ANR and AD searches

A comment on this post –

suggested using ANR – Ambiguous Name Resolution as a method of searching AD.

ANR provides a fuzzy search mechanism for AD – think wildcard search. If you perform an ANR search you’ll get anything matches – using your input as the root of the wildcard search – across display name, given name, name, samaccountname and surname.

Consider the searches shown last time based on the name Dave Green. Lets perform a ANR search on the first name

£> Get-ADUser -Filter {anr -eq ‘Dave’} | select Name

Jo Daven
Dave Green
Dave Brown
Dave White

Get-ADUser -LDAPFilter “(anr=Dave)” | select Name

will give the same result.  In my AD I get 3 results. Any account where any of the names listed above that start with the letters ‘Dave’  will be returned. Notice that in one of the results the letters are in the surname not the first name.

Similar issues if you perform ANR searches based on surname

£> Get-ADUser -LDAPFilter “(anr=Green)” | select Name

Dave Green
Fred Green
Dale Greensmith


Get-ADUser -Filter {anr -eq ‘Green’} | select Name

This time notice that the surname Greensmith is returned as well as Green.

You could use the whole name:

£> Get-ADUser -LDAPFilter “(anr=Dave Green)” | select Name


£> Get-ADUser -Filter {anr -eq ‘Dave Green’} | select Name

Dave Green
Dave Greenly

NOTE: I created the Dave Greenly account after the previous searches which is why it didn’t show earlier.

ANR searches are also slower than searching on specific attributes because a number of properties are being searched.

An ANR search is a good first step if  you’re not sure what you’re looking for but you will usually need to refine the search using –Identity parameter or more specific filters if you if you want to get to a single object.

This entry was posted in PowerShell and Active Directory. Bookmark the permalink.

2 Responses to ANR and AD searches

  1. Case Hicks says:

    Is there a cmdlet using “Anr” that can be used to retrieve contacts from a User mailbox?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s