AD Object Type

Welcome Forums General PowerShell Q&A AD Object Type

This topic contains 3 replies, has 2 voices, and was last updated by

Don Jones
 
Keymaster
1 year, 8 months ago.

  • Author
    Posts
  • May 26, 2017 at 3:11 pm #71543
    Juli

    Participant
    Points: 50
    Rank: Member

    I am trying to figure out how I can get the 'Type' of an AD object with limited input information. This is for a bulk process where some of the items may be contact records or mail-enabled users or regular AD users with exchange email.

    The TYPE will determine the correct command to disable the objects (e.g. remove-mailcontact, disable-mailuser)

    I have looked up the ObjectCategory attribute and it doesn't always give me what I need. Notice that both users and contacts are categorized as Person but the ObjectClass is different. The commands to disable these are different based on that very last item in the Objectclass.

    Example: AD View

    Name Type OjectCategory ObjectClass
    Joe Doe User CN=Person,CN-Scheme,etc top;person;organizationalPerson;user
    Jane Doe User CN=Person,CN-Scheme,etc top;person;organizationalPerson;user
    Jimmy Doe Contact CN=Person,CN-Scheme,etc top;person;organizationalPerson;contact
    Jessie Doe Contact CN=Person,CN-Scheme,etc top;person;organizationalPerson;contact

    The key is this: The only information I have going in is EmployeeID (this is not an attribute for a contact record), Name (may not be the correct displayName or first and last name due to legal vs. preferred names) and samaccountname which I may not have for every row.

  • May 26, 2017 at 4:11 pm #71554
    Don Jones

    Keymaster
    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    There's no simple way of doing this. Probably whatever you're thinking – "I'm going to have to try __ first, and if that doesn't work then find __, and if that doesn't work..." is what you're actually doing to have to do. It's going to be a script with a lot of testing-for-conditions and logic. And in cases where your data isn't correct – no EmployeeID, no samAccountName, and in incorrect displayName – you're not going to be able to do anything.

    • May 26, 2017 at 4:44 pm #71560
      Juli

      Participant
      Points: 50
      Rank: Member

      Does it make sense that the first logical step would be to get the ObjectClass and capture the entry at the end of the string, after the last comma? This seems to be consistent with the displayed Type in all the records I looked at.

      Yeah, That incorrect data piece is my burden to bear. We are fighting that battle at numerous levels right now.

  • May 26, 2017 at 4:51 pm #71563
    Don Jones

    Keymaster
    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    Yeah, once you've got the objects, do a -split ";" and take the [-1] last element and you'll have the bit you want.

  • Author
    Posts

The topic ‘AD Object Type’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort