CODEWITHSUNDEEP
filteractive-directoryattributesldappowershell-4.0
Caststupider
Caststupider

Reputation: 53

Search user with empty attributes

I try to search all user with an empty attribute like telephoneNumber (multiple attributes query). In the internet I found a lot about PowerShell and LDAP, but it's very complicated and nothing worked well.

Upvotes: 2

Views: 7654

Answers (1)

Ansgar Wiechers
Ansgar Wiechers

Reputation: 200233

LDAP filters have an ugly syntax, but they're not that difficult once you understand their structure. Basically, each clause is put in a set of parentheses:

(attribute=value)

clauses can be negated:

(!(attribute=value))

and multiple clauses can be combined via logical AND or OR operations:

(&(attribute=somevalue)(otherattribute=othervalue)...)
(|(attribute=somevalue)(otherattribute=othervalue)...)

To filter for an empty attribute you need an LDAP filter saying "attribute telephoneNumber does not have any value":

(!(telephoneNumber=*))

The asterisk (*) is a wildcard for an arbitrary non-empty value. Negating that clause gives you what you want. For more complex filter you make clauses like the above (one for each attribute), and combine them with (&...) and/or (|...) according to your requirements.

Example (get users with empty telephoneNumber or mail attribute):

Get-ADUser -LDAPFilter '(|(!(telephoneNumber=*))(!(mail=*)))'

Another option is to fetch all users and use a Where-Object filter for selecting those with the desired properties.

Example (again, get users with empty telephoneNumber or mail attribute):

Get-ADUser -Filter * -Properties * | Where-Object {
  -not $_.telephoneNumber -or
  -not $_.mail
}

Upvotes: 6

Related Questions