PowerShell for Windows Admins

Jun 23 2015   2:46PM GMT

LDAP filter for a property that isn’t set

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Active Directory

Filtering on a particular LDAP property is straight forward

Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -Filter {Title -eq ‘Boss’}

You can also use an LDAP filter

Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -LDAPFilter ‘(Title=Boss)’

I prefer LDAP filters as I find them more powerful and the I can use them in the GUI tools.

I was recently asked how do I filter on  a property that isn’t set. That’s a bit more tricky as  AD  doesn’t store a value if the property isn’t set.

You can do this with an LDAP filter

Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -LDAPFilter ‘(!(Department=*))’  -Properties *

(Department=*) searches for accounts where department is set

(!(Department=*)) searches for accounts where its not set

Note that the filter is =*

You can’t use other characters

You can also check for multiple properties that aren’t set

Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -LDAPFilter ‘(&(!(Company=*))(!(Department=*)))’  -Properties *

The & in the filter means AND.  Note how the filter is constructed though with the individual filters after the &

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: