0

I'm having issues with a script in powershell using AD Module.

I know the general rule of thumb as to how AD commands like to receive its queries so I've wrote this script to (what I thought) would fall inline with those guidelines.

$CSV=Import-Csv "c:\temp\deleteduserlist.csv" foreach ($entry in $CSV) { $filter = "{SamAccountName -like ""$($entry.username)""}" Get-ADObject -filter $filter }

I basically need to be able to query and restore any of the users that have been deleted however it fails with:

Error Message: 'syntax error' at position: '1'

At first I was sending through the filter with single quotations like so:

{SamAccountName -like 'xxx'"}

However I have fixed this now.

One thing that puzzles me is that I can literally show the results of $filter, copy them to Get-ADObject -Filter (paste) manually and it works. Therefore I cannot understand why Powershell does not like it..

Whole Error:

Get-ADObject : Error parsing query: '{SamAccountName -like "xxxx"}' Error M essage: 'syntax error' at position: '1'. At C:\temp\GetDeleted.ps1:5 char:14 + Get-ADObject <<<< -filter $filter + CategoryInfo : ParserError: (:) [Get-ADObject], ADFilterParsing Exception + FullyQualifiedErrorId : Error parsing query: '{SamAccountName -like "xxx "}' Error Message: 'syntax error' at position: '1'.,Microsoft.ActiveD irectory.Management.Commands.GetADObject

Improve this question
5
  • -Filter is expecting either a string or a ScriptBlock - not a ScriptBlock definition in a string. $filter = {SamAccountName -like "$($entry.username)"} is sufficient, no need for quotes around it Commented May 12, 2016 at 10:03
  • Ah ok does that mean that even making the changes you suggest this is not possible due to what -Filter is expecting to see? Commented May 12, 2016 at 10:53
  • Ah ok so if I take away the outer quotes then I get SamAccountName -like "$($entry.username)" which works on the script but of course gives me no results :) Commented May 12, 2016 at 10:55
  • No, keep the {} like in my example Commented May 12, 2016 at 11:35
  • Sorry yes once I remove the " " and run the script to output $Filter It simply gives me the command back as the result instead of entering the output from the CSV like so: SamAccountName -like "$($entry.username)" SamAccountName -like "$($entry.username)" SamAccountName -like "$($entry.username)" SamAccountName -like "$($entry.username)" Commented May 12, 2016 at 12:07

1 Answer 1

Reset to default
1

One way to do it is this

$CSV=Import-Csv "c:\temp\deleteduserlist.csv" foreach ($entry in $CSV) { ## Set username to entry from csv file $directory_username = $entry.username ## Build search filter before using it, interested in username and deleted objects $directory_filter = {(SamAccountName -like $directory_username) -and (Deleted -eq $true)} ## Search for ADObject based on filter and deleted objects explicitely included in the search $directory_found_object = Get-ADObject -Filter $directory_filter -IncludeDeletedObjects -Properties sAMAccountName, Deleted foreach ($directory_object in $directory_found_object) { ### Execute required action on each found $directory_object ### Perhaps pipe $directory_object | Restore-ADObject with appropriate attribute values for restore } }

$directory_filter can be of course modified to fit your needs better. However one challenge you will be facing still is to decide which of the found objects for given sAMAccountName should be restored. This is because any given objects can be in deleted state multiple times. Perhaps one way to solve for that is to restore object with latest WhenCreated attribute value.

Also I'm not sure what motivation you have to build filter beforehand. It might be useful in case you built in on the fly for different attribute values but it seems not to be the case in your example. So for simplicity it can be also removed and included directly in Get-ADObject call like this

$directory_found_object = Get-ADObject -Filter {(SamAccountName -like $directory_username) -and (Deleted -eq $true)} -IncludeDeletedObjects -Properties sAMAccountName, Deleted
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Excellent answer! I basically got a list of users who failed to execute a report we run daily and I needed to exclude those users who have been deleted because they of course wouldn't work regardless. However it then transpired that we couldn't deleted the reports without restoring the AD objects else we got an error in the reporting tool. I managed with your help to script this restore, delete the reports and then re-delete the AD objects again.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.