In the previous tip we started to look at how cmdlets from the ActiveDirectory module (part of the free RSAT tools) can filter results, and started to work our way into the fast and robust LDAP filters.

LDAP filter has one strong requirement. You must use the original ActiveDirectory attribute names, and not the friendly names found in many PowerShell cmdlets. So „country“ would need to be the AD attribute name „co“. Once you stick to these names, it is very easy to create LDAP filters.

This line would get you all Windows 10 computers from your Active Directory:

 
Get-ADComputer -LDAPFilter '(operatingSystem=*10*)' -Properties operatingSystem |
Select-Object samaccountname, operatingSystem 
 

If you’d like to combine multiple filters, add them in parenthesis, and prepend „&“ for a logical AND operation, and „|“ for a logical OR operation. So this line finds all users from city Wuppertal who’s names start with „A“:

 
Get-ADUser -LDAPFilter '(&(l=Wuppertal)(name=a*))' 
 

Twitter This Tip! ReTweet this Tip!

Anonymous