0

I want to get all user ID's with a specific token assigned.

It looks like this now when I run my script..

Get-ADUser -Filter * -Properties * | Select-Object vasco-LinkUserToDPToken, displayname 

#Output#

vasco-LinkUserToDPToken Displayname

{CN=VES0423061,OU=br... User X           
{}                      User X                
{}                      User X           
{CN=0067511310,OU=br... User X                
{CN=0067077717,OU=br... User X 


Example of a full vasco-LinkUserToDPToken : 
{CN=VES0976944,OU=Internal Users,DC=mgm,DC=agf,DC=be}

the thing is I only want to filter VES + it should be shown like this (not containing empty strings or tokens that are not starting with VES):

VES0423061  User X
Improve this question
1
  • 1
    "I only want to filter VES" - ...then why did you do -Filter *? Commented Apr 1, 2022 at 10:34

1 Answer 1

Reset to default
1

It looks like your property 'vasco-LinkUserToDPToken' is a multivalued property type (string array) of which you need to extract the DN inside.

You could try:

Get-ADUser -Filter "vasco-LinkUserToDPToken -like 'CN=VES*'" -Properties 'vasco-LinkUserToDPToken', DisplayName | 
Select-Object @{Name = 'vasco-LinkUserToDPToken'; Expression = {
    ($_.'vasco-LinkUserToDPToken' | Where-Object {$_ -match '^CN=VES.*'}) -replace '.*(VES[^,]+).*', '$1'}
}, DisplayName

P.S. It is always a bad idea to use -Properties * is what you are after is just two properties. Using * forces to pull down ALL properties which is a waste of time

If the -Filter doesn't work on this custom property, you can always use a Where-Object clause afterwards like:

Get-ADUser -Filter * -Properties 'vasco-LinkUserToDPToken', DisplayName | 
Where-Object { $_.'vasco-LinkUserToDPToken' -like 'CN=VES*' } |
Select-Object @{Name = 'vasco-LinkUserToDPToken'; Expression = {
    ($_.'vasco-LinkUserToDPToken' | Where-Object {$_ -match '^CN=VES.*'}) -replace '.*(VES[^,]+).*', '$1'}
}, DisplayName
Improve this answer
Sign up to request clarification or add additional context in comments.

17 Comments

hmm now I'm getting no output at all.
This 👉 It is always a bad idea to use -Properties *
@Theo Get-ADUser -Filter * -Properties vasco-LinkUserToDPToken, displayname | Where-Object -FilterScript {$_.vasco-LinkUserToDPToken -like "{CN=VES*"} | Select-Object @{Name = 'vasco-LinkUserToDPToken'; Expression = { ($_.'vasco-LinkUserToDPToken' | Where-Object {$_ -match '^{CN=VES.*'})[0] -replace '.*(VES[^,]+).*', '$1'} }, DisplayName
@Toon You may have to single-quote the propertyname in the filter because of the hyphen in there like -Filter "'vasco-LinkUserToDPToken' -like 'CN=VES*'"
@danijeljw-RPC PowerShell shows arrays in curly brackets, that's why I started with multivalued property type. Since this is a non-standard property, only the OP would know whether this attribute is defined as string or multi-string in the schema. If it is indeed defined as a single string, then it seems very unlikely it would be embedded in {}, even for those that are not set. Therefore, I don't think the opening { is in fact part of the DN inside..
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.