locked
sending variables between ADuser and ADObject RRS feed

  • General discussion

  • Hello Everyone,

         I am a little stuck on this one, Ill start by defining what the goal is.

    Goal: Extract values from ADUser out of Active Directory and do a validation check to see if they exist in ADObjects on another LDS separate from AD.

    From ADUser looking for these properties telephoneNumber, sAMAccountName, extensionAttribute4

    Here is what I have so far. Just a simple show me the numbers that are valid from ADUser

    $ADUser = Get-ADUser -filter * -properties telephoneNumber, sAMAccountName, extensionAttribute4 | Where-object telephoneNumber -ne $null | Select-object telephoneNumber, name, sAMAccountName, extensionAttribute4
    
    
    
    ForEach ($ADUser1 in $ADUser) {
    $ADUserID = $ADUser.sAMAccountName
    $ADUserPN = $ADUser.telephoneNumber
    $ADObject = Get-ADObject -Server $LDSConnection -SearchBase $LDSsearchbase -filter 'UserID -eq $ADUserID' -properties telephoneNumber, Name, UserID
    
    write-host $ADObject.telephoneNumber
    }
    Get-ADObject : Property: 'telephoneNumber' not found in object of type: 'System.Object[]'.
    At D:\Scripts\Brett\LDS.ps1:18 char:13
    + $ADObject = Get-ADObject -Server $LDSConnection -SearchBase $LDSsearchbase -filt ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Get-ADObject], ArgumentException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetAD
       Object

    Sure as a snowman will melt in summer, the script fails. But if I test with a single users as the variable it works. Any helpful hints would be greatly appreciated.

     thanks,
    Brett

    Thursday, November 30, 2017 3:59 PM

All replies

  • You're piping over to Where so it should be

    Get-ADUser -Filter * -Prop TelephoneNumber, extensionAttribute4 | Where {$_.telephoneNumber -ne $null} | Select sAmAccountName,telephoneNumber,extensionAttribute4

    You do not need to specify sAmAccountName on Properties as it is returned by default


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful. (99,108,97,121,109,97,110,50,64,110,121,99,97,112,46,114,114,46,99,111,109|%{[char]$_})-join''

    Thursday, November 30, 2017 4:10 PM
  • Start with this.

    Get-ADUser -LDAPFilter '(telephoneNumber=*)' -properties telephoneNumber, sAMAccountName, extensionAttribute4 | 
        Select-object telephoneNumber, name, sAMAccountName, extensionAttribute4
    
    


    \_(ツ)_/

    Thursday, November 30, 2017 4:28 PM
  • I don't seem to be having issues with the get-aduser portion of the script.

    But rather when I try to take the information from get-aduser and utilize it in get-ADObject.

    $ADObject = Get-ADObject -Server $LDSConnection -SearchBase $LDSsearchbase -filter 'UserID -eq $ADUserID' -properties telephoneNumber, Name, UserID
    the filter seems to struggle with my variable. If I insert a user ID seems to work but the variable comes back with this error.

    Get-ADObject : Invalid type 'System.Object[]'.
    Parameter name: UserID
    At D:\Scripts\Brett\LDS.ps1:18 char:13
    + $ADObject = Get-ADObject -Server $LDSConnection -SearchBase $LDSsearchbase -filt ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Get-ADObject], ArgumentException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetAD
       Object

    Thursday, November 30, 2017 7:10 PM
  • You don't need to use Get-AdObject.  Why are you trying to use it. 


    \_(ツ)_/

    Thursday, November 30, 2017 7:18 PM
  • Its connecting to Windows server LDS thats not tied to windows AD. Its a strange I know but its used as a intermediate for other LDAP services.

    Brett

    Thursday, November 30, 2017 7:24 PM
  • Then why are you using Get-AdUser?

    Not also that Get-AdUser returns a collection of users.  Get-AdObject cannot filter with a collection.  Get-AdObejct is not useful for an LDS server that is not an AD server.  You would have to use ADSI for that.


    \_(ツ)_/

    Thursday, November 30, 2017 7:57 PM
  • Is "UserID" an attribute of your AD LDS? Why not use:

    Get-ADObject -Identity $ADUserID


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, November 30, 2017 8:02 PM
  • SSamAccountName is Unique to MS AD/LDS and ADAM.  In my experience most LDS servers require distinguishedname.


    \_(ツ)_/

    Thursday, November 30, 2017 8:12 PM
  • Thanks guys, I have to do some testing with this. 

    It is kind of strange scenario.

    Brett 

    Thursday, November 30, 2017 8:33 PM