• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 62
  • Last Modified:

Where, Variables and Functions in Powershell

I have this function, that should reveal all user accounts with some given letter combinations in the Description og Info field in AD.
Function RevealClearTextPassword([Array]$search){

    $words = $search -split ","

    foreach($word in $words){
        $list = $list += "(`$_.Description -like `"*$word*`" -OR `$_.info -like `"*$word*`") -OR "

    $list = $list.substring(0,$list.Length-5)
    Get-ADUser -filter * -Properties enabled, Description, Info | Where{$list} | ft samaccountname,enabled,description,info -AutoSize

Open in new window

When I run the Function like this:
RevealClearTextPassword pwd,pw,kode,pass

Open in new window

it returns ALL users in the AD no matter what is written in the two fields.
Why is that?

If I write out the Get-ADUser line it looks ok:
Get-ADUser -filter * -Properties enabled, Description, Info | Where{($_.Description -like "*pwd*" -OR $_.info -like "*pwd*") -OR ($
_.Description -like "*pw*" -OR $_.info -like "*pw*") -OR ($_.Description -like "*kode*" -OR $_.info -like "*kode*") -OR ($_.Descrip
tion -like "*pass*" -OR $_.info -like "*pass*")} | ft samaccountname,enabled,description,info -AutoSize

Open in new window

As far as I can see it should work, but it doesn't.
Kasper Katzmann
Kasper Katzmann
2 Solutions
When you mention Where{$list}, PowerShell consider it as a variable not a expression/condition. Until $list is not equal to $null the where condition is always considered as true.  That why the result has all users.

Change Where{$list} to Where{Invoke-Expression $list} and see if it works for you

You can also construct a pattern and use -Match to achieve the same..
Function RevealClearTextPassword([Array]$search){
  $words = ($search -Split ",") -join "|"
    Get-ADUser -filter * -Properties enabled, Description, Info | 
      ? {$_.Description -Match $words -OR $_.info -match $words} | 
    FT samaccountname,enabled,description,info -AutoSize

Open in new window

As an alternative to Subsun's, if you change lines 12 and 13 as below it should work.
$list = [scriptblock]::Create( ($list.substring(0,$list.Length-5)) )
    Get-ADUser -filter * -Properties enabled, Description, Info | Where $list | ft samaccountname,enabled,description,info -AutoSize

Open in new window

Kasper KatzmannSeniorkonsulentAuthor Commented:
There is one word for people like you... geniuses
Both worked - thanks
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now