locked
sending variables between ADuser and ADObject RRS feed

 > 

  • General discussion

  • Discussion
    Sign in to vote
    0
    Sign in to vote

    Hello Everyone,

         I am a little stuck on this one, Ill start by defining what the goal is.

    Goal: Extract values from ADUser out of Active Directory and do a validation check to see if they exist in ADObjects on another LDS separate from AD.

    From ADUser looking for these properties telephoneNumber, sAMAccountName, extensionAttribute4

    Here is what I have so far. Just a simple show me the numbers that are valid from ADUser

    $ADUser = Get-ADUser -filter * -properties telephoneNumber, sAMAccountName, extensionAttribute4 | Where-object telephoneNumber -ne $null | Select-object telephoneNumber, name, sAMAccountName, extensionAttribute4



ForEach ($ADUser1 in $ADUser) {
$ADUserID = $ADUser.sAMAccountName
$ADUserPN = $ADUser.telephoneNumber
$ADObject = Get-ADObject -Server $LDSConnection -SearchBase $LDSsearchbase -filter 'UserID -eq $ADUserID' -properties telephoneNumber, Name, UserID

write-host $ADObject.telephoneNumber
}
    Get-ADObject : Property: 'telephoneNumber' not found in object of type: 'System.Object[]'.
    At D:\Scripts\Brett\LDS.ps1:18 char:13
    + $ADObject = Get-ADObject -Server $LDSConnection -SearchBase $LDSsearchbase -filt ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Get-ADObject], ArgumentException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetAD
       Object

    Sure as a snowman will melt in summer, the script fails. But if I test with a single users as the variable it works. Any helpful hints would be greatly appreciated.

     thanks,
    Brett

    Thursday, November 30, 2017 3:59 PM

All replies

  • Discussion
    Sign in to vote
    0
    Sign in to vote

    You're piping over to Where so it should be

    Get-ADUser -Filter * -Prop TelephoneNumber, extensionAttribute4 | Where {$_.telephoneNumber -ne $null} | Select sAmAccountName,telephoneNumber,extensionAttribute4

    You do not need to specify sAmAccountName on Properties as it is returned by default

    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful. (99,108,97,121,109,97,110,50,64,110,121,99,97,112,46,114,114,46,99,111,109|%{[char]$_})-join''

    Thursday, November 30, 2017 4:10 PM
  • Discussion
    Sign in to vote
    0
    Sign in to vote

    Start with this.

    Get-ADUser -LDAPFilter '(telephoneNumber=*)' -properties telephoneNumber, sAMAccountName, extensionAttribute4 | 
    Select-object telephoneNumber, name, sAMAccountName, extensionAttribute4

    \_(ツ)_/

    Thursday, November 30, 2017 4:28 PM
  • Discussion
    Sign in to vote
    0
    Sign in to vote

    I don't seem to be having issues with the get-aduser portion of the script.

    But rather when I try to take the information from get-aduser and utilize it in get-ADObject.

    $ADObject = Get-ADObject -Server $LDSConnection -SearchBase $LDSsearchbase -filter 'UserID -eq $ADUserID' -properties telephoneNumber, Name, UserID
    the filter seems to struggle with my variable. If I insert a user ID seems to work but the variable comes back with this error.

    Get-ADObject : Invalid type 'System.Object[]'.
    Parameter name: UserID
    At D:\Scripts\Brett\LDS.ps1:18 char:13
    + $ADObject = Get-ADObject -Server $LDSConnection -SearchBase $LDSsearchbase -filt ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Get-ADObject], ArgumentException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetAD
       Object

    Thursday, November 30, 2017 7:10 PM
  • Discussion
    Sign in to vote
    0
    Sign in to vote

    You don't need to use Get-AdObject.  Why are you trying to use it. 

    \_(ツ)_/

    Thursday, November 30, 2017 7:18 PM
  • Discussion
    Sign in to vote
    0
    Sign in to vote

    Its connecting to Windows server LDS thats not tied to windows AD. Its a strange I know but its used as a intermediate for other LDAP services.

    Brett

    Thursday, November 30, 2017 7:24 PM
  • Discussion
    Sign in to vote
    0
    Sign in to vote

    Then why are you using Get-AdUser?

    Not also that Get-AdUser returns a collection of users.  Get-AdObject cannot filter with a collection.  Get-AdObejct is not useful for an LDS server that is not an AD server.  You would have to use ADSI for that.

    \_(ツ)_/

    Thursday, November 30, 2017 7:57 PM
  • Discussion
    Sign in to vote
    0
    Sign in to vote

    SSamAccountName is Unique to MS AD/LDS and ADAM.  In my experience most LDS servers require distinguishedname.

    \_(ツ)_/

    Thursday, November 30, 2017 8:12 PM
  • Discussion
    Sign in to vote
    0
    Sign in to vote

    Thanks guys, I have to do some testing with this. 

    It is kind of strange scenario.

    Brett 

    Thursday, November 30, 2017 8:33 PM