Powershell script to search all AD Attributes for specific value RRS feed

  • Question

  • Is there a way to search all Active Directory attributes for a specific/Specified value?

    Get-AdUser -Filter * -SearchBase "OU=Staff, OU=Tree, DC=...ect" -Properties * |
    Where {$_.Properties -like "*Whatever*"} | Select GivenName, Surname, SamAccountName |
    Export-csv .\path\Who_is.csv -NoTypeInformation

    Where I'm having a hard time is the statement after Where {what should this value be?  -like "*whatever*"}

    Thank you in Advance!

    • Moved by Bill_Stewart Wednesday, July 22, 2015 3:17 PM Poor quality question/shows no research effort
    Friday, May 29, 2015 3:11 PM

All replies

  • No, there is no filter that will search for a string in all attributes. The solution is to dump the value of all attributes to a text file, and then search the text file. This is straightforward if you are only searching one user. Otherwise you must dump the values of all attributes for all users, which can be a lot. There is no way to even restrict the output to string attributes.

    If you can restrict your search to a list of attributes, say 30 or so, you could construct a filter that OR's all of them. I have used filters with many clauses, like maybe 100, and it works. The filter could be similar to:

    -LDAPFilter "(|(sn=*string*)(givenName=*string*)(description=*string*)(displayName=*string*))"
    The "|" character is the OR operator. LDAP syntax would be more compact.

    Richard Mueller - MVP Directory Services

    Friday, May 29, 2015 3:37 PM