I am trying to figure out how to check if an AD user account exists. I am trying to use the New-ADUser cmdlet, but having a couple of issues. Do I use New-ADUser -filter or New-ADUser -LDAPFilter? Not sure what the real difference is. Also, how do I then test if the statement actually found an account or not?

I would recommend that you look for an existing account first:

$newAcctName = "somevalue" $exists = $null $exists = Get-ADUser -Identity $newAcctName if ($exists -ne $null) { # Create the new account }

Perfect! Thanks for the help.

One more uestion that I just noticed... When my script hits the "$exists = Get-ADUser -Identity $newAcctName" command, and the account doesn't exist, I receive a Powershell error message. Is there a way to surpress that error message?

Use the Filter parameter:

if( -not (Get-ADUser -Filter {SamAccountName -eq 'somevalue'})) {'no such user,create the new account'}

Shay, I tried that and am receiving the following message:

Get-ADUser : Property: 'Name' not found in object of type: 'System.Management.Automation.PSCustomObject'.

This is the statement I am using:

if ( -not (Get-ADUser -Filter {samAccountName -eq $_.Name}))

I am importing a csv file so that si why the $_.Name.

Also, what is the difference between Get-ADUser -Filter and Get-ADUser -LDAPFilter?

I think it's because $_.Name evaluates to null inside the filter scriptblock. Can you try this:

...
$name = $_.Name
if ( -not (Get-ADUser -Filter {samAccountName -eq $Name}))

Shay, I tried your code, but am receiving the following error message:

Get-ADUser : Variable: 'Name' found in expression: $Name is not defined.
At C:\Users\test\documents\powershell scripts\CreateAccounts.ps1:48 char:27
+ if (-not (Get-ADUser <<<< -Filter {samAccountName -eq $Name}))
+ CategoryInfo : InvalidArgument: (:) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : Variable: 'Name' found in expression: $Name is not defined.,Microsoft.ActiveDirectory.Management.Commands.GetADUser

Sorry Greg, WRONG answer. Currently there's a bug with that syntax. The issue has been reported to the AD team.

Try with an LDAP filter:

if ( -not (Get-ADUser -LDAPFilter "samaccountname=$($_.Name)"))
{
...
}

Shay, I am using your latest code and if the code resolves to true (the account doesn't exists), then I create it. So, I tested it trying to pass the account information for an account that does exist and it resolves to true and then errors out when I try to create an account that already exists. Looks like the same problem I have had. I cannot seem to test correctly for an AD account. Am I not understanding the code correctly? I assume the "-not" part of the statement means I am checking to see if the AD account doesn't exist in your statement above. Correct?

The syntax for an LDAP filter is not quite correct, try this:
$account = "fr3dd" Import-Module ActiveDirectory if ( -not (Get-ADUser -LDAPFilter "(sAMAccountName=$account)")) { Write-Host "Create the account!" } else { Write-Host "Already there" }
LDAP filters need to have the parentheses to function properly. Also, I always make sure that the attribute names are in the appropriate case.

HTH - fr3dd

Yeap, I've missed the parenthesis, thanks fr3dd.

The quest tools don't seem to have this problem.

This works:
if(Get-QADUser $someuser){'Found User'}else{'Didn't find user'}

I tried with a real account and a fake account. It worked as written.

Yet another advantage of the QAD snap-in over the AD module :)

Just wanted to update this thread and mention that the same bug with Get-ADUser using the -Filter parameter also exists with Get-ADGroup. Use -LDAPFilter as suggested.

Cheers,
Jeremy.