Active Directory Wildcard Searches

It’s important for users to be able to find information quickly in Active Directory.  When delegating a solution to your end-users to be able to find objects (users, contacts, computers, groups) it’s important that they be able to get to what they need quickly.  This can be challenging whether there are 500 users in your directory or one million.

Active Directory Wildcard Searches with PowerShell

When searching for any object, use of wildcard searches with “ambiguous name resolution” (ANR) are handy because they actually query a variety of name-related attributes to find objects in your directory.   Details on this are here:  https://social.technet.microsoft.com/wiki/contents/articles/22653.active-directory-ambiguous-name-resolution.aspx

You can use ANR with any type of directory object.


import-module activedirectory
# Search for users using ANR
Get-ADObject -LDAPFilter (&objectClass=user)(anr=rob))"
# Search for computers using ANR
Get-ADObject -LDAPFilter "(&(objectCategory=computer)(anr=rob))"
# Contact ANR search
Get-ADObject -LDAPFilter "(&(objectCategory=person)(objectClass=contact)(anr=rob))"
# Group ANR search
Get-ADObject -LDAPFilter "(&(objectCategory=group)(anr=test))"

Of course we’re barely scratching the service here. You can literally use wildcards (“*”) in your LDAP filters. You just don’t need that with ANR as they are inherently wildcard searches. You don’t have to use LDAP notation at all with these commandlets and can instead pass filter parameters one at a time or splat them in as hashtables. Still, it’s useful to see ANR searches in action because they are so powerful.

You’ll also want to add parameters to delegate searches safely to a service account created for that purpose.

Active Directory Wildcard Searches with Web Active Directory’s PeoplePlatform

Web Active Directory’s PeoplePlatform enables you to empower your users to search on any object in Active Directory the way that you want.

The primary techniques you have in the software is to build query screens where users can find objects narrowing their search by entering data into filter fields. Another technique at your disposal involves single entry fields that when a user types a query is performed against your Active Directory in real-time.

You can also combine these techniques. Before you or your end-users can manage objects in your directory they need to find them. Web Active Directory’s solutions let you build screens for your users to do that without scripting or coding.