUser -LDAPFilter "(ou=SALES)"
In this example, the LDAPFilter ou=SALES
retrieves the user accounts belonging to the SALES organizational unit.
The following examples show how to use the Get-AdUser with -LDAPFilter parameter in PowerShell.
Use Get-AdUser -LDAPFilter to Get User Based on First Name and Surname
To get an aduser using the first name and surname from the active directory, use the following PowerShell script.
Get-ADUser -LDAPFilter "(&(GivenName=Chris)(Sn=Dore))" | Select Name, Enabled
In the above PowerShell script, the Get-AdUser is combined with the –LDAPFilter retrieves the active directory user filter by first name and surname.
The output of the above PowerShell script to get the aduser filter by first name and surname gets users and displays name and aduser enabled status.
PS C:\> Get-ADUser -LDAPFilter "(&(GivenName=Chris)(Sn=Dore))" | Select Name, Enabled
Name Enabled
---- -------
Chris Dore True
PS C:\>
Get AdUser LDAP Filter with Multiple Attributes
Using the Get-AdUser combined with -LDAPFilter, you can specify the multiple attributes in the filter rule to get active directory user objects.
For example, if you want to get users from the Sales department in a specified postal code, run the following code.
Get-ADUser -LDAPFilter "(&(Department=SALES)(PostalCode=77001))"
In the above PowerShell script, the Get-AdUser cmdlet uses the LDAPFilter parameter to specify the filters.
We have specified multiple attributes like Department and PostalCode to retrieve the adusers from the active directory.
The output of the above script to get adusers LDAP Filter by multiple properties is:
PS C:\> Get-ADUser -LDAPFilter "(&(Department=SALES)(PostalCode=77001))"
DistinguishedName : CN=Tom Smith,OU=SALES,DC=SHELLPRO,DC=LOCAL
Enabled : True
GivenName : Tom
Name : Tom Smith
ObjectClass : user
ObjectGUID : 1f3a2572-2621-4e47-9bdf-81d1f8172f69
SamAccountName : toms
SID : S-1-5-21-1326752099-4012446882-462961959-1103
Surname : Smith
UserPrincipalName : [email protected]
Conclusion
I hope the above article on how to get aduser using the LDAPFilter is helpful to you.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.