0

Hello guys still pretty new to Powershell and never worked with Ldap -filter before so i have a question. Is it possible to get AD-User's out of mulitple Ou's with one Ldap filter?

OU=D5,OU=Standard,OU=User,OU=1,DC=test,DC=for-me,DC=nl
OU=D3,OU=Standard,OU=User,OU=1,DC=test,DC=for-me,DC=nl
OU=G2,OU=General,OU=User,OU=1,DC=test,DC=for-me,DC=nl
OU=C6,OU=Expired,OU=User,OU=1,DC=test,DC=for-me,DC=nl

Im sorry i have not even a Code example but nothing i've tried came near to what i want. Im open for tipps, hints, ideas etc. Thanks already.

TrixD
  • 7
  • 2
  • 1. Why you need to have it in one filter? 2. You can always use `foreach` loop to get do your operations. 3. Yes, it is possible too. You can combine filter statements with boolean operator. Example `Get-ADUser -Filter { Email -like "*" -and Surname -eq "smith" }`-or-`Get-ADUser -Filter { Email -like "*" -and sn -eq "smith" }` LDAP Filter Equivalent: `(&(sn=smith)(objectClass=user)(email=*))` – Ranadip Dutta Oct 25 '19 at 12:04

2 Answers2

1

You cannot make the OU part of the LDAP filter. But you can make an OU the base of your search and issue multiple searches.

# an array of OUs, this could also be achieved with e.g. $OUs = Get-Content 'some_file.txt'
$OUs = @(
    "OU=D5,OU=Standard,OU=User,OU=1,DC=test,DC=for-me,DC=nl"
    "OU=D3,OU=Standard,OU=User,OU=1,DC=test,DC=for-me,DC=nl"
    "OU=G2,OU=General,OU=User,OU=1,DC=test,DC=for-me,DC=nl"
    "OU=C6,OU=Expired,OU=User,OU=1,DC=test,DC=for-me,DC=nl"
)

foreach ($ou in $OUs) {
    Get-ADUser -SearchBase $ou
}
Tomalak
  • 332,285
  • 67
  • 532
  • 628
  • well it has to be an ldap filter and the results has to be in one String because of this i cant use a normal loop. – TrixD Oct 28 '19 at 15:05
  • It cannot be an LDAP filter because the OU cannot be part of an LDAP filter. Also I'm not sure what you mean by *"results has to be in one String"*. The results are seldom strings in PowerShell, in this case the results are `ADUser` objects. – Tomalak Oct 28 '19 at 15:10
0

Well it is not an LDAP Query and might be suspicious in a very large environment, but normally I suggest use the filter options of Powershell like below:

Get-ADUser -Filter  * | Where-Object { $_.DistinguishedName.split(",",2)[1] -in 
    "OU=D5,OU=Standard,OU=User,OU=1,DC=test,DC=for-me,DC=nl",
    "OU=D3,OU=Standard,OU=User,OU=1,DC=test,DC=for-me,DC=nl",
    "OU=G2,OU=General,OU=User,OU=1,DC=test,DC=for-me,DC=nl",
    "OU=C6,OU=Expired,OU=User,OU=1,DC=test,DC=for-me,DC=nl"
}
R.Amersfoort
  • 85
  • 3