How to extract only the Group name from AD using powershell object

This topic contains 10 replies, has 4 voices, and was last updated by  Curtis Smith 1 year, 11 months ago.

  • Author
    Posts
  • #31686

    deepika rastogi
    Participant

    Hi All,

    I'm using below code to read AD users through powershell objects.
    I'm unable to extract only the group name, what is get is something like below when the user belongs to two groups:
    CN=ADMINISTRATORS,CN=XYZ,CN=Authentication Sources,O=Enterprise,CN=XYZ
    CN=Administrators Group,CN=XYZ,CN=Authentication Sources,O=Enterprise,CN=XYZ
    I just need ADMINISTRATORS, Administrators Group.
    Below is the code i use:

    $objSearch.SearchRoot = "LDAP://localhost:0000/CN=XYZ,CN=Authentication Sources,O=Enterprise,CN=XYZ"
    $AllObj = $objSearch.FindAll()
    # Declare an array of objects to collect user attributes
    $resultsarray =@()
    foreach ($objresults in $AllObj)
    {
    $resultsarray += New-Object -Type PSObject -Property (
    @{

    'UserAccountDisabled' = $objresults.Properties.Item("msDS-UserAccountDisabled") | Out-String
    'UserName' = $objresults.Properties.Item("name") | Out-String
    'UserGivenName' = $objresults.Properties.Item("givenname") | Out-String
    'UserID' = $objresults.Properties.Item("userprincipalname") | Out-String
    'UserIsMemberof' = $objresults.Properties.Item("memberof") | Out-String
    'LastLogonTimestamp' = [datetime]::fromfiletime(($objresults.Properties.Item("lastlogontimestamp")[0])).ToString('f') -Join ","
    'UserDistinguishedName' = $objresults.Properties.Item("distinguishedname") | Out-String
    'UserAccountCreatedOn' = $objresults.Properties.Item("whencreated") | Out-String
    'UserAccountChangedOn' = $objresults.Properties.Item("whenchanged") | Out-String
    'UserMiddleName' = $objresults.Properties.Item("middlename") | Out-String
    'UserDisplayName' = $objresults.Properties.Item("displayname") -Join ","
    }
    )
    }
    Any quick response will be highly appreciated.

    Thanks

  • #31687

    Mark Hammonds
    Participant

    get groups

    $AdGroup = Get-ADObject -SearchBase "CN=ADMINISTRATORS,CN=XYZ,CN=Authentication Sources,O=Enterprise,CN=XYZ" -filter *

    get users who are in a specific group

    $Users = Get-ADUser SearchBase "CN=ADMINISTRATORS,CN=XYZ,CN=Authentication Sources,O=Enterprise,CN=XYZ" -filter * -Properties Memberof | ?{ $_.Memberof -clike "*ADMINISTRATORS*"}

    if you want trim the Distinguished name

    $Item = @()

    Foreach($DN in $DNS){
    $DN = $DN.trimstart("CN=")
    $item += New-Object psobject -Property ([Ordered]@{group = "$($DN.Split(",")[0]"})
    }

    im just guessing at this point im on my ipad cant test maybe some one else can chime in

  • #31691

    deepika rastogi
    Participant

    Hi Mark,

    Good to see your quick response on this but could you please format the below statement for getting only the Group names.This statement if part of a for loop.

    'UserIsMemberof' = $objresults.Properties.Item("memberof") | Out-String

    Sorry if I'm asking too much but I'm new to powershell.

  • #31692

    Mark Hammonds
    Participant

    It's giving you the memberof group name if you want just the name not the distinguished name you will have to do some variable clean up prior to adding it to your object I'm assuming you want something like "ADMINISTRATORS, Administrators group" added to your custom psobject

  • #31695

    deepika rastogi
    Participant

    Yes, you are correct on my requirement.
    Here is my object, I'm not sure what variable clean up should i do just to get the output.

    $ObjFilter = "(&(objectClass=xyz-User))"
    $objSearch = New-Object System.DirectoryServices.DirectorySearcher
    $objSearch.PageSize = 15000
    $objSearch.Filter = $ObjFilter
    $objSearch.SearchRoot = "LDAP://localhost:3890/CN=XYZ,CN=Authentication Sources,O=Enterprise,CN=XYZ"
    $AllObj = $objSearch.FindAll()
    # Declare an array of objects to collect user attributes
    $resultsarray =@()
    foreach ($objresults in $AllObj)
    {
    $resultsarray += New-Object -Type PSObject -Property (
    @{

    'UserAccountDisabled' = $objresults.Properties.Item("msDS-UserAccountDisabled") | Out-String
    'UserName' = $objresults.Properties.Item("name") | Out-String
    'UserGivenName' = $objresults.Properties.Item("givenname") | Out-String
    'UserID' = $objresults.Properties.Item("userprincipalname") | Out-String
    'UserIsMemberof' = $objresults.Properties.Item("memberof") | Out-String
    'LastLogonTimestamp' = [datetime]::fromfiletime(($objresults.Properties.Item("lastlogontimestamp")[0])).ToString('f') -Join ","
    'UserDistinguishedName' = $objresults.Properties.Item("distinguishedname") | Out-String
    'UserAccountCreatedOn' = $objresults.Properties.Item("whencreated") | Out-String
    'UserAccountChangedOn' = $objresults.Properties.Item("whenchanged") | Out-String
    'UserMiddleName' = $objresults.Properties.Item("middlename") | Out-String
    'UserDisplayName' = $objresults.Properties.Item("displayname") -Join ","
    }
    )
    }

    Please tell me the statement for UserIsMemberof' = $objresults.Properties.Item("memberof") | Out-String. What should i replace it with.

    Thanks.

  • #31696

    Curtis Smith
    Participant

    This should do it

    ($objresults.Properties.Item("memberof") -replace "CN=|,.*") -join ", "

    It replaces the CN= as well as everything after and including the first comma with nothing, then joins each result into a comma separated string

    Note: Remove the space in the -join if you do not want a space after each comma

  • #31697

    deepika rastogi
    Participant

    Hi Smith,

    This is exactly what I was looking for.
    Thank you so much. 🙂

    Regards,
    Deepika

  • #31707

    Mark Hammonds
    Participant

    Thanks Curtis I was on my Ipad Just could not explain it right. I like how you used the wild card to trim the rest of the line I will use that later. I was trying to split on the , then use the first item [0]

  • #31714

    deepika rastogi
    Participant

    Thanks Mark and Curtis for your responses. Have a good day. 🙂

  • #32147

    John Curtiss
    Participant

    thank you, Curtis. I was in a similar spot trying to use Trimstart to get rid of a leading "CN=", but had an issue if the first letter after the trimmed text was a C.

    $string = "CN=Chat"
    $string.trimstart("CN=")
    
    

    yields "hat," not "Chat."

    but $string -replace ("CN=",") gives "Chat".

  • #32149

    Curtis Smith
    Participant

    Ya, that's because trimstart is matching each individual character to remove from the beginning not a string of characters. So it will remove "C" "N" and "=" until something is found that is not one of those characters. In your case, it removed "C" twice.

You must be logged in to reply to this topic.