I often see people asking questions about the syntax of the -Filter parameter of the AD cmdlets. It is a strange syntax in that you have to think about them differently than you would just about any other comparision operation in Powershell.
Here is a regular expression that can be used to match an Active Directory object's distinguished name to pull out the common name, organizational unit/container distinguished name, and/or the domain's distinguished name.
$regex_dn = '^CN=(?<cn>.+?)(?<!\\),(?<ou>(?:(?:OU|CN).+?(?<!\\),)+(?<dc>DC.+?))$' $dn = "CN=John Doe,OU=My OU,DC=domain,DC=com" $dn -match $regex_dn $Matches