none
Convert distinguishedName to Domain\SamAccountName RRS feed

  • Question

  • I have a list of distinguishedName values for either a user or group in a text file. The user or group are in different child domains. I'm trying to figure out the out put to be CN Domain\SamAccountName Ex: column 1: joe, blow column 2: Domain1\jblow. I'm pretty sure there isn't an attribute that has domain\username, so I'm hoping someone else knows simple way to help me get the information formated how I would like it fomatted.

    $results = @()
    $object= Get-Content "C:\Temp\DN-Values.txt"
    ForEach($object in $objects)
        {
           $results += Get-ADObject -Server "GlobalCatalog.server.com:3268" -Filter {distinguishedName -eq $object} -property cn, SamAccountName, userPrincipalName | Select-Object  cn, SamAccountName, userPrincipalName
        }
    $results| export-csv "C:\temp\Wanted-info.csv"



    Thanks in Adavance

    Monday, March 10, 2014 10:47 PM

Answers

All replies

  • I did find this but can't seem to get it to work

    the error I get is

    C:\Scripts\PS-Scripts\Translate-ADName.ps1 : A positional parameter cannot be found that accepts argument 'System.Object[]'.


    Thanks in Adavance

    Monday, March 10, 2014 10:53 PM
  • Hi,

    Here's some parsing that might do the trick for you:

    Select-Object  cn, SamAccountName, userPrincipalName, @{N='Domain\username';E={ "$((($_.DistinguishedName -split 'DC=')[1]).Replace(',',''))\$($_.SamAccountName)"}}


    Don't retire TechNet! - (Don't give up yet - 12,700+ strong and growing)

    • Marked as answer by John-Barrett Monday, March 10, 2014 11:11 PM
    Monday, March 10, 2014 11:00 PM
  • Mike,

    Thank YOU!!!!! You get today's High 5 award :-) that did the trick. Just in case someone else in the future needs to do this here is the code I used:

    $results = @()
    $objects= Get-Content "C:\Temp\DN-Values.txt"
    ForEach($object in $objects)
        {
         $results += Get-ADObject -Server "GlobalCatalog.server.com:3268" -Filter {distinguishedName -eq $object} -property cn, SamAccountName | Select-Object  cn,  @{N='Domain\username';E={ "$((($_.DistinguishedName -split 'DC=')[1]).Replace(',',''))\$($_.SamAccountName)"}}
        }
    $results| export-csv "C:\Temp\Wanted-info.csv"
    Thanks again Mike

    Thanks in Adavance

    Monday, March 10, 2014 11:17 PM
  • If you have distinguishedNames then it does not matter if they are in different domains.  AD will find them.  You onle need to worry about domains when you are searching by name or samaccountname.  Wen a name contains a domain, a GUID  or a SID it can find the object with Get-ADObject


    ¯\_(ツ)_/¯

    Monday, March 10, 2014 11:50 PM
  • FYI, there an attribute that has the format/value I was looking for "msDS-PrincipalName"

    Thanks in Adavance

    Tuesday, March 11, 2014 7:49 PM
  • FYI, there an attribute that has the format/value I was looking for "msDS-PrincipalName"

    Thanks in Adavance

    =]

    That's a little easier than all that parsing.


    Don't retire TechNet! - (Don't give up yet - 12,700+ strong and growing)

    Tuesday, March 11, 2014 8:00 PM
  • FYI, there an attribute that has the format/value I was looking for "msDS-PrincipalName"

    Thanks in Adavance

    There is no msDS-PrincipalName in ADSI or in Get-ADUser.  It is also not a domain\acountid format like you asked for.

    The attribute in AD (as opposed to the schema) is UserPrincipalName

    Try this to see:

    Get-AdUser -Filter * -Properties * | select samaccountname, userprincpalname, msDS-PrincipalName

    All of these are easily available via NameTranslate.  UPN (UserPrincipalName) is cross domain compatible. It carries the domain Identifier with it.

    UPN is of the format NTAccount@<fqdn>  This initially set to samaccountname but does not have to be.  It must be unique across the domain. john.smith@contoso.com


    ¯\_(ツ)_/¯

    Tuesday, March 11, 2014 8:31 PM
  • So the short form would be:

    Get-Content C:\Temp\DN-Values.txt n|
         ForEach-Object{ [adsi]"GC://$_"} |
         Select-Object  cn, SamAccountName, userPrincipalName |
         Export-Csv C:\temp\Wanted-info.csv -NoType
    
    


    ¯\_(ツ)_/¯

    Tuesday, March 11, 2014 8:44 PM
  • There is no msDS-PrincipalName in ADSI or in Get-ADUser.  It is also not a domain\acountid format like you asked for.
    It certainly seems to work for me. The attribute doesn't show up in ADSI, but if I type in get-aduser tester1 -Properties msDS-PrincipalName I see the correct netBIOSdomainName\sAMAccountName appear in the output. Surprised me too.

    Don't retire TechNet! - (Don't give up yet - 12,700+ strong and growing)

    Tuesday, March 11, 2014 8:45 PM
  • There is no msDS-PrincipalName in ADSI or in Get-ADUser.  It is also not a domain\acountid format like you asked for.

    It certainly seems to work for me. The attribute doesn't show up in ADSI, but if I type in get-aduser tester1 -Properties msDS-PrincipalName I see the correct netBIOSdomainName\sAMAccountName appear in the output. Surprised me too.

    Don't retire TechNet! - (Don't give up yet - 12,700+ strong and growing)

    You are correct.  It does not show up with * but will if used explicitly. (Damn optional parameters).

    It also does not come up with [adsi]. Thisis something I never noticed before.  How to get the optionals in a straight ADSI call.


    ¯\_(ツ)_/¯

    Tuesday, March 11, 2014 10:10 PM
  • If you use the NameTranslate COM object, you don't need to get the objects or parse strings. I wrote a PowerShell wrapper script for the NameTranslate object here:

    Windows IT Pro: Translating Active Directory Object Names Between Formats


    -- Bill Stewart [Bill_Stewart]

    Wednesday, March 12, 2014 1:31 AM
    Moderator
  • Bill,

    I saw your article when I was searching, but I couldn't get to work, I'm sure I was doing something wrong. My second post was the error I was getting when I tried to use the translate-adname.ps1 script.

    The list of DN values I had are actually from the managedby AD attribute. I was trying to generate a report for some managers. So I re-wrote my script but I'm having a problem. Here is my script:

    $results = @()
    $groups = Get-Content "C:\Temp\Test-Groups.txt"
    ForEach($group in $groups)
        {
        $results += Get-ADObject -Server "GlobalCatalog.Server.com:3268" -Filter {name -eq $group} -property msDS-PrincipalName, name, managedby, whenCreated, whenChanged, description, info|
            IF($results.managedby)
            {
            $ManagedByName = Get-ADObject $results.managedby $_.cn 
            $ManagedByNTID = Get-ADObject $results.managedby $_.msDS-PrincipalName 
            $ManagedByObjClass = Get-ADObject $results.managedby $_.ObjectClass
            }|Select-Object  msDS-PrincipalName, name, $ManagedByName, $ManagedByNTID, $ManagedByObjClass, whenCreated, whenChanged, description, info, managedby
        }
        $results| export-csv "C:\Temp\Test-Groups-info.csv"

    Here is the error I'm getting

    Select-Object : Cannot convert System.Management.Automation.PSObject to one of the following types {System.String, 
    System.Management.Automation.ScriptBlock}

    I think the issue is with IF($results.manageby), but if I look at one of the values with like $ManagebyName it has the value of the cn value for the manageby of the group. Ex:

    PS C:\WINDOWS\system32> $ManagedByName
    cn                                                     
    --
    FirstnName, LastName L                                                                                                            

    Thanks to everyone for replying to my post it really helps me learn. If anyone has any ideas what I'm doing wrong or has a better idea I'd welcome the advice.



    Thanks in Adavance

    Wednesday, March 12, 2014 4:34 AM
  • Please post a short script that uses Translate-ADName.ps1 that contains only the absolute minimum amount of code needed to reproduce the error.

    Bill


    -- Bill Stewart [Bill_Stewart]

    Wednesday, March 12, 2014 2:21 PM
    Moderator
  • Bill,

    I got the translate-ADnameps1 to work. I wasn't putting the quotes around the "input type "

    C:\Scripts\PS-Scripts\Translate-ADName.ps1 NT4 -name "CN=Lastname\, FirstName MiddleIntial,OU=Users,DC=company,DC=name,DC=com"

    That was my fault, sorry about that. I should have paid closer attention.


    Thanks in Adavance

    Wednesday, March 12, 2014 3:47 PM
  • Great, glad you figured it out. In general using the NameTranslate object (which is what Translate-ADName.ps1 is using) is probably going to be faster than the AD objects and then getting properties from them.


    -- Bill Stewart [Bill_Stewart]

    Wednesday, March 12, 2014 4:17 PM
    Moderator