I'm trying to get all AD users in the AD group 'Fall 2021' where the description is like 'Customer.' I'm currently receiving this error when I run my script. Any help or guidance is much appriciated.

Get-ADGroup : Error parsing query: 'Fall 2021' Error Message: 'syntax error' at position: '1'.
At line:1 char:1
  Get-ADGroup -filter "Fall 2021" | Where-Objec ...
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      CategoryInfo          : ParserError: (:) [Get-ADGroup], ADFilterParsingException
      FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADGroup

Here is the script:

Get-ADGroup -filter "Fall 2021" | Where-Object {$_.Description -like 'Customer' }

CodePudding user response：

-Filter "Fall 2021" is not a valid syntax for the AD Filter, if the Name of the group is Fall 2021 you can use the -Identity parameter as Mathias R. Jessen points out. If you want to query the group membership, you can use Get-ADGroupMember, or you can query the Member attribute of the group:

(Get-ADGroup -Identity 'Fall 2021' -Properties Member).Member | ForEach-Object {
    $obj = Get-ADObject $_ -Properties Description
    # if this member is a user object and it's description is customer
    if($obj.ObjectClass -eq 'user' -and $obj.Description -eq 'Customer') {
        # output this object
        $obj
    }
}

This query can be also reversed, we can use LDAPFilter to search for all users whose MemerOf attribute contains the DistinguishedName of the Fall 2021 group and whose Description attribute is equal to Customer:

$groupDN = (Get-ADGroup -Identity 'Fall 2021').DistinguishedName
Get-ADUser -LDAPFilter "(&(memberof=$groupDN)(description=Customer))"