Author Posts

November 4, 2015 at 12:23 pm

Hi All,

I'm using below code to read AD users through powershell objects.
I'm unable to extract only the group name, what is get is something like below when the user belongs to two groups:
CN=ADMINISTRATORS,CN=XYZ,CN=Authentication Sources,O=Enterprise,CN=XYZ
CN=Administrators Group,CN=XYZ,CN=Authentication Sources,O=Enterprise,CN=XYZ
I just need ADMINISTRATORS, Administrators Group.
Below is the code i use:

$objSearch.SearchRoot = "LDAP://localhost:0000/CN=XYZ,CN=Authentication Sources,O=Enterprise,CN=XYZ"
$AllObj = $objSearch.FindAll()
# Declare an array of objects to collect user attributes
$resultsarray =@()
foreach ($objresults in $AllObj)
{
$resultsarray += New-Object -Type PSObject -Property (
@{

'UserAccountDisabled' = $objresults.Properties.Item("msDS-UserAccountDisabled") | Out-String
'UserName' = $objresults.Properties.Item("name") | Out-String
'UserGivenName' = $objresults.Properties.Item("givenname") | Out-String
'UserID' = $objresults.Properties.Item("userprincipalname") | Out-String
'UserIsMemberof' = $objresults.Properties.Item("memberof") | Out-String
'LastLogonTimestamp' = [datetime]::fromfiletime(($objresults.Properties.Item("lastlogontimestamp")[0])).ToString('f') -Join ","
'UserDistinguishedName' = $objresults.Properties.Item("distinguishedname") | Out-String
'UserAccountCreatedOn' = $objresults.Properties.Item("whencreated") | Out-String
'UserAccountChangedOn' = $objresults.Properties.Item("whenchanged") | Out-String
'UserMiddleName' = $objresults.Properties.Item("middlename") | Out-String
'UserDisplayName' = $objresults.Properties.Item("displayname") -Join ","
}
)
}
Any quick response will be highly appreciated.

Thanks

November 4, 2015 at 12:29 pm

get groups

$AdGroup = Get-ADObject -SearchBase "CN=ADMINISTRATORS,CN=XYZ,CN=Authentication Sources,O=Enterprise,CN=XYZ" -filter *

get users who are in a specific group

$Users = Get-ADUser SearchBase "CN=ADMINISTRATORS,CN=XYZ,CN=Authentication Sources,O=Enterprise,CN=XYZ" -filter * -Properties Memberof | ?{ $_.Memberof -clike "*ADMINISTRATORS*"}

if you want trim the Distinguished name

$Item = @()

Foreach($DN in $DNS){
$DN = $DN.trimstart("CN=")
$item += New-Object psobject -Property ([Ordered]@{group = "$($DN.Split(",")[0]"})
}

im just guessing at this point im on my ipad cant test maybe some one else can chime in

November 4, 2015 at 1:56 pm

Hi Mark,

Good to see your quick response on this but could you please format the below statement for getting only the Group names.This statement if part of a for loop.

'UserIsMemberof' = $objresults.Properties.Item("memberof") | Out-String

Sorry if I'm asking too much but I'm new to powershell.

November 4, 2015 at 2:13 pm

It's giving you the memberof group name if you want just the name not the distinguished name you will have to do some variable clean up prior to adding it to your object I'm assuming you want something like "ADMINISTRATORS, Administrators group" added to your custom psobject

November 4, 2015 at 3:12 pm

Yes, you are correct on my requirement.
Here is my object, I'm not sure what variable clean up should i do just to get the output.

$ObjFilter = "(&(objectClass=xyz-User))"
$objSearch = New-Object System.DirectoryServices.DirectorySearcher
$objSearch.PageSize = 15000
$objSearch.Filter = $ObjFilter
$objSearch.SearchRoot = "LDAP://localhost:3890/CN=XYZ,CN=Authentication Sources,O=Enterprise,CN=XYZ"
$AllObj = $objSearch.FindAll()
# Declare an array of objects to collect user attributes
$resultsarray =@()
foreach ($objresults in $AllObj)
{
$resultsarray += New-Object -Type PSObject -Property (
@{

'UserAccountDisabled' = $objresults.Properties.Item("msDS-UserAccountDisabled") | Out-String
'UserName' = $objresults.Properties.Item("name") | Out-String
'UserGivenName' = $objresults.Properties.Item("givenname") | Out-String
'UserID' = $objresults.Properties.Item("userprincipalname") | Out-String
'UserIsMemberof' = $objresults.Properties.Item("memberof") | Out-String
'LastLogonTimestamp' = [datetime]::fromfiletime(($objresults.Properties.Item("lastlogontimestamp")[0])).ToString('f') -Join ","
'UserDistinguishedName' = $objresults.Properties.Item("distinguishedname") | Out-String
'UserAccountCreatedOn' = $objresults.Properties.Item("whencreated") | Out-String
'UserAccountChangedOn' = $objresults.Properties.Item("whenchanged") | Out-String
'UserMiddleName' = $objresults.Properties.Item("middlename") | Out-String
'UserDisplayName' = $objresults.Properties.Item("displayname") -Join ","
}
)
}

Please tell me the statement for UserIsMemberof' = $objresults.Properties.Item("memberof") | Out-String. What should i replace it with.

Thanks.

November 4, 2015 at 3:35 pm

This should do it

($objresults.Properties.Item("memberof") -replace "CN=|,.*") -join ", "

It replaces the CN= as well as everything after and including the first comma with nothing, then joins each result into a comma separated string

Note: Remove the space in the -join if you do not want a space after each comma

November 4, 2015 at 3:54 pm

Hi Smith,

This is exactly what I was looking for.
Thank you so much. 🙂

Regards,
Deepika

November 5, 2015 at 4:22 am

Thanks Curtis I was on my Ipad Just could not explain it right. I like how you used the wild card to trim the rest of the line I will use that later. I was trying to split on the , then use the first item [0]

November 5, 2015 at 9:37 am

Thanks Mark and Curtis for your responses. Have a good day. 🙂

November 19, 2015 at 1:29 pm

thank you, Curtis. I was in a similar spot trying to use Trimstart to get rid of a leading "CN=", but had an issue if the first letter after the trimmed text was a C.

$string = "CN=Chat"
$string.trimstart("CN=")

yields "hat," not "Chat."

but $string -replace ("CN=",") gives "Chat".

November 19, 2015 at 1:46 pm

Ya, that's because trimstart is matching each individual character to remove from the beginning not a string of characters. So it will remove "C" "N" and "=" until something is found that is not one of those characters. In your case, it removed "C" twice.