0

I'm using PowerShell v2 and Microsoft's AD module to search our AD for accounts whose EmployeeID match a particular ID. The ID is usually stored in AD as "00000123456" but the value i have to search with is only the "123456" part. problem is i cannot figure out how to do a -like search in AD. here's my current code

$EmpInfo = Import-csv "PSfile.csv"
$EmplID = EmpInfo.ID 
$EmpAD = get-aduser -Filter {employeeId -like "*$EmplID"} -Properties * -EA Stop

At this point, EmpAD is always empty

I can work around this by modifying EmpID to contain "*123456" before I call Get-ADUser and this works. But I can't help but think there is a syntax problem preventing the obvious approach. Research to resolve it has been fruitless.

Improve this question

2 Answers 2

Reset to default
1

If your string is really in employeeID attribute you can test :

$EmpAD = get-aduser -LDAPFilter "(employeeId=*$EmplID)" -SearchBase 'DC=dom,DC=fr' -Properties *

you can use LDP.EXE (or ADSI.EXE) to verify what exactly exists your Directory.

-----Edited-----

For me it works, if I test with LDIF:

C:\temp>ldifde -f eid.ldf -d "dc=dom,dc=fr" -r "(employeeId=*)"
Connexion à « WM2008R2ENT.dom.fr » en cours
Connexion en tant qu'utilisateur actuel en utilisant SSPI
Exportation de l'annuaire dans le fichier eid.ldf
Recherche des entrées...
Création des entrées...
3 entrées exportées

There are 3 objects

In PowerShell with AD Cmdlets it gives the following :

PS C:\>  get-aduser -LDAPFilter "(employeeID=*)" | Measure-Object

    Count    : 3

And

    $var = "123456"
    PS C:\>  get-aduser -LDAPFilter "(employeeID=*$var)" -properties employeeID

    DistinguishedName : CN=user1 Users,OU=MonOu,DC=dom,DC=fr
    EmployeeID        : 00000123456
    Enabled           : True
    GivenName         : user1
    Name              : user1 Users
    ObjectClass       : user
    ObjectGUID        : b5e5ea59-93a6-4b24-9c3e-043a825c412e
    SamAccountName    : user1
    SID               : S-1-5-21-3115856885-816991240-3296679909-1107
    Surname           : Users
    UserPrincipalName : [email protected]

Be carefull : I don't understand why, but it took some time between the modification in the directory with MMC and the result in the PowerShell prompt. I reload a new PowerShell interpreter and re import AD module.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

would "(employeeId=*$EmplID)" match if the stored value was 0000123456? I'm using (well, trying anyway) the * to match with the -like operator. Would it work with = ?
0

From a performance perspective, if you know that the IDs are always a certain number of digits (with leading zeroes), you're going to be WAY better off just formatting the ID ahead of time.

If your ID is supposed to be 11 digits, do something like this $EmplID.ToString("D11") to get it padded out.

Improve this answer

1 Comment

We'll be updating 900 accounts, once per week, so I;m not too concerned about performance. As to padding, I'm trying to make this bullet proof. If I don't need the employeeID padded to the full length, I'd rather not require it as it will only cause unnecessary error

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.