Strange behaviour with Filter in Powershell

Kasper Katzmann
Kasper Katzmann used Ask the Experts™
on
I have a function, that seached our AD for security groups that contains a specified server name.
When I use different variants of the same server name, I get different results.

PS C:\Users\Me> GetServerGroups EFKM-WZ-IIS01T
RDP:
SG-EFKM-WZ-IIS01T_RDP_User

LOCAL ADMIN:
SG-EFKM-WZ-IIS01T_Local_Admin

PS C:\Users\Me> GetServerGroups WZ-IIS01T
RDP:
SG-EFKM-WZ-IIS01T_RDP_User

LOCAL ADMIN:
Der er ikke oprettet nogen ADMIN grupper, der matcher WZ-IIS01T

PS C:\Users\Me> GetServerGroups IIS01T
RDP:
Der er ikke oprettet nogen RDP grupper, der matcher IIS01T

LOCAL ADMIN:
SG-EFKM-WZ-IIS01T_Local_Admin

Open in new window


The function can be seen here. The filters are at line 49 and 75.
Function: 
Function GetServerGroups()
{
<# 
  .EXAMPLE
  ServerGroups SIT-CTXAPP0013 -Type admin
  .EXAMPLE
  ServerGroups SIT-CTXAPP0013 rdp
  .EXAMPLE
  ServerGroups SIT-CTXAPP0013 all
  #> 

[CmdletBinding()] 
  Param(
  [Parameter(Mandatory=$True,Position=1)]
   [Array]$srv,
  [Parameter(Mandatory=$False,Position=2)]
   [String]$Type
	
    )

$srv = $srv -replace (" ","")

IF($Type -eq "all"){
    Write-Host -BackgroundColor Yellow -foreGroundColor Black "ALLE GRUPPER:"
    
    Foreach($sAll in $srv){
	    $all = Get-ADGroup -filter 'Name -like "*$sAll*"' #| Where {$_.Name -like "*$sAll*"}
        
        If($all.length -lt 3){
                Write-Host -foreGroundColor Red "Der er ikke oprettet nogen grupper, der matcher $sALL"
            }
        else{
            foreach($allGrp in $all){
                Write-Host $allGrp.name
            }
            }
    Write-Host " "
    }
	    
}
ELSE{
	
    #FINDS RDP USER SECURITY GROUPS THAT MATCHES THE SERVER NAME
	If(($Type -eq "") -or ($Type -eq "rdp")){
	Write-Host -BackgroundColor Yellow -foreGroundColor Black "RDP:"
	    Foreach($sRDP in $srv){

            $RDPName = "$sRDP"
	        $RDP = Get-ADGroup  -filter "Name -like '*$RDPName*'" `
                                -SearchBase "OU=Server RDP User,OU=Globale Security Groups,OU=Administration,DC=SUBDOMAIN,DC=DOMAIN,DC=DK" `
                                -SearchScope Subtree
	            
        #write-host $rdp
        If($RDP.length -lt 3){
                Write-Host -foreGroundColor Red "Der er ikke oprettet nogen RDP grupper, der matcher $sRDP"
            }
        else{
            foreach($rdpGrp in $RDP){
                Write-Host $rdpGrp.name
            }
            }
        
        
	    }
	
    	Write-Host " "
	}
    
    #FINDS LOCAL ADMIN SECURITY GROUPS THAT MATCHES THE SERVER NAME
	If(($Type -eq "") -or ($Type -eq "admin")){
	Write-Host -BackgroundColor Yellow -foreGroundColor Black "LOCAL ADMIN:"
	    Foreach($sLA in $srv){

            $LAName = "$sLA"
	        $LOCADM = Get-ADGroup   -filter "Name -like '*$LAName*'" `
                                    -SearchBase "OU=Server Local Admin,OU=Globale Security Groups,OU=Administration,DC=SUBDOMAIN,DC=DOMAIN,DC=DK" `
                                    -SearchScope Subtree
	            

        If($LOCADM.length -lt 3){
                Write-Host -foreGroundColor Red "Der er ikke oprettet nogen ADMIN grupper, der matcher $sLA"
            }
        else{
            foreach($LAGrp in $LOCADM){
                Write-Host $LAGrp.name
            }
            }

	
	    }
	
    	Write-Host " "
	}
}
}

Open in new window

Any ideas about why it acts so strange?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
View Solution Only
Jason CrawfordTransport Ninja

Commented:
You have to enclose variables with double quotes
Kasper KatzmannSeniorkonsulent

Author

Commented:
Well, have tried that - with the same result.
Top Expert 2014
Commented:
Your syntax is fine.  Another variation is
$LAName = "*$sLA*"
$LOCADM = Get-ADGroup   -filter {Name -like $LAName}

Open in new window


However, that should give identical results.

I'm not sure what the purpose of
If($LOCADM.length -lt 3)
is (only see one result in your original post - maybe you truncated the results?).

Are you running this on a DC?  If so, are you in an elevated session?
Kasper KatzmannSeniorkonsulent

Author

Commented:
I, have tried your variant as well and, as you point out, it gives the same result.

If($LOCADM.length -lt 3) just checks if there are anything.

I'm running it from a management server (2012 R2).

-------------------------------

Could there be anything with the dashes in the servernames?
I simply can't figure out why the result vary, when it should be the same.

After all *EFKM-WZ-IIS01T*, *WZ-IIS01T* and *IIS01T* should give the same result.
Kasper KatzmannSeniorkonsulent

Author

Commented:
It was If($LOCADM.length -lt 3) that caused the strange behaviour. Changed it to If($LOCADM.count -eq 0) and now it works as supposed.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial