LDAP filters resemble the query language used by Active Directory, and if you have installed Microsoft’s RSAT tools, you can easily use the cmdlets found in the ActiveDirectory module to use LDAP filters to search for users, computers, or other resources.
This would find all users with no email address:
$filter = '(&(objectCategory=person)(objectClass=user)(!mail=*))' Get-ADUser -LDAPFilter $filter -Prop *
LDAP filters are useful even if you don’t have access to the RSAT tools and the specific ActiveDirectory cmdlets:
$filter = '(&(objectCategory=person)(objectClass=user)(!mail=*))' $searcher = [ADSISearcher]$filter # search results only $searcher.FindAll() # access to directory entry objects with more details $searcher.FindAll().GetDirectoryEntry() | Select-Object -Property *
