Monthly Archive

Categories

Unravelling lists of distinguished names

There are a number of AD properties such as MemberOf and directrports that consist of a collection of distinguisednames.  Sometimes you need the  name  of the object rather than the distinguished name:

function getname {
[CmdletBinding()]
param (
[string]$dn
)

$name = Get-ADObject $dn | select -ExpandProperty Name

return $name
}

Get-ADUser -Filter * -SearchBase "OU=Testing,DC=Manticore,DC=org" -Properties MemberOf |
foreach {
 
$name = $psitem.Name

foreach ($member in $psitem.MemberOf) {
   $props = [ordered]@{
     User = $name
     Group = getname -dn $member
   }

   New-Object -Property $props -TypeName PSObject

}
}

 

In this example I’m looking at the MemberOf property.  Pull back the set of users and foreach look at each member in the MemberOf list. I pass that to a function that returns the name – I can reuse the function in other scripts.

 

Don’t make the mistake of looking at group membership in this way though. You can get the names of group members much more simply

Get-ADGroupMember -Identity tg1 | select name

Comments are closed.