I am trying to set up a method in which a user can tell me there username, I plug it in and it will return me their computerName.
//Get the Username
$username = Read-Host -prompt 'Username'
//Get the DistinguishedName and store it
$usernameDN = Get-ADUser $username -properties * | SELECT DistinguishedName
//Get the ComputerName
//This one fails everytime
Get-ADComputer -Filter {ManagedBy -eq $usernameDN} -properties * | SELECT CN,ManagedBy
//Error I receive...almost as if it has to be a string
Get-ADComputer : Invalid value: '' specified for extended attribute:
'ManagedBy'. At line:1 char:1
+ Get-ADComputer -Filter {ManagedBy -eq $usernamedn} -properties * | SE ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-ADComputer], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Comm
ands.GetADComputer
//So you put it as a string
PS C:\WINDOWS\system32> Get-ADComputer -Filter {ManagedBy -eq '$usernamedn'} -properties * | SELECT CN,ManagedBy
//Error
Get-ADComputer : Identity info provided in the extended attribute:
'ManagedBy' could not be resolved. Reason: 'Cannot find an object with
identity: '$usernamedn' under: 'DC=****,DC=*****'.'. At line:1 char:1
+ Get-ADComputer -Filter {ManagedBy -eq '$usernamedn'} -properties * | ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-ADComputer], ADIdentityResolutionException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityResolutionException
,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
//However if you replace the variable with the literal DistinguishedName...it will work
PS C:\WINDOWS\system32> Get-ADComputer -Filter {ManagedBy -eq 'CN=*******\, ***** *.,OU=********,OU=*****,OU=******,DC=*****,DC=******'} -properties * | SELECT CN,ManagedBy
//Result
CN ManagedBy
-- ---------
********* CN=**\, ** *.,OU=***,OU=***,OU=***,DC=***,DC=**
********* CN=**\, ** *.,OU=***,OU=***,OU=***,DC=***,DC=**
So I'm thinking my issue is that the Filter requires it to be string, but I can't figure out the right escape to make the variable read that way.
I tried to do the string formatting as well, but I don't completely understand that yet
Thanks,
I recommend using -LDAPFilter instead of -Filter and using an LDAP filter string:
Get-ADUser -LDAPFilter "(managedBy=$usernameDN)"
It is worth your while to learn the LDAP search filter syntax, since that's what PowerShell has to "translate" the -Filter into anyway.
This was simply an expression problem, your example works fine for me. You are just missing the () inside the {}.
Get-ADComputer -Filter {(ManagedBy -eq $usernameDN)} -properties * | SELECT CN,ManagedBy
Related
hope you are doing well
I normally use this script to return the value of extensionattribute1
$a = read-host "enter badge"
get-aduser -Filter {extensionattribute1 -eq $a } -Properties * -server "Server" | format-list extensionattribute1,Title,AccountExpirationDate,DistinguishedName,SamAccountName,enabled,Description,Orginizations,extensionattributeies
and i get the results. but sometimes i get this strange error
get-aduser : Object reference not set to an instance of an object.
At line:2 char:1
get-aduser -Filter {extensionattribute1 -eq $a } -Properties * -serve ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : NotSpecified: (:) [Get-ADUser], NullReferenceException
FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.NullReferenceException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
normally it will be solved after a restart, but I want to fix it without restarting if possible.
thanks
I am looking for all accounts that have “(FUR)” in the begging of their AD account description. I need these for any and all OUs under Office/Users. All of these accounts that Have “(FUR)” in the description, I need the following exported;
User Logon Name
Description
extensionattribute11
This is what I have come up with so far:
Import-Module ActiveDirectory;
$creds = Get-Credential
$OUPath = 'OU=Standard Users,OU=NY,OU=users,OU=Offices,DC=US,DC=FLN,DC=NET'
Get-ADUser -Properties Description -Filter "(FUR)" -SearchBase $OUPath
This is the error I get:
Get-ADUser : Error parsing query: '(FUR)' Error Message: 'syntax
error' at position: '5'. At line:2 char:1
+ Get-ADUser -Properties Description -Filter "(FUR)" -SearchBase $OUPat ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Get-ADUser], ADFilterParsingException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
When using the -Filter parameter, you must pass a string that contains the syntax propertyName -operator value.
Get-ADUser -Properties Description -Filter "Description -like '(FUR)*'" -SearchBase $OUPath
(FUR)* would match a value that begins with (FUR). You would need to use *(FUR)* if you do not know where (FUR) exists within the value.
See Get-ADUser for a more in-depth description.
Trying to search AD account properties pulling from a CSV. The Import-CSV line works by itself. I cannot for the life of me figure out why it is asking for a filter. I took this from another script I found where they said it worked. Others were using a For-Each statement.
PS C:\Users\XXXXX> Import-CSV .\listofnames.csv | Get-ADUser $_.DisplayName -properties displayname
Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null or an element of the argument
collection contains a null value.
At line:1 char:43
+ Import-CSV .\listofnames.csv | Get-ADUser $_.DisplayName -properties ...
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser
Its prompting you for the 'Identity' because that is how it identifies what user you are searching for.
Try this:
$users = get-content C:\Temp\test.csv
foreach ($user in $users){Get-ADUser -Identity $user -Properties displayname}
The CSV file just has the user IDs for the users who you would like to find info for.
Or if you can try the following:
Import-Csv C:\Temp\users.csv | ForEach-Object { Get-ADUser -identity $_.Name -Properties displayname }
For a lab working on PowerShell, I have to target a specific OU and list the following information in a text file.
DistinguishedName
DNSHostName
Enabled
Name
ObjectClass
ObjectGUID
SamAccountName
SID
UserPrincipleName
I've found a ton of resources online on how to do this and continuously get an error no matter how I format it.
Here is my code:
$ou = 'OU=Testing,OU=Labs,OU=UWEC Computers DC=uwec, DC=edu'
$Computers = Get-ADComputer -Filter '*' -SearchBase $ou
$Computers | foreach {
$_.DNSHostName
} | Out-File -Filepath "C:\Windows\Temp\Lab7.txt"
I continuously get this error no matter what syntax I use:
Get-ADComputer : The object name has bad syntax
At line:1 char:1
+ Get-ADComputer -Filter '*' -SearchBase 'OU=Testing,OU=Labs,OU=UWEC Co ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ADComputer], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8335,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
The code you posted does not match the error you posted. However, the most likely reason for the error is a missing comma in your OU:
$ou = 'OU=Testing,OU=Labs,OU=UWEC Computers DC=uwec, DC=edu'
# ^right here
Change that into
$ou = 'OU=Testing,OU=Labs,OU=UWEC Computers,DC=uwec, DC=edu'
and the problem should disappear.
I am attempting to write some scripts to match a partial AD user account name into a get-aduser script to return the objects for another routine.
However, the command when executed it returning a parse error
The strange thing is that when checking the syntax of the output, it looks AOK:
PS C:\Users> $ADUserString = "dcro"
PS C:\Users> write-host get-aduser -filter "{SAMAccountName -like '"$ADUserString*'"}"
get-aduser -filter {SAMAccountName -like "dcro*"}
Note: I have used the right-tick character ` prepeding the quotes on the variable to keep them as a string value
So when executing the command:
PS C:\Users> get-aduser -filter "{SAMAccountName -like "$ADUserString*"}"
get-aduser : Error parsing query: '{SAMAccountName -like "dcro"}' Error Message: 'syntax error' at position: '1'.
At line:1 char:1
+ get-aduser -filter "{SAMAccountName -like "$ADUserString*"}"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Get-ADUser], ADFilterParsingException
+ FullyQualifiedErrorId : Error parsing query: '{SAMAccountName -like "dcro*"}' Error Message: 'syntax error' at position: '1'.,Microsoft.ActiveDirectory.Management.Commands.GetADUser*
However, if I manually type the output from my 'write-host' above, it executes perfectly fine and returns the results I am after:
PS C:\Users> get-aduser -filter {samaccountname -like "dcro*"}
DistinguishedName : CN=Dan*****,OU=A*****port,OU=Development*****************
Enabled : True
GivenName : D****
Name : D*****Cro****
ObjectClass : user
ObjectGUID : 796b**********413-558d*****d73
SamAccountName : dcro*****
SID : S-1******************67
Surname : Cro******
UserPrincipalName : dcro***********
It's pretty odd, and my feeling is that there are some weird special characters at play here.....
Try this:
$ADUserString = "dcro*"
write-host (Get-ADUser -Filter {SamAccountName -like $ADUserString} | Out-String)
Workaround I found was this (not so pretty).
$ADUserString = "dcro"
$AdUserStringWildCard = "$AdUserString*"
Get-ADUser -Filter {SamAccountName -like $AdUserStringWildCard}
Have you tried LDAPFilter anr instead? I know it tends to be iffy but might work in your scenario. It seems good at completing usernames.
Get-ADUser -LDAPFilter "(anr=$ADUserString)"