The PowerShell command Get-ADObject is part of the Active Directory PowerShell module. Go to this article if you want to know how to install it.
To search effectively for objects in your Active Directory you should use the Filter switch. Don’t extract all objects and then search the result set! (there are A LOT of objects in AD).
Use Get-ADObject -Filter to search directly for improved performance.
Understand the Get-ADObject Filter Parameter
With the many various filtering options available (LDAP filtering, oData v3.0 filtering, etc.), the filter switch often causes some confusion.
The filter switch used in the Get-ADObject and Get-ADUser commands uses the PowerShell expression language in the query string.
This is different than, e.g., when using the Get-AzureADUser command (which uses oData v3.0 filtering)!
To understand the LDAPFilter switch read this article.
The following operators should cover most of your needs:
| Operator | Meaning | Sample expression |
|---|---|---|
| -eq | Equal to | DisplayName -eq ‘Jonas Watt Boolsen’ |
| -ne | Not equal to | Country -ne ‘DK’ |
| -gt | Greater than | BadLogonCount -gt ‘0’ |
| -ge | Greater than or equal | Modified -ge ’06-04-2021 12:00:00′ |
| -lt | Less than | LastLogonTimeStamp -lt ’01-01-2021′ |
| -le | Less than or equal | Created -le ’01-01-2020′ |
| -like | Wildcard search | Mail -like ‘*@easy365manager.com’ |
| -notlike | Wildcard search with negation | Department -notlike ‘*’ |
| -and | And | Country -eq ‘DK’ -and Department -eq ‘Sales’ |
| -or | Or | Country -eq ‘DK’ -or -Country -eq ‘DE’ |
Please notice the following in the above examples:
- Enclose the compared value(s) in apostrophes
- Use -like ‘*’ and -notlike ‘*’ to find empty or non-empty values
- Filter “cryptic” date/time formats directly with a DateTime variable (like e.g. the LastLogonTimeStamp attribute which uses the FileTime format)
Below you have some code snippets that should point you in the right direction on how to structure your filters for your Get-ADObject search queries:
Get-ADObject -Filter 'DisplayName -eq "Jonas Watt Boolsen"'Get-ADObject -Filter 'Country -ne "DK"'Get-ADObject -Filter 'BadLogonCount -gt "0"'Get-ADObject -Filter 'Modified -ge "06-04-2021 12:00:00"'$Date = (Get-Date).AddDays(-60)
Get-ADObject -Filter 'LastLogonTimeStamp -lt $Date'Get-ADObject -Filter 'Created -le "01-01-2020"'Get-ADObject -Filter 'Mail -like "*@easy365manager.com"'Get-ADObject -Filter 'Department -notlike "*"'Get-ADObject -Filter 'Country -eq "DK" -and Department -eq "Sales"'Get-ADObject -Filter 'Country -eq "DK" -or -Country -eq "DE"'Next Level Active Directory and Office 365 Management
- Manage AD and Office 365 in a single, well-known interface (AD Users & Computers)
- Offload complex tasks like calendar delegation to first-line support in seconds
- Remove your Exchange on-premises Server
Sounds almost too good to be true?
With Easy365Manager, you no longer have to log in to the Microsoft 365 Admin Center, the Exchange Online Admin Center, or the Azure Portal for daily user management.
Consider the following example where calendar delegation is configured in a few seconds without using complex PowerShell scripting:
Easy365Manager is a snap-in to AD Users & Computers that allows you to manage Office 365 mailboxes and licenses as part of your standard AD management.
Easy365Manager extends user properties with two new tabs, so you no longer have to switch between multiple tools to perform daily management:
With Easy365Manager you can remove your on-premises Exchange server to avoid all future zero-day exploits.
Watch the extensive feature list here.
Try the 30-day trial now. It only takes a few minutes to install, and we guarantee you’ll be saving hours of work before the end of the week!