Using PowerShell to Search for Specific Users in Active Directory without Knowing their Exact Information

You’re looking for a user in your Active Directory environment who goes by the nickname of “JW”. You know that’s the user’s initials and you need to find their AD user account.

Typically you’d use the Identity parameter, but that parameter doesn’t allow wildcards:

finduser1

Verifying wildcard’s are not allowed on the Identity parameter of Get-ADUser:

finduser4

What you’ll need to do is use the Filter parameter instead:

finduser2

The previous results were close to what you wanted, but not exactly. It included users like “Jo Brown” since his name also matches the search criteria that was provided. This time let’s try a compound filter and specify GivenName’s that start with “J” and Surname’s that start with “W”:

finduser3

The previous example is much, much better than using the Where-Object cmdlet to filter with since the previous example follows the best practice of filtering early or filtering left.

This is how NOT to accomplish the task because it is less efficient:

finduser5

Since I’ve already told you that the previous example is less efficient, I’ll now show you that it’s less efficient:

finduser6

As you can see in the previous results, the example that used the Filter parameter took about 12 milliseconds to complete and the example that used the Where-Object cmdlet for the filtering took approximately 310 milliseconds to complete. There are a total of 305 Active Directory user accounts in the test environment that these examples were run against. The performance of the Where-Object example would be worse if more Active Directory user accounts existed in the environment.

The examples shown in this blog have been demonstrated on a Windows 8.1 client machine with the RSAT (Remote Server Administration Tools) installed. The client machine is part of a domain and the domain controllers are running Windows Server 2012 R2.

µ

Leave a Reply

%d bloggers like this: