locked
GET-ADUser filter not working RRS feed

  • Question

  • Hello,
    i'm working on a script to move mailboxes for some users and i'm trying to filter at the source but the filter doesn't seems to work:

    Get-ADUser -Filter { homemdb -notlike "CN=LEAVE*" }

    does anyone know what am I doing wrong ?

    I know this should work because if I filter for other ldap attributes the filter works just fain:

    Get-ADUser -Filter {sn -eq 'john' -and givenname -notlike 'D*'}

    thanks,
    Marius

    Friday, November 10, 2017 4:25 PM

Answers

  • homeMDB is DN syntax (distinguished name). LDAP queries do not allow wildcards in DN syntax attributes. PowerShell filters are converted into LDAP. There is no workaround, except to specify the full distinguished name in the filter. Or to pipe to a Where clause where the value is treated as a string and this is allowed.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    • Proposed as answer by jrv Friday, November 10, 2017 4:38 PM
    • Edited by Richard MuellerMVP Friday, November 10, 2017 4:38 PM Added sentance
    • Marked as answer by octavmarius Thursday, November 16, 2017 3:19 PM
    Friday, November 10, 2017 4:36 PM

All replies

  • homeMDB is DN syntax (distinguished name). LDAP queries do not allow wildcards in DN syntax attributes. PowerShell filters are converted into LDAP. There is no workaround, except to specify the full distinguished name in the filter. Or to pipe to a Where clause where the value is treated as a string and this is allowed.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    • Proposed as answer by jrv Friday, November 10, 2017 4:38 PM
    • Edited by Richard MuellerMVP Friday, November 10, 2017 4:38 PM Added sentance
    • Marked as answer by octavmarius Thursday, November 16, 2017 3:19 PM
    Friday, November 10, 2017 4:36 PM
  • Hi,

    Based on my research, I recommend firstly select HomeMDB property, and then filter through pipeline. The following command for your reference, hope it is helpful to you:
    Get-ADUser -Filter * -Properties HomeMDB | Where-Object {$_.HomeMDB -notlike 'CN=LEAVE*'} | Select-Object Name,HomeMDB

    If you need further help, please feel free to let us know.

    Best Regards,
    Albert Ling

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, November 13, 2017 2:18 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Does the script work?

    Please let us know if you would like further assistance.

    Best Regards,
    Albert Ling

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, November 15, 2017 7:33 AM
  • thanks for the reply - I know about this but I was hopping to be able to filter as much as possible to the left of the command.

    I end up by using the exchange database distinguishedname in the filter:

    $LeaveDN = (Get-MailboxDatabase -Identity 'LEAVE').DistinguishedName
    
    $OldUsers = Get-ADUser -Filter {(AccountExpirationDate -lt $Expdate) -and (homemdb -like "*") -and (homemdb -ne $LeaveDN)}
    

    Thursday, November 16, 2017 3:22 PM