I often see people asking questions about the syntax of the -Filter parameter of the AD cmdlets. It is a strange syntax in that you have to think about them differently than you would just about any other comparision operation in Powershell.
In .Net, substitutions in regular expression replacement patterns are preceeded with the dollar symbol. Powershell also uses the dollar sign for variables. And, since Powershell attempts to expand variable when they are in double quoted strings, when passing a replacement pattern to a regular expression based operator or function, you must either use single quotes or escape the dollar symbol. Otherwise, Powershell will attempt the expand the regular expression substitution as if it were a powershell variable.
Earlier this week I spent an embarrasing amount of time attempting to connect to an iscsi target from a server core install. After googling around a bit, I found this little nugget. Turns out that the documentation lists the acceptable options for the AuthenticationType parameter in CamelCase,...
Here is a regular expression that can be used to match an Active Directory object's distinguished name to pull out the common name, organizational unit/container distinguished name, and/or the domain's distinguished name.
$regex_dn = '^CN=(?<cn>.+?)(?<!\\),(?<ou>(?:(?:OU|CN).+?(?<!\\),)+(?<dc>DC.+?))$'
$dn = "CN=John Doe,OU=My OU,DC=domain,DC=com"
$dn -match $regex_dn
$Matches
Using Get-WinEvent to Query All Logs
You can use Get-WinEvent to get events from all logs. Let's say you wanted to get all the errors in all the logs for the past 24 hours, you would specify a wildcard (*) in the LogName.
Get-WinEvent -FilterHashtable @{LogName='*';StartTime=(Get-Date).AddDays(-1)}
Encountering the Invalid Data error with Get-WinEvent; a 256 log limit