AD Object Type

Tagged: ,

This topic contains 3 replies, has 2 voices, and was last updated by Profile photo of Don Jones Don Jones 1 month ago.

  • Author
    Posts
  • May 26, 2017 at 3:11 pm #71543
    Profile photo of Juli
    Juli
    Participant

    I am trying to figure out how I can get the 'Type' of an AD object with limited input information. This is for a bulk process where some of the items may be contact records or mail-enabled users or regular AD users with exchange email.

    The TYPE will determine the correct command to disable the objects (e.g. remove-mailcontact, disable-mailuser)

    I have looked up the ObjectCategory attribute and it doesn't always give me what I need. Notice that both users and contacts are categorized as Person but the ObjectClass is different. The commands to disable these are different based on that very last item in the Objectclass.

    Example: AD View

    Name Type OjectCategory ObjectClass
    Joe Doe User CN=Person,CN-Scheme,etc top;person;organizationalPerson;user
    Jane Doe User CN=Person,CN-Scheme,etc top;person;organizationalPerson;user
    Jimmy Doe Contact CN=Person,CN-Scheme,etc top;person;organizationalPerson;contact
    Jessie Doe Contact CN=Person,CN-Scheme,etc top;person;organizationalPerson;contact

    The key is this: The only information I have going in is EmployeeID (this is not an attribute for a contact record), Name (may not be the correct displayName or first and last name due to legal vs. preferred names) and samaccountname which I may not have for every row.

  • May 26, 2017 at 4:11 pm #71554
    Profile photo of Don Jones
    Don Jones
    Keymaster

    There's no simple way of doing this. Probably whatever you're thinking – "I'm going to have to try __ first, and if that doesn't work then find __, and if that doesn't work..." is what you're actually doing to have to do. It's going to be a script with a lot of testing-for-conditions and logic. And in cases where your data isn't correct – no EmployeeID, no samAccountName, and in incorrect displayName – you're not going to be able to do anything.

    • May 26, 2017 at 4:44 pm #71560
      Profile photo of Juli
      Juli
      Participant

      Does it make sense that the first logical step would be to get the ObjectClass and capture the entry at the end of the string, after the last comma? This seems to be consistent with the displayed Type in all the records I looked at.

      Yeah, That incorrect data piece is my burden to bear. We are fighting that battle at numerous levels right now.

  • May 26, 2017 at 4:51 pm #71563
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Yeah, once you've got the objects, do a -split ";" and take the [-1] last element and you'll have the bit you want.

  • Author
    Posts

You must be logged in to reply to this topic.