I'm trying to build an LDAP filter which works like this simple PowerShell command:
Get-ADUser -Filter * -Properties Department -SearchBase "OU=Company Users,OU=WorkPlace,OU=contoso,DC=fr" | `
Where{ (($_.SamAccountName -like "user1") -OR ($_.SamAccountName -like "user2") -OR ($_.SamAccountName -eq "user3")) -OR `
($_.Department -like "Dpt1/*") -OR `
($_.Department -like "Dpt2/*") -OR `
($_.Department -like "*/Svc3/*") -OR `
($_.SamAccountName -in (Get-ADGroupMember -Identity "Group1" -Recursive).SamAccountName)
}
I tried to read some examples here to make this filter but I'm stuck (error with dn):
(&(distinguishedName=*OU=Company Users,OU=WorkPlace,OU=contoso,DC=fr)
(!(employeeNumber=\00))(!(department=\00))
(|(department=Dpt1/*)(department=Dpt2/*)(department=*/Svc3/*)
(sAMAccountName=user1)
(sAMAccountName=user2)
(sAMAccountName=user3))
(objectCategory=person)
(sAMAccountType=805306368))
How can I write this filter to list users with distinguishedName values that end with OU=Company Users,OU=WorkPlace,OU=contoso,DC=fr or which are in this OU and subOUs?
If it helps users that I need to filter:
Active Directory won't allow you to use wildcards for any attribute that is a distinguished name (distinguishedName, member, manager, etc).
If you need to find object within an OU and child OUs, then set that OU as the search base, which I see you're already doing: -SearchBase "OU=Company Users,OU=WorkPlace,OU=contoso,DC=fr"