header image

get-computerDN–dealing with non-existant computers

Posted by: | July 17, 2015 Comments Off on get-computerDN–dealing with non-existant computers |

If you look at the working part of the code to discover the distinguished name of a computer:


£> $computer = ‘w12r2sus’
£> $filter = “(&(objectCategory=computer)(objectClass=computer)(cn=$computer))”
£> ([adsisearcher]$filter).FindOne().Properties.distinguishedname


What happens if the computername you chose doesn’t exist?


£> $computer = ‘w12r2nope’
£> $filter = “(&(objectCategory=computer)(objectClass=computer)(cn=$computer))”
£> ([adsisearcher]$filter).FindOne().Properties.distinguishedname


You don’t get anything returned


The filter is formed correctly

£> $filter


The FindOne() method doesn’t return anything


£> ([adsisearcher]$filter).FindOne()


If you’re just working with a single computer then not getting a result is a fair indication of a problem but if you’ve passed a number of  computer names to the function you need to know easily which ones aren’t present – especially if you save the results in a collection and want to do something else with them.


In this case I’d use write-warning to output a message that the machine wasn’t found:


£> $computer = ‘w12r2nope’
£> $filter = “(&(objectCategory=computer)(objectClass=computer)(cn=$computer))”
£> $result = ([adsisearcher]$filter).FindOne()
£> if ($result) {
>> $result.Properties.distinguishedname
>> }
>> else {
>>  Write-Warning -Message "Computer not found: $computer"
>> }
WARNING: Computer not found: w12r2nope


Putting that code into yesterday’s function gives us:


function get-computerDN {
[CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="Low")]

param (
   HelpMessage="Supply computer name" )]
   [Alias("CN", "Computer")] 

foreach ($computer in $computername) {
if ($psCmdlet.ShouldProcess("$computer", "Retreiving distinguished name")) {
    $filter = “(&(objectCategory=computer)(objectClass=computer)(cn=$computer))”
    $result = ([adsisearcher]$filter).FindOne()

    if ($result) {
    else {
       Write-Warning -Message "Computer not found: $computer"

} # end if ($psCmdlet.ShouldProcess("$computer", "Retreiving distinguished name"))
} # end foreach ($computer in $computername) {


Returns distinguished name of a computer

Returns distinguished name of one or more computers in the domain.
Assumes connectivity to domain controller. Domain independent.

.PARAMETER  computername
Name of computer for which distinguished name will be returned

get-computerDN -computername server02

Returns the distinguished name for server02.

Results are of the form:
CN=SERVER02,OU=Domain Controllers,DC=Manticore,DC=org

[adsisearcher] is a shortcut for System.DirectoryServices.DirectorySearcher





Which is used like this

£> ‘server02’, ‘w12r2sus’, ‘w12r2nope’ | get-computerDN
CN=SERVER02,OU=Domain Controllers,DC=Manticore,DC=org
WARNING: Computer not found: w12r2nope


One thing you need to keep in mind when estimating the time you’ll take to write a script – you’ll be writing at least half as much again validation, error handling and help/comments compared to the actual working code

under: PowerShell and Active Directory

Comments are closed.