PowerShell Get-ADUser with ANR

Question

I'm trying to search Active Directory for a user with the following statement, but I get an error when I use $("smtp:$user").

get-aduser -filter {(anr -eq $user) -or (anr -eq $("smtp:$user"))}

Could anyone explain why please, or is there a better way of achieving the same result. I would like user to be able to contain, Name, email or SAM information, and use the same code to search.

get-aduser : Cannot process argument because the value of argument "path" is not valid. Change the value of the "path" argument and run the operation again.
At line:1 char:1.
get-aduser -filter {(anr -eq $user) -or (anr -eq $("smtp:$user"))}
CategoryInfo:NotSpecified: (:) [Get-ADUser], PSArgumentException
FullyQualifiedErrorId:ActiveDirectoryCmdlet:System.Management.Automation.PSArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

"I get an error when I use $("smtp:$user")." - Looks like you forgot to post the error message :) — Mathias R. Jessen, Aug 24 '21 at 08:50
You could try the LDAPFilter: `Get-ADUser -LDAPFilter "(|(anr=$user)(anr=$("smtp:$user")))"` — Theo, Aug 24 '21 at 12:50

score 0 · Answer 1 · answered Aug 24 '21 at 09:17

0

I'm not sure exactly what you are trying to achieve, as the first condition will include anything in the second condition.

Does this look better?:

$user = "SmithJ"
$SMTP = "smtp:$user"

Get-ADUser -Filter {anr -eq $user -or anr -eq $SMTP}

answered Aug 24 '21 at 09:17

Judd Davey

349
2
5

Hi Judd, When I have tried this on my system, `Get-ADUser -Filter {anr -eq "john.smith"}` returns no results, but `Get-ADUser -Filter {anr -eq "smtp:john.smith"}` does, which is where the original code came from. I also managed to get it to work as expected by creating the $SMTP variable first, but I couldn't see why I needed to..... – Bill Addison Aug 24 '21 at 09:37
what is the format of the "Samaccountname", the "userprincipalname" and the "email address"? – Judd Davey Aug 24 '21 at 09:42
SAM: 123456 upn: john.smith@ email:john.smith@ – Bill Addison Aug 24 '21 at 09:47
Im sorry, but i cannot replicate the issues. ARN will search the UPN for "*john.smith*" and the proxyAddresses for "*John.smith*". – Judd Davey Aug 24 '21 at 10:12
At the bottom of this article, it shows you how to enable ANR on other attributes. Looks like its not enabled on UPN by default. (https://social.technet.microsoft.com/wiki/contents/articles/22653.active-directory-ambiguous-name-resolution.aspx) – Judd Davey Aug 24 '21 at 10:34
`-Filter` should be a **string** not a scriptblock: `Get-ADUser -Filter "anr -eq '$user' -or anr -eq '$smtp'"` – Theo Aug 24 '21 at 12:50

PowerShell Get-ADUser with ANR

1 Answers1