LDAP Filter for distinguishedName EndsWith?

Question

I'm trying to build an LDAP filter which works like this simple PowerShell command:

Get-ADUser -Filter * -Properties Department -SearchBase "OU=Company Users,OU=WorkPlace,OU=contoso,DC=fr" | `
    Where{  (($_.SamAccountName -like "user1") -OR ($_.SamAccountName -like "user2") -OR ($_.SamAccountName -eq "user3")) -OR `
            ($_.Department -like "Dpt1/*") -OR `
            ($_.Department -like "Dpt2/*") -OR `
            ($_.Department -like "*/Svc3/*") -OR `
            ($_.SamAccountName -in (Get-ADGroupMember -Identity "Group1" -Recursive).SamAccountName)
         }  

I tried to read some examples here to make this filter but I'm stuck (error with dn):

(&(distinguishedName=*OU=Company Users,OU=WorkPlace,OU=contoso,DC=fr)
(!(employeeNumber=\00))(!(department=\00))
(|(department=Dpt1/*)(department=Dpt2/*)(department=*/Svc3/*)
(sAMAccountName=user1)
(sAMAccountName=user2)
(sAMAccountName=user3))
(objectCategory=person)
(sAMAccountType=805306368))

How can I write this filter to list users with distinguishedName values that end with OU=Company Users,OU=WorkPlace,OU=contoso,DC=fr or which are in this OU and subOUs?

If it helps users that I need to filter:

• need to be in the specified OU or subOUs
• need to match some samAccountNames OR Department OR Nested memberShip of a group
• need to have some attributes filled (department, employeenumber, ...)

Answer 1

Active Directory won't allow you to use wildcards for any attribute that is a distinguished name (distinguishedName, member, manager, etc).

If you need to find object within an OU and child OUs, then set that OU as the search base, which I see you're already doing: -SearchBase "OU=Company Users,OU=WorkPlace,OU=contoso,DC=fr"