none
Change Output of Managedby Attribute RRS feed

  • Question

  • I'm trying to make a report for some managers that shows who is listed as the "Managedby" for a list of groups. Not every group has a managedby listed. The groups are in different domains or child domains.  The user (or group) in the managedby attribute for the group could be in a different domain as well. Now the following script works great for getting the information:

    $results = @()
    $groups = Get-Content "C:\Temp\Groups.txt"
    ForEach($group in $groups)
        {
        $results += Get-ADObject -Server "GlobalCatalog.Server.com:3268" -Filter {name -eq $group} -property msDS-PrincipalName, name, managedby, whenCreated, whenChanged, description, info|
        Select-Object  msDS-PrincipalName, name, managedby, whenCreated, whenChanged, description, info
        }$results| export-csv "C:\Temp\Groups-info.csv" -NoTypeInformation

    My isssue is the "Managedby" attribute is a DN value, not real Non-techincal manager real reader friendly. I'm trying to format the Managedby attribute into something more reader friendly. Does anyone have any ideas? I have been trying something like the following but with no luck. Really any and all help is appreciated

    $results = @()
    $groups = Get-Content "C:\Temp\Groups.txt"
    ForEach($group in $groups)
        {
        $results += Get-ADObject -Server "GC.Server.com:3268" -Filter {name -eq $group} -property msDS-PrincipalName, name, managedby, whenCreated, whenChanged, description, info|
            ForEach-Object{
                $ManagedByName = Get-ADObject -Server "GC.Server.com:3268" -Filter {$results.managedby} -Properties cn
                $ManagedByNTID = Get-ADObject -Server "GC.Server.com:3268" -Filter {$results.managedby} -Properties msDS-PrincipalName
                $ManagedByObjClass = Get-ADObject -Server "GC.Server.com:3268" -Filter {$results.managedby} -Properties ObjectClass
            }|Select-Object msDS-PrincipalName, name, managedby, $ManagedByName, $ManagedByNTID, $ManagedByObjClass, whenCreated, whenChanged, description, info
        
        } $results| export-csv "C:\Temp\Groups-info.csv"


    Thanks in Adavance

    Thursday, March 13, 2014 6:44 PM

Answers

  • Bill,

    YOU ROCK!!!!, Thank you SOOOOOO much for your help. That was the last part. In case someone in the future is looking through forums here is the final script I used to get the information I needed:

    get-content "C:\Temp\Groups.txt" | foreach-object {
      $params = @{
        "Filter" = { Name -eq $_ }
        "Properties" = @("DistinguishedName", "msDS-PrincipalName", "name","managedBy","ObjectClass", "whenCreated","whenChanged","description","info")
        "Server" = "GC.Server.com:3268"
      }
      get-adobject @params | select-object @{Name="Domain\GroupName";
        Expression={Get-ADObject -Server "GC.Server.com:3268" -Filter {DistinguishedName -eq $_.DistinguishedName} -Properties msDS-PrincipalName |Select -expandproperty msDS-PrincipalName}},
        name, 
        @{Name="managedBy Display Name";
          Expression={Get-ADObject -Server "GC.Server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} -Properties cn |Select -expandproperty cn}},
        @{Name="managedBy Domain\UserName";
          Expression={Get-ADObject -Server "GC.Server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} -Properties msDS-PrincipalName |Select -expandproperty msDS-PrincipalName}},
        @{Name="managedBy Type";
          Expression={Get-ADObject -Server "GC.Server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} |Select -expandproperty ObjectClass}},
        whenCreated,whenChanged, description, Info
    } | export-csv "C:\Temp\Groups-info.csv" -notypeinformation
    Bill is DA MAN!!!!!

    Thanks in Adavance

    • Marked as answer by John-Barrett Wednesday, March 19, 2014 12:03 AM
    Thursday, March 13, 2014 11:52 PM

All replies

  • Use the Translate-ADName.ps1 script to translate the DN to whatever format you want.


    -- Bill Stewart [Bill_Stewart]

    Thursday, March 13, 2014 7:15 PM
    Moderator
  • Bill,

    thanks for the reply, but how do I get the translate-adname.ps1 to tell me if the mangedby attribute is a user or a group?

    When I ran the following script:

    $results = @()
    $groups = Get-Content "C:\Temp\Groups.txt"
    ForEach($group in $groups)
        {
        $results += Get-ADObject -Server "GC.Server:3268" -Filter {name -eq $group} -property msDS-PrincipalName, name, managedby, whenCreated, whenChanged, description, info|
                ForEach-Object{
                $ManagedByName = "C:\Scripts\PS-Scripts\Translate-ADName.ps1" Display "$group" -InitType server -InitName "GC.Server:3268"
                $ManagedByNTID = "C:\Scripts\PS-Scripts\Translate-ADName.ps1" NT4 "$group" -InitType server -InitName "GC.Server:3268"
                }|Select-Object msDS-PrincipalName, name, managedby, $ManagedByName, $ManagedByNTID, whenCreated, whenChanged, description, info
        }$results| export-csv "C:\Temp\Test-Groups-info.csv"

    I get the following error:

    C:\Scripts\PS-Scripts\Translate-ADName.ps1 : Exception calling "InvokeMember" with "5" argument(s): "The list of RPC servers available for the binding of auto handles has been exhausted. 
    (Exception from HRESULT: 0x800706EC)"

    Any other suggestions?

    Thanks in Adavance

    Thursday, March 13, 2014 7:39 PM
  • This would be a more PowerShell-like approach:


    get-content "C:\Temp\Groups.txt" | foreach-object {
      $params = @{
        "Filter" = { Name -eq $_ }
        "Properties" = @("name","managedBy","whenCreated",
                         "whenChanged","description","info")
        "Server" = "GC.Server:3268"
      }
      get-adobject @params | select-object `
        name,
        managedBy,
        @{Name="managedByDisplayName";
          Expression={C:\Scripts\PS-Scripts\Translate-ADName display $_.DistinguishedName -inittype server -initname "GC.Server:3268"}},
        @{Name="managedByNTName";
          Expression={C:\Scripts\PS-Scripts\Translate-ADName NT4 $_.DistinguishedName -inittype server -initname "GC.Server:3268"}},
        whenCreated,
        whenChanged,
        description,
        Info
    } | export-csv "C:\Temp\Test-Groups-info.csv" -notypeinformation
    

    Regarding the error from the NameTranslate COM object:

    The list of RPC servers available for the binding of auto handles has been exhausted.

    I haven't seen that error, but this is the kind of thing where doing a web search can be helpful.


    -- Bill Stewart [Bill_Stewart]


    Thursday, March 13, 2014 7:55 PM
    Moderator
  • Bill,

    I want to thank you for taking the time to reply and showing me a differernt way to think about using powershell. I'm still learning about what can be done and how to make the scripts more efficent with powershell. So for you to take the extra time and write out the previous script I do truely appreciate it.

    So I ran the script you provided and I ran into two issues. 1st while it does make the columns ManagedbyDisplayName and MangedbyNTName there aren't any values in the columns. Now I'm most likely wrong, but I would have guessed it would give me the NTName and Display name of the original group, not the mangedby?

    The reason I thought that was the 2nd thing I need is if the object listed in managedby is what type of object it is. Since I want to get what type of object the managedby. I tried to kind of follow your example I included the following:

          @{Name="managedByType";
          Expression={Get-ADObject -Server "GC.Server:3268" -Filter {DistinguishedName -eq $_.DistinguishedName} -Properties ObjectClass}},

    which produced the managedbyType column and column of @{objectClass=group}, So the ?script block? part isn't doing what I thought it should be doing in searching for the mangedby (by DN) and selecting that objects object class. I do appologize for my lack of understanding but I'm just trying to learn and If I don't ask then I figure its my own fault for just not asking.

    If you or anyone can help I would be more than willing to try and learn.


    Thanks in Adavance

    Thursday, March 13, 2014 10:37 PM
  • Sorry, you're correct - those calculated properties are getting display and NT4 name for the base group, not the DN specified in the managedBy attribute. I meant to write these two lines:


        @{Name="managedByDisplayName";
          Expression={Translate-ADName display $_.managedBy -inittype server -initname "GC.Server:3268"}},
        @{Name="managedByNTName";
          Expression={Translate-ADName NT4 $_.managedBy -inittype server -initname "GC.Server:3268"}},
    

    The only change there is to use managedBy instead of distinguishedName.


    -- Bill Stewart [Bill_Stewart]

    Thursday, March 13, 2014 10:42 PM
    Moderator
  • I'm still not gettting any values in the columns

    Thanks in Adavance

    Thursday, March 13, 2014 10:57 PM
  • Bill,

    I modified your script and as of now I'm not using the Translate-ADName.ps1, but I am getting the values I 'm looking for....well kind of here is the script I working on:

    get-content "C:\Temp\Test-Groups.txt" | foreach-object {
      $params = @{
        "Filter" = { Name -eq $_ }
        "Properties" = @("msDS-PrincipalName", "name","managedBy","ObjectClass", "whenCreated","whenChanged","description","info")
        "Server" = "CG.server.com:3268"
      }
      get-adobject @params | select-object msDS-PrincipalName, name, managedBy,
        @{Name="managedByDisplayName";
          Expression={Get-ADObject -Server "GC.server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} -Properties cn |Select cn}},
        @{Name="managedByNTName";
          Expression={Get-ADObject -Server "GC.server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} -Properties msDS-PrincipalName|Select msDS-PrincipalName}},
          @{Name="managedByType";
          Expression={Get-ADObject -Server "GC.server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} -Properties ObjectClass |Select ObjectClass}},
        whenCreated,whenChanged, description, Info
    } | export-csv "C:\Temp\Test-Groups-info.csv" -notypeinformation
    The part I don't understand entirely is the out-put.....It does give me the information I want, BUT each of the values has @{%requested-Attribute%=%Value-of-Attribute%} Ex: @{cn=LastName, FirstName MI}

    Thanks in Adavance


    Thursday, March 13, 2014 11:18 PM
  • Try adding -expandproperty to your select-object commands.


    -- Bill Stewart [Bill_Stewart]

    Thursday, March 13, 2014 11:19 PM
    Moderator
  • Bill,

    YOU ROCK!!!!, Thank you SOOOOOO much for your help. That was the last part. In case someone in the future is looking through forums here is the final script I used to get the information I needed:

    get-content "C:\Temp\Groups.txt" | foreach-object {
      $params = @{
        "Filter" = { Name -eq $_ }
        "Properties" = @("DistinguishedName", "msDS-PrincipalName", "name","managedBy","ObjectClass", "whenCreated","whenChanged","description","info")
        "Server" = "GC.Server.com:3268"
      }
      get-adobject @params | select-object @{Name="Domain\GroupName";
        Expression={Get-ADObject -Server "GC.Server.com:3268" -Filter {DistinguishedName -eq $_.DistinguishedName} -Properties msDS-PrincipalName |Select -expandproperty msDS-PrincipalName}},
        name, 
        @{Name="managedBy Display Name";
          Expression={Get-ADObject -Server "GC.Server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} -Properties cn |Select -expandproperty cn}},
        @{Name="managedBy Domain\UserName";
          Expression={Get-ADObject -Server "GC.Server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} -Properties msDS-PrincipalName |Select -expandproperty msDS-PrincipalName}},
        @{Name="managedBy Type";
          Expression={Get-ADObject -Server "GC.Server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} |Select -expandproperty ObjectClass}},
        whenCreated,whenChanged, description, Info
    } | export-csv "C:\Temp\Groups-info.csv" -notypeinformation
    Bill is DA MAN!!!!!

    Thanks in Adavance

    • Marked as answer by John-Barrett Wednesday, March 19, 2014 12:03 AM
    Thursday, March 13, 2014 11:52 PM