Get-ADUser for not exact username

Question

The script below lists some user details, it works only in case I've entered the EXACT user name. Is there a method I could use to get results if I type a partial username? I mean if for example I enter "elibukin" or "eli.buk" instaed of "eli.bukin" witch is the correct username.

do {
    Write-Host "Who r we looking for ?        (type EXIT when u done)"
    $User = Read-Host
    Get-ADUser $User -Properties * |
        fl empl*,title, sam*, disp*, mail*, manager*, depa*, giv*, l, last*,
           logon*, when*
} until ($user -eq "exit")

Answer 1

I would use -LDAPFilter with ambiguous name resolution (ANR).

Get-ADUser -LDAPFilter "(anr=smith)"

See https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/1a9177f4-0272-4ab8-aa22-3c3eafd39e4b for more information about ANR.

Answer 2

You don't have to use -ldapfilter. -filter and ambiguous name resolution (https://en.wikipedia.org/wiki/Ambiguous_name_resolution). I had a case where two names were in the givenname, and the email was different from the upn.

Get-ADUser -Filter "anr -eq 'joe smith'"

Answer 3

I have actually worked on a script much like this. I used the -like operator to accommodate partial matches. However, this might give you more than one result.

Get-ADUser -Filter ("SamAccountName -like '*$user*'")

Or use something of this format to narrow down your result:

Get-ADUser -Filter ("SamAccountName -like '*$user*' -and Name -like '*$FirstName*' -and Surname -like '*$Lastname*'")

Use -or instead of -and for a broader result.

Answer 4

If you want fuzzy matching use the parameter -Filter with the -like operator:

do {
  $user = Read-Host -Prompt 'Who are we looking for (type EXIT when done)'
  if ($user -ne 'exit') {
    Get-ADUser -Filter "SamAccountName -like '*$User*'" -Properties * |
      Format-List empl*,title, sam*, disp*, mail*, manager*, depa*, giv*, l,
                  last*, logon*, when*
  }
} until ($user -eq "exit")