1

I'm trying to use PowerShell to search AD for Group Names.

Why don't either of these work, the param or the Read-Host? Both are passing strings, but the results are empty. However, if I replace the variable $ADGroup in the command with an actual Group Name (a string) and run the command Get-ADGroup... results are provided as expected. I tried to replace the double quotes with single quotes and I get the same results, the command works alone but neither Read-Host or param provide information. I can't figure out why the string isn't being passed when it's a variable ($ADGroup). Thanks.

param(
    [Parameter(Mandatory=$true)]
    [string]$ADGroup
)

# One or the other param or Read-Host

$ADGroup = Read-Host "Enter Group Name"

PS \> Get-ADGroup -Filter {name -like "*$ADGroup*"} -Properties * | Select-Object -Property Name

Get-ADGroup -Filter {name -like '*GroupName*'} -Properties * | Select-Object -Property Name

Name                                     
----                                     
Results
Results
Results
Results
Results
Santiago Squarzon
  • 41,465
  • 5
  • 14
  • 37
djembeplayer
  • 13
  • 5
  • It doesn't work as in, nothing is returned, or? It technically should work. Nothing is wrong with the code you have as long as the string that is being passed onto the command has the same characters in the name being searched for. I.e: *best* - will match against: *testbesttest*. As it's in the name. Also, `Get-ADGroup` already return the name property by default. No need to grab all properties, to select one that's already returned. Get rid of `-properties`. – Abraham Zinala Nov 26 '21 at 14:50
  • 3
    Scriptblock-based filters with the AD cmdlets can be a bit wonky, give `-Filter "name -like '*$ADGroup*'"` a try instead – Mathias R. Jessen Nov 26 '21 at 14:52

2 Answers2

2

This is one of the reasons why using a script block based filter (-Filter {...}) on the cmdlets of the ActiveDirectory Module is not recommended.

The -Filter on the Parameter section of the Get-* cmdlets from ActiveDirectory Module states the following:

-Filter

Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value.

  • Query String:
Get-ADGroup -Filter "name -like '*$ADGroup*'"
  • LDAP Query String:
Get-ADGroup -LDAPFilter "(name=*$ADGroup*)"

Recommended Documentations for efficient Filtering:

Note: Worth mentioning, when querying Active Directory you will want to retrieve only the needed attributes from the AD Objects, specially when querying big Domains / Forests. Using -Properties * is a bad practice and also very inefficient, this will slow down your query as it is retrieving all available attributes of the objects being queried.

Santiago Squarzon
  • 41,465
  • 5
  • 14
  • 37
0

maybe it doesn't recognize it as a string or the filter is not correct.

 param(
            [Parameter(Mandatory=$true)]
            [string]$ADGroup
            )
#one or the other param or read-host
$ADGroup = Read-Host "enter group name"
$ADGroup = $ADGroup.ToString()
Get-ADGroup -Filter {name -like "*$ADGroup*"} -Properties * | select -Property Name

or this should do it..

$ADGroup = $ADGroup.ToString()
Get-ADGroup -Filter {name -like "*$ADGroup*"} -Properties * | Select-Object -expandProperty Name
NeoTheNerd
  • 566
  • 3
  • 11
  • Anything passed onto `Read-Host` gets converted to a string already – Abraham Zinala Nov 26 '21 at 15:22
  • I appreciate the efforts, thank you, however, still not working. I fully expected $ADGrup.ToString() to work but came back empty again. PS C:\Windows\system32> `$ADGroup = Read-Host "enter group name" $ADGroup = $ADGroup.ToString()` `Get-ADGroup -Filter {name -like '*$ADGroup*'} -Properties * | select -Property Name` enter group name: _GroupName_ – djembeplayer Nov 26 '21 at 15:28