| Author | Posts |
|
I am trying to figure out how I can get the 'Type' of an AD object with limited input information. This is for a bulk process where some of the items may be contact records or mail-enabled users or regular AD users with exchange email. The TYPE will determine the correct command to disable the objects (e.g. remove-mailcontact, disable-mailuser) I have looked up the ObjectCategory attribute and it doesn't always give me what I need. Notice that both users and contacts are categorized as Person but the ObjectClass is different. The commands to disable these are different based on that very last item in the Objectclass. Example: AD View Name Type OjectCategory ObjectClass The key is this: The only information I have going in is EmployeeID (this is not an attribute for a contact record), Name (may not be the correct displayName or first and last name due to legal vs. preferred names) and samaccountname which I may not have for every row. |
|
|
There's no simple way of doing this. Probably whatever you're thinking – "I'm going to have to try __ first, and if that doesn't work then find __, and if that doesn't work..." is what you're actually doing to have to do. It's going to be a script with a lot of testing-for-conditions and logic. And in cases where your data isn't correct – no EmployeeID, no samAccountName, and in incorrect displayName – you're not going to be able to do anything. |
|
|
Does it make sense that the first logical step would be to get the ObjectClass and capture the entry at the end of the string, after the last comma? This seems to be consistent with the displayed Type in all the records I looked at. Yeah, That incorrect data piece is my burden to bear. We are fighting that battle at numerous levels right now. |
|
|
Yeah, once you've got the objects, do a -split ";" and take the [-1] last element and you'll have the bit you want. |
You must be logged in to reply to this topic.
