1

I wanted to ask as I'm querying all users from AD whose Home Directory is in a certain directory from Powershell using Get-ADuser , and for most cases it retrieves null result.

The query I run is this:

$DirectoryInfo = Get-Item \\Fileserver\Users $strFilter = $DirectoryInfo.FullName.Replace('\','\5c') $AdUser = Get-AdUser -Filter {homeDirectory -like $strFilter} echo $AdUser

If I look from AD admin center panel for a specific user, I can see it has set Home Directory inside path i've queried before in Powershell indeed.

Another thing that seems to me strange is that there are some users that appear in the query, so the previous case doesn't apply for all users.

Is it that AD admin center panel shows Home Directory of Group where this user belongs for example, or is just that I'm running a wrong query from Powershell?

Thanks in advance,

Juan Pablo.

Improve this question

2 Answers 2

Reset to default
1

I think because the HomeDirectory attribute is not in the default output set from Get-ADUser, you need to add it to the required Properties aswell.
This may be part of a larger script, but from the question I fail to see why you would need this:

$DirectoryInfo = Get-Item \\Fileserver\Users $strFilter = $DirectoryInfo.FullName + '\*'

since you already have the UNC path for the users home directories.

I cannot test this right now, but you could try like this:

$strFilter = '\\Fileserver\Users\*' $AdUser = Get-AdUser -Filter "HomeDirectory -like $strFilter" -Properties HomeDirectory $AdUser

or use a Where-Object to get what you want:

$strFilter = '\\Fileserver\Users\*' $AdUser = Get-AdUser -Filter * -Properties HomeDirectory | Where-Object { $_.HomeDirectory -like $strFilter } $AdUser

If you prefer using the -LDAPFilter rather then -Filter, then you need to escape the special characters your string may contain.

* \2A ( \28 ) \29 \ \5C NUL \00

You do this by prepending a backslash \ to each of these characters and replacing the characters themselves by their ASCII code in hex. The ( becomes \28, the backslash \ becomes \5c etc.

This uses a small function to escape these characters for a LDAP search filter:

function Escape-LdapSearchFilter([string] $Filter) { return $Filter -creplace '\*', '\2a' ` -creplace '\(', '\28' ` -creplace '\)', '\29' ` -creplace '/' , '\2f' ` -creplace '`0', '\00' ` -creplace '\\(?![0-9A-Fa-f]{2})', '\5c' } $strFilter = Escape-LdapSearchFilter "\\Fileserver\Users\" # for LDAP you must use the correct attribute name, so `homeDirectory` with a lower-case `h` $AdUser = Get-AdUser -LDAPFilter "(homeDirectory=$strFilter*)" -Properties HomeDirectory $AdUser
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I don't know why, but only the second way using Where-Object worked for me. Thank you for the whole explanation!
0

I don't know what \5c is doing in that code, so please forgive my ignorance.

if \Fileserver\Users is the root directory that contains home directories, then the following code should work:

$DirectoryInfo = Get-Item \\Fileserver\Users $strFilter = $DirectoryInfo.FullName + '\*' $AdUser = Get-AdUser -Filter {homeDirectory -like $strFilter} $AdUser

The -like operator needs asterisks if your string is not an exact match.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.