' Error Message: 'Operator Not supported: -notcontain' in Get-ADUser Filter cmdlet?

Question

Unable to get the AD users created in the past 1 year which is not contains the specific Domain name pattern:

$laterThan = (Get-Date).AddYears(-1)
$filter = { (whenCreated -gt $laterThan) -and (userPrincipalName -notcontain $((Get-ADDomain).Name)) }
$properties = 'canonicalName', 'whenCreated', 'displayName', 'lastlogondate'

Get-ADUser -Filter $filter -Properties $properties

Error showing as:

Get-ADUser : Error parsing query: ' (whenCreated -gt $laterThan) -and (userPrincipalName -notcontain $((Get-ADDomain).Name)) ' Error Message: 'Operator Not supported: -notcontain' at position: '55'. At line:5 char:1
Get-ADUser -Filter $filter -Properties $properties
  + CategoryInfo          : ParserError: (:) [Get-ADUser], ADFilterParsingException
  + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

However, the IDE not showing any issue:

Maybe my guess is wrong, but the ActiveDirectory Filter doesn't seem to support contains or notcontains the possible FilterOperator are "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike". Ref.: docs.microsoft.com/en-us/powershell/module/addsadministration/… — Paxz
Yes, that does make sense @Paxz, thank you for the suggestion. — Senior Systems Engineer
@Isaac no problem, hopefully, you also learn as well on this thread. — Senior Systems Engineer

marsze marsze · Accepted Answer · 2020-10-06T11:23:59

You probably mean -notcontains but that operator is not supported for that cmdlet. Look here.

Also, that operator works with collections, not strings. If you want to check if a string contains another string, use the -like operator and wildcards:

Get-ADUser -Filter "UserPrincipalName -like '*$((Get-ADDomain).Name)*'"

' Error Message: 'Operator Not supported: -notcontain' in Get-ADUser Filter cmdlet?

2 Answers