Script to Check List against AD Users RRS feed

  • Question

  • I am trying to take a list of user names and compare them to the related AD account and Pull the contents (if any) of extensionAttribute6, which a previous Admin populated for a Custom project.  I have a list in an Text file which I have placed in C:\Distrib\ConcurListlast.txt  I have tried a couple of different formats for the user names in the List that I am calling (First Last/Just Last/Last, First), but my query errors out with Cannot find an object with identity...  When I manually search using the objects from the list they are locate able.  My query currently looks like:  

    $user = ForEach ($user in $(Get-Content c:\distrib\ConcurListLast.txt)) {Get-ADUser $user -Properties extensionAttribute6}

    $users | Select-Object SamAccountName, extensionAttribute6 | Export-CSV -Path c:\Distrib\ConcurListLast.csv

    Any Thoughts as to where I have gone off the Tracks?


    Monday, August 14, 2017 6:07 PM

All replies

  • Hi JustHangingOn 

    The script just has and extra s on the $users other than that it should work.  If there are spaces in the txt file that will cause an error. The txt file needs to have one name per line and no spaces before or after the  Username. 

    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

    Monday, August 14, 2017 6:33 PM
  • User name must be SamAccountName, DistinguishedName, ObjectGUI.

    See help for Get-AdUser for more details

    -Identity <ADUser>
        Specifies an Active Directory user object by providing one of the following property values. The identifier in
        parentheses is the LDAP display name for the attribute.
          Distinguished Name
            Example:  CN=SaraDavis,CN=Europe,CN=Users,DC=corp,DC=contoso,DC=com
          GUID (objectGUID)
            Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
          Security Identifier (objectSid)
            Example: S-1-5-21-3165297888-301567370-576410423-1103
          SAM account name  (sAMAccountName)
            Example: saradavis
        The cmdlet searches the default naming context or partition to find the object. If two or more objects are found,
        the cmdlet returns a non-terminating error.
        This parameter can also get this object through the pipeline or you can set this parameter to an object instance.
        This example shows how to set the parameter to a distinguished name.
          -Identity  "CN=SaraDavis,CN=Europe,CN=Users,DC=corp,DC=contoso,DC=com"
        This example shows how to set this parameter to a user object instance named "userInstance".
          -Identity   $userInstance
        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?       true (ByValue)
        Accept wildcard characters?  false


    Monday, August 14, 2017 6:36 PM
  • A lot depends on what is in your csv. As jrv noted, best would be if the file has the sAMAccountNames of the users. This uniquely identifies the users in the domain and you can use the -Identity parameter of Get-ADUser to reliably retrieve information. If instead the csv has first and last names, then you can use the -Filter parameter to query for the users, but only if the givenName and sn attributes of the users (the FirstName and LastName) are populated with matching values. Or, if the csv has first and last names, these might match the Names of the users (the value of the cn attribute, also called the Relative Distinguished Name of the user). With both the cn and givenName/sn attributes, they might not uniquely identify the user, so the code should account for multiple users (or no users).

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Monday, August 14, 2017 9:07 PM