Get OU of AD user

PowerShell Help
1

Hi, I need to get the OU of a user. I have tried various scripts on the web but none work completely.
Here is what I finally arrived at, which works great, but I need to have all 3 commands in a single line.

$user = Get-ADUser -identity $alias -Properties CanonicalName
$DistinguishedName = $user.DistinguishedName
$ou = $DistinguishedName.split(",")[($user.Name -split ',').count..($DistinguishedName.split(",").Length+1)] -join(",")

I tried getting it into a single line:

$ou = Get-ADUser -identity $alias -Properties CanonicalName | select-object -property DistinguishedName,Name | $_.DistinguishedName.split(",")[($_.Name -split ',').count..($_.DistinguishedName.split(",").Length+1)] -join(",")

… but I get errors

2

This is a job for calculated properties. Its pretty simple, check this link out so you can understand the technique. Below is an example that should get you in the right direction.

$alias = 'lboydell'
Get-ADUser -identity $alias -Properties canonicalName | Select-Object -Property canonicalName,DistinguishedName,@{Name='OU';Expression={$_.DistinguishedName.Split(',')[1..$($_.DistinguishedName.Split(',')).count] -join ','}}
3

I also got it to work like this:

$ou = (((Get-ADUser -identity $alias -Properties CanonicalName | select-object -expandproperty DistinguishedName) -split",") | select -Skip 1) -join ','
4

Or…

$ou = $user.DistinguishedName -replace "cn=$alias,"
$ou

OU=People,DC=powershell,DC=org

You can’t use $_ outside a script block. You probably want to use a foreach for that one-liner.

$ou = Get-ADUser -identity $alias -Properties CanonicalName | 
select-object -property DistinguishedName,Name | 
foreach { $_.DistinguishedName.split(",")[($_.Name -split ',').count..($_.DistinguishedName.split(",").Length+1)] -join(",") }
5

Like Logan says calculated properties are the way to go.

However, [1…-1] returns something weird because it counts backward from 1 to -1:
1: the OU name
0: the username
-1: the last item of the array which is probably the last member of the FDQN of your company (probably “dc=com”).

I would rather go for RegEx.

Get-ADUser -identity $alias -Properties canonicalName |
    Select-Object -Property canonicalName,DistinguishedName,@{
        Name='OU';
        Expression={$_.DistinguishedName -replace 'cn.+?,'}
    }

Furthermore, do you want the OU distinguished name or only the OU name?

If you want only the OU name, here is a proposition.

Get-ADUser -identity $alias -Properties canonicalName |
    Select-Object -Property canonicalName,DistinguishedName,@{
        Name='OU';
        Expression={$_.DistinguishedName.Split(',')[1].replace('OU=','')}
    }
6

Hi Logan, Thanks for your reply and the tip on calculated properties!!!

I see that the number of comas have been hardcoded to 1. Although I need to be able to keep that as a variable as some names contain comma and some do not.

Hence I had ($user.Name -split ‘,’).count instead of 1.

This works great:

Get-ADUser -identity $alias -Properties canonicalName | Select-Object @{Name='OU';Expression={$_.DistinguishedName.Split(',')[($_.Name -split ',').count..$($_.DistinguishedName.Split(',')).count] -join ','}}
7

Thanks Luc, this one works great too !!!

8

[quote quote=133497]Hi Logan, Thanks for your reply and the tip on calculated properties!!!

I see that the number of comas have been hardcoded to 1. Although I need to be able to keep that as a variable as some names contain comma and some do not.

Hence I had ($user.Name -split ‘,’).count instead of 1.

This works great:

PowerShell
3 lines
<textarea class="ace_text-input" style="left: 44px; top: 0px; width: 6.6px; height: 18px; opacity: 0;" spellcheck="false" wrap="off"></textarea>
1
2
3
Get-ADUser -identity $alias -Properties canonicalName | Select-Object @{Name='OU';Expression={$_.DistinguishedName.Split(',')[($_.Name -split ',').count..$($_.DistinguishedName.Split(',')).count] -join ','}}
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[/quote]

That [1…] in my code is not “hardcoding the commas”, its indexing into the 2nd item in the array. Since the first index (0) is the CN=User Name. I can see what you are doing in your code, but its pointless and really confusing. Consider what your code is doing…

[pre]
$alias = ‘testuser’
$user = Get-ADUser -identity $alias -Properties CanonicalName
$user.Name
$user.Name -split ‘,’
($user.Name).Count
($user.Name -split ‘,’).Count
[/pre]

As you can see splitting it by a comma doesn’t achieve anything because there is no comma to split on, you are just needlessly inconveniencing electrons. :slight_smile:
We know the structure of a distinguishedName, so its reasonable to split one into an array based on commas and index into position 1 to omit the user name.
Here is some reading to help in your understanding of working with Arrays and working with strings

Arrays

Strings
https://4sysops.com/archives/working-with-strings-in-powershell/

9

Actually there is a comma in most names. I mentioned it in my earlier message too “Although I need to be able to keep that as a variable as some names contain comma and some do not”. Why would I want to reinvent the wheel if there was no comma?

Anyway its all cool as I have it just the way I need it.

 

10

[quote quote=133736]Actually there is a comma in most names. I mentioned it in my earlier message too “Although I need to be able to keep that as a variable as some names contain comma and some do not”.

Anyway its all cool as I have it just the way I need it.

[/quote]
I totally missed that post :frowning: My apologies! Glad you got it working.