LDAP query in PowerShell

I'm trying to run the below query in PowerShell with no success :(

((mailNickname=id*)(whenChanged>=20170701000000.0Z))(|(userAccountControl=514)(userAccountControl=66050))(|(memberof=CN=VPN,OU=VpnAccess,OU=Domain Global,OU=Groups,OU=01,DC=em,DC=pl,DC=ad,DC=mnl)(memberof=CN=VPN-2,OU=VpnAccess,OU=Domain Global,OU=Groups,OU=01,DC=em,DC=pl,DC=ad,DC=mnl))
2

2 Answers

Without Get-ADUser cmdlet (ActiveDirectory RSAT module):

$Filter = "((mailNickname=id*)(whenChanged>=20170701000000.0Z))(|(userAccountControl=514)(userAccountControl=66050))(|(memberof=CN=VPN,OU=VpnAccess,OU=Domain Global,OU=Groups,OU=01,DC=em,DC=pl,DC=ad,DC=mnl)(memberof=CN=VPN-2,OU=VpnAccess,OU=Domain Global,OU=Groups,OU=01,DC=em,DC=pl,DC=ad,DC=mnl))"
$RootOU = "OU=01,DC=em,DC=pl,DC=ad,DC=mnl"
$Searcher = New-Object DirectoryServices.DirectorySearcher
$Searcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$($RootOU)")
$Searcher.Filter = $Filter
$Searcher.SearchScope = $Scope # Either: "Base", "OneLevel" or "Subtree"
$Searcher.FindAll()
1

Given the contents of the query filter, I'd say you're looking for a user, so I'd suggest using the Get-ADUser cmdlet from the ActiveDirectory RSAT module:

Get-ADUser -LDAPFilter '((mailNickname=id*)(whenChanged>=20170701000000.0Z))(|(userAccountControl=514)(userAccountControl=66050))(|(memberof=CN=VPN,OU=VpnAccess,OU=Domain Global,OU=Groups,OU=01,DC=em,DC=pl,DC=ad,DC=mnl)(memberof=CN=VPN-2,OU=VpnAccess,OU=Domain Global,OU=Groups,OU=01,DC=em,DC=pl,DC=ad,DC=mnl))'
0

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like