I want to retrieve a list of the objectclasses a user has been assigned. In an LDAP server like ODSEE a query for “uid=username objectclass” returns a list of the objectclasses assigned to the user.
With AD and powershell I am finding that I can only get one objectclass result returned and so far it’s always the “user” objectclass. I’ve tried a couple different methods with no success. Google is coming up emtpy for powershell returning multi-valued attribute values.
I’m not sure, I see the additional objectclass properties in AD as well and it says “Multi-valued String.” I haven’t yet found a way to do it in powershell but I would definitely expect to be able to. Hopefully someone knows and can help us both out.
Well based on the information I am reading, a user’s class will always be the same and have the same inherited superclasses.
Each instance of an object class has a multi-valued objectClass property that identifies the class of which the object is an instance, as well as all structural or abstract superclasses from which that class is derived. Thus, the objectClass property of a user object would identify the top, person, organizationalPerson, and user classes. The objectClass property does not include auxiliary classes in the list. The system sets the objectClass value when the object instance is created and it cannot be changed.
I’m used to working with Oracle ODSEE LDAP, (iPlanet, Sun Directory) where it a query for “uid=user objectclass” returns all of the assigned objectclasses, not just the top one.
What is interesting is that an LDAP query of AD will return all of the objectclasses. I’ll have to see if there is a powershell equivalent of an LDAP query that might do it. It seems like this is more of a powershell limitation than something inherent to AD.
If you want it to be an actual property of an object, just use this to populate that object. You shouldn’t call it objectclass because it already exists. I agree this seems like a limitation in powershell. At least in the way it outputs it. I was unable to do it in powershell, which is why I wrapped dsquery and parsed the output. I am also looking for a way to do this with an LDAP filter.