Get OU of AD user

Welcome Forums General PowerShell Q&A Get OU of AD user

This topic contains 9 replies, has 5 voices, and was last updated by

 
Participant
1 week, 3 days ago.

  • Author
    Posts
  • #133479
    Hil

    Participant
    Points: 23
    Rank: Member

    Hi, I need to get the OU of a user. I have tried various scripts on the web but none work completely.
    Here is what I finally arrived at, which works great, but I need to have all 3 commands in a single line.

    $user = Get-ADUser -identity $alias -Properties CanonicalName
    $DistinguishedName = $user.DistinguishedName
    $ou = $DistinguishedName.split(",")[($user.Name -split ',').count..($DistinguishedName.split(",").Length+1)] -join(",")
    

    I tried getting it into a single line:

    $ou = Get-ADUser -identity $alias -Properties CanonicalName | select-object -property DistinguishedName,Name | $_.DistinguishedName.split(",")[($_.Name -split ',').count..($_.DistinguishedName.split(",").Length+1)] -join(",")
    

    ... but I get errors

  • #133481

    Participant
    Points: 235
    Helping Hand
    Rank: Participant

    This is a job for calculated properties. Its pretty simple, check this link out so you can understand the technique. Below is an example that should get you in the right direction.

    https://mcpmag.com/articles/2017/01/19/using-powershell-calculated-properties.aspx

    $alias = 'lboydell'
    Get-ADUser -identity $alias -Properties canonicalName | Select-Object -Property canonicalName,DistinguishedName,@{Name='OU';Expression={$_.DistinguishedName.Split(',')[1..$($_.DistinguishedName.Split(',')).count] -join ','}}
    
    • #133487

      Participant
      Points: 116
      Rank: Participant

      I also got it to work like this:

      $ou = (((Get-ADUser -identity $alias -Properties CanonicalName | select-object -expandproperty DistinguishedName) -split",") | select -Skip 1) -join ','
      
    • #133497
      Hil

      Participant
      Points: 23
      Rank: Member

      Hi Logan, Thanks for your reply and the tip on calculated properties!!!!

      I see that the number of comas have been hardcoded to 1. Although I need to be able to keep that as a variable as some names contain comma and some do not.

      Hence I had  ($user.Name -split ',').count instead of 1.

      This works great:

      Get-ADUser -identity $alias -Properties canonicalName | Select-Object @{Name='OU';Expression={$_.DistinguishedName.Split(',')[($_.Name -split ',').count..$($_.DistinguishedName.Split(',')).count] -join ','}}
      
      
  • #133490
    js

    Participant
    Points: 442
    Helping Hand
    Rank: Contributor

    Or...

    $ou = $user.DistinguishedName -replace "cn=$alias,"
    $ou
    
    OU=People,DC=powershell,DC=org
    

    You can't use $_ outside a script block. You probably want to use a foreach for that one-liner.

    $ou = Get-ADUser -identity $alias -Properties CanonicalName | 
    select-object -property DistinguishedName,Name | 
    foreach { $_.DistinguishedName.split(",")[($_.Name -split ',').count..($_.DistinguishedName.split(",").Length+1)] -join(",") }
    
  • #133491

    Participant
    Points: 200
    Helping Hand
    Rank: Participant

    Like Logan says calculated properties are the way to go.

    However, [1..-1] returns something weird because it counts backward from 1 to -1:
    1: the OU name
    0: the username
    -1: the last item of the array which is probably the last member of the FDQN of your company (probably "dc=com").

    I would rather go for RegEx.

    Get-ADUser -identity $alias -Properties canonicalName |
        Select-Object -Property canonicalName,DistinguishedName,@{
            Name='OU';
            Expression={$_.DistinguishedName -replace 'cn.+?,'}
        }
    

    Furthermore, do you want the OU distinguished name or only the OU name?

    If you want only the OU name, here is a proposition.

    Get-ADUser -identity $alias -Properties canonicalName |
        Select-Object -Property canonicalName,DistinguishedName,@{
            Name='OU';
            Expression={$_.DistinguishedName.Split(',')[1].replace('OU=','')}
        }
    
    • #133503
      Hil

      Participant
      Points: 23
      Rank: Member

      Thanks Luc, this one works great too !!!

  • #133731

    Participant
    Points: 235
    Helping Hand
    Rank: Participant

    Hi Logan, Thanks for your reply and the tip on calculated properties!!!!

    I see that the number of comas have been hardcoded to 1. Although I need to be able to keep that as a variable as some names contain comma and some do not.

    Hence I had ($user.Name -split ',').count instead of 1.

    This works great:

    PowerShell
    3 lines

    1
    2
    3
    Get-ADUser identity $alias Properties canonicalName | Select-Object @{Name='OU';Expression={$_.DistinguishedName.Split(',')[($_.Name -split ',').count..$($_.DistinguishedName.Split(',')).count] -join ','}}
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    That [1..] in my code is not "hardcoding the commas", its indexing into the 2nd item in the array. Since the first index (0) is the CN=User Name. I can see what you are doing in your code, but its pointless and really confusing. Consider what your code is doing...

    $alias = 'testuser'
    $user = Get-ADUser -identity $alias -Properties CanonicalName
    $user.Name
    $user.Name -split ','
    ($user.Name).Count
    ($user.Name -split ',').Count
    

    As you can see splitting it by a comma doesn't achieve anything because there is no comma to split on, you are just needlessly inconveniencing electrons. 🙂
    We know the structure of a distinguishedName, so its reasonable to split one into an array based on commas and index into position 1 to omit the user name.
    Here is some reading to help in your understanding of working with Arrays and working with strings

    Arrays
    https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_arrays?view=powershell-6

    Strings

    Working with strings in PowerShell

    • #133736
      Hil

      Participant
      Points: 23
      Rank: Member

      Actually there is a comma in most names. I mentioned it in my earlier message too "Although I need to be able to keep that as a variable as some names contain comma and some do not". Why would I want to reinvent the wheel if there was no comma?

      Anyway its all cool as I have it just the way I need it.

       

  • #133737

    Participant
    Points: 235
    Helping Hand
    Rank: Participant

    Actually there is a comma in most names. I mentioned it in my earlier message too "Although I need to be able to keep that as a variable as some names contain comma and some do not".

    Anyway its all cool as I have it just the way I need it.

    I totally missed that post 🙁 My apologies! Glad you got it working.

You must be logged in to reply to this topic.