I am just looking for someone to point me in the right direction really. Often when working in the Active Directory module in PowerShell I run things like [pre]Get-ADUser -Filter *[/pre] and once i have tweaked that to give me the output that I require then my manager or colleagues will ask for the OU path where the user is in.
Get-ADUser does not have the OU path as such in AD but i could use either CanonicalName or DistinguishedName after i manipulate it a bit.
CanonicalName: corp.local/UK/Users/London/John Doe
DistinguishedName: CN=John Doe,OU=London,OU=Users,OU=UK,DC=corp,DC=local
What options do i have available to remove either /John Doe from CanonicalName or CN=John Doe, from the distinguishedName?
If someone please could give me some pointers and where to go and read up on what options i have available.
Thank you all in advance
$UserDN = (Get-ADUser User1).DistinguishedName
$UserOU = ($UserDN -Split ",",2)
That works, and I read up on About_Split as well. just for educational purposes, what can i do with the CN?
Likely i have the name already as it is the same as used in the attribute name. I guess i could take the length of CN and then the length of the attribute name. Add 1 to the length of name and then shorten the CN with the length of name+1 for the last /?
Glad it worked. Sorry, but I’m not following the second part about the CN. Are you trying to get the “John Doe” part from “CN=John Doe”, which came from the DN?
Think i worked it out.
So basically i wanted to remove /John Doe from the string for CanonicalName so instead of being corp.local/uk/users/london/John Doe it would be corp.local/uk/users/london.
I got it working doing the below.
$UserCN = (Get-ADUser JohnDoe -Properties CanonicalName).CanonicalName
$UserName = (Get-ADUser JohnDoe).Name
$UserCN -replace "/$UserName", ""
is it a bad way of doing it?
One thing I’ve learned about powershell is that there are tons of ways to do the same thing. Sometimes there are better ways to do things and other times there’s just different ways of doing things. What you have works just fine, though I would like to suggest a slight alteration, especially if you’re doing this for a lot of AD users. In your code, you’re calling Get-ADUser twice against each user you’re getting the find output for. If you’re doing this in mass, then that will put some extra load on the GCs (not sure how much, but simplifying things never hurts). You can get all the information you need in one call to Get-ADUser like I show below. Again, you’re way is just fine. This is just another option.
$User = (Get-ADUser e2k16mbx1 -Properties CanonicalName)
$User.CanonicalName -replace "/$($User.Name)",""