stackoom
  简体   繁体   中英

get-aduser -ldapfilter this or that

 原文  2016-04-04 20:09:27       powershell

Question

I'm trying to make a function so that I can more quickly lookup somebody's phone number or reverse lookup an extension.

So far I have this saved as a ps1 file: 

$find=$args[0]
Get-ADUser -properties * -LDAPFilter "(samaccountname*$find*)" | ft samaccountname,Name,telephone number
Get-ADUser -properties * -LDAPFilter "(telephonenumber=555 555-*$find*)" | ft samaccountname,Name,telephonenumber

The code works, but obviously I get red error code for either the first or second condition every time. I've tried (|(This)(That)) , I've tried -erroraction silentlycontinue , I've tried -LDAPFilter (This) -OR (That) .

What I'm ultimately after is a function I can add to my profile, so that I can type either: 

lookup ABC
lookup 2948

and it will do a forward lookup or a reverse lookup. It can be a loose search and return a few too many results if necessary.

3 answers

solution1
 0  2016-04-04 20:25:54

(|(firstClause)(secondClause)) is the correct syntax for OR filters in LDAP - that's not your problem.

Both filter clauses contain syntactical errors.
The first one should be (notice the = ): 

(samaccountname=*$find*)

The second one is invalid because only leading or trailing * is permitted. You could do: 

(telephonenumber=*$find*)

and then use Where-Object to narrow the results to numbers with the proper prefix: 

Get-ADUser -Properties telephonenumber -LDAPFilter "(|(samaccountname*$find*)(telephonenumber=*$find*))" |Where-Object { $_.telephoneNumber -like "555 555-*"}

Be aware that leading * are horribly slow due to the way these values are looked up internally in Active Directory.

solution2
 0  2016-04-04 20:30:33

I would probably specify two parameters and two separate parameter sets. Example: 

# Get-User.ps1
[CmdletBinding(DefaultParameterSetName="SamAccountName")]
param(
  [Parameter(ParameterSetName="SamAccountName",Position=0,Mandatory=$true)]
    [String] $SamAccountName,
  [Parameter(ParameterSetName="TelephoneNumber",Position=0,Mandatory=$true)]
    [String] $TelephoneNumber
)

$params = @{
  "Properties" = "*"
  "LDAPFilter" = ""
}
switch ( $PSCmdlet.ParameterSetName ) {
  "SamAccountName" {
    $params.LDAPFilter = "(sAMAccountName=$SamAccountName)"
  }
  "TelephoneNumber" {
    $params.LDAPFilter = "(telephoneNumber=$TelephoneNumber)"
  }
}
Get-ADUser @params

With this you could write: 

Get-User thisusername

or 

Get-User -TelephoneNumber thisphonenumber

I would caution against using -Properties "*" as this will be quite slow. Better to specify the list of attributes you want to see.

solution3
 0 ACCPTED  2016-04-04 20:32:27

Re-read your question and edited. This will work for you, you can add your formatting and returned properties as you see fit. 

function lookup {
param (
[Parameter(Mandatory=$True,Position=1)]
[string]$search
)

    if ($search -match '[a-z][A-Z]'){
        return (Get-ADUser $search -Properties TelephoneNumber).TelePhoneNumber
    }

    if ($search -match '[0-9]'){
        return Get-ADUser -Properties TelephoneNumber -Filter "TelephoneNumber -like '*$search*'"
    }

}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Get-ADUser -LDAPFilter using AND and OR Get-AdUser Lookup for each user in csv list with LDAPFilter anr match Get-ADUser -LDAPFilter accepting wrong LDAP query in the System.Management.Automation library (C#) Get-ADUser not recognized Get-ADUser -Identity Get-ADUser AccountExpirationDate Foreach in Get-ADUser Function for Get-ADUser in Powershell Get-ADUser not caching results Get-ADUser triggered by Button
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM