Get-ADUser Filters

The filters for Get-ADUser are weird, and perhaps poorly, or more generously, “under-“ documented. There’s the about_ActiveDirectory_Filter topic, and there are examples in the command’s help. There’s this Technet wiki page maintained by MVP Richard Mueller, and any number of other blog posts. But with so many options, it’s nearly impossible to provide examples for every combination.

Getting the filter right on the first attempt remains as elusive as getting a Regular Expression right on the first try.

For example Get-ADUser -filter "enabled -eq '$True'" works just fine. But what if you want to narrow that down further to enabled user accounts with some value for the HomeDirectory? You can’t just add to that. "enabled -eq '$true' -and HomeDirectory -ne "$null"' does not work! Instead, you have to completely shift gears and end up with {(enabled -eq $true) -and (HomeDirectory -ne "$null")}. Of particular note is the requirement to enclose the $null in double quotes, but not the $true.

Get-ADUser -filter {(enabled -eq $true) -and (HomeDirectory -ne "$null")}

Post a comment if you have a different filter format that delivers the same results.

Read More

Replacing Parameters with a Data File

Sometimes eight required parameters are too many when your end user only wants to pick between taking action on their UAT environment or their production environment. In cases like that, it might be more desirable to provide the module you wrote for them with a data file that contains the pertinent information.

Read More

FSRM via DSC

Sometimes a solution comes from scratch, inventing from the ground up. Other times, it’s just a matter of putting the pieces together. So what do you get when you combine dscottraynsford’s cFSRM DSC Resource and Experiant.ca’s anti ransomware list? One more brick in the wall against ransomware!

Read More