locked
GET-ADUser fail - User exist RRS feed

  • Question

  • Hi
    I am testing some of our users, but I find that GET-ADUser fail.
    It says that the user does not exist in AD but I can find the user in the UI.
    These are particular users, but I do not understand why it fails on these users.
    If I move the user to another OU, I still can't find these users, so I think it's the users rights, but can't see what it should be.
    I can't see that security is different to other users. Also not under Attribute Editor.
    Hope there is one who can help.
    
    Script:
    Get-ADUser test
    
    Error:
    Get-ADUser : Cannot find an object with identity:
    

    Tuesday, May 14, 2019 12:54 PM

Answers

  • Unless you use the -Filter parameter, you must specify the user by one of the following: sAMAccountName, distinguishedName, objectSID, or objectGUID. Perhaps "test" is the "Name" of the user, also called the Relative Distinguished Name (or the RDN), which is the value of the cn attribute. This does not uniquely identify the user in the domain. It only needs to be unique in the parent OU or container, so cannot be used to identify the user with Get-ADUser.

    Either specify the sAMAccountName of the user (called the "pre-Windows 2000 logon name" in ADUC), or if all you have is the Name, use the -Filter parameter, similar to below:

    Get-ADUser -Filter "Name -eq 'test'"

    In this case, you may get one user, no users, or more than one user. Several users could have the same Name, as long as they are in different OUs.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Proposed as answer by BOfH-666 Tuesday, May 14, 2019 1:12 PM
    • Marked as answer by Benni Pedersen Tuesday, May 14, 2019 1:27 PM
    Tuesday, May 14, 2019 1:08 PM

All replies

  • Is "test" the sAMAccountName of the user? If not - use the sAMAccountName with the cmdlet Get-ADUser. You should read the help for the cmdlets you're about to use ... completely  ... including the examples ... to learn how to use them.

    Live long and prosper!

    (79,108,97,102|%{[char]$_})-join''

    Tuesday, May 14, 2019 1:02 PM
  • Unless you use the -Filter parameter, you must specify the user by one of the following: sAMAccountName, distinguishedName, objectSID, or objectGUID. Perhaps "test" is the "Name" of the user, also called the Relative Distinguished Name (or the RDN), which is the value of the cn attribute. This does not uniquely identify the user in the domain. It only needs to be unique in the parent OU or container, so cannot be used to identify the user with Get-ADUser.

    Either specify the sAMAccountName of the user (called the "pre-Windows 2000 logon name" in ADUC), or if all you have is the Name, use the -Filter parameter, similar to below:

    Get-ADUser -Filter "Name -eq 'test'"

    In this case, you may get one user, no users, or more than one user. Several users could have the same Name, as long as they are in different OUs.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Proposed as answer by BOfH-666 Tuesday, May 14, 2019 1:12 PM
    • Marked as answer by Benni Pedersen Tuesday, May 14, 2019 1:27 PM
    Tuesday, May 14, 2019 1:08 PM
  • test is the sAMAcountName.

    Tuesday, May 14, 2019 1:21 PM
  • If I use -Filter the result is "blank" :(

    But no error

    Tuesday, May 14, 2019 1:23 PM
  • Hi

    But If I use -Filter UserprincipalName -eq 'test@company.com', IT WORKS !!!

    THANKS !!!

    Tuesday, May 14, 2019 1:28 PM
  • What is the output of that?

    Tuesday, May 14, 2019 2:13 PM
  • The user.

    Before it say that the user do not exist. But if I user -filter, I can find the user in our AD.

    Tuesday, May 21, 2019 10:06 AM
  • I was just curious what the entire output was.

    Tuesday, May 21, 2019 1:50 PM