Active Directory User record - how to "get" attribute named serialNumber which is multi-valued?

• Question

• 

  

  0

  Sign in to vote

  Hi,

  I have been trying to code something that I thought would be pretty simple but I am struggling to figure this out.
  I have tried many things and here is where I threw in the towel and came to the forum to ask for some help.

  Thanks in advance.

  [ADSI] $RootDSE = “LDAP://RootDSE”
  [Object] $RootDomain = New-Object System.DirectoryServices.DirectoryEntry “GC://$($RootDSE.rootDomainNamingContext)”
  [Object] $Searcher = New-Object System.DirectoryServices.DirectorySearcher
  $Searcher.SearchRoot = $RootDomain
  $Searcher.PageSize = 1000
  
  $Searcher.PropertiesToLoad.Clear()
  $Searcher.PropertiesToLoad.Add("Name") > $Null
  $Searcher.PropertiesToLoad.Add("UserprincipalName") > $Null
  $Searcher.PropertiesToLoad.Add("proxyAddresses") > $Null 
  $Searcher.PropertiesToLoad.Add("sAMAccountName") > $Null 
  $Searcher.PropertiesToLoad.Add("displayName") > $Null 
  #$Searcher.PropertiesToLoad.Add("serialNumber") > $Null <== not working 
  $Searcher.CacheResults = $false
  
  $Searcher.Filter = "(&(objectClass=user)(objectCategory=person))" #“(&(objectCategory=User))”
  
  $Results = $Searcher.FindAll()
  
  $Collection = "Microsoft.ActiveDirectory.Management.ADPropertyValueCollection*"
  $SchemaNC = (Get-ADRootDSE).SchemaNamingContext
  
  $UserArray = @()
  ForEach ($User In $Results)
  {
      [string] $upn = $User.Properties.Item("UserprincipalName");
  
  	if ($upn.Length -eq 0)
  	{
  		continue;
  	}
  
      [string] $sam = $User.Properties.Item("sAMAccountName");
      [string] $name = $User.Properties.Item("Name");
      [string] $displayname = $User.Properties.Item("displayName");
  
  	$ADObject = Get-ADObject -LDAPFilter "(sAMAccountName=$sam)" -Properties *;
  
  	$Props = $ADObject | Get-Member -MemberType Property `
      | Where {$_.Definition -Like $Collection} | Select -ExpandProperty Name;
  
  	$serialNumber = "";
  
  	ForEach ($Prop In $Props)
  	{
  		# Check if the attribute is linked.
  		$Linked = (Get-ADObject -SearchBase $SchemaNC `
  			-LDAPFilter "(&(objectClass=attributeSchema)(lDAPDisplayName=$Prop))" `
  			-Properties linkID).linkID;
  		# Only consider non-linked attributes (no linkID) that have
  		# at least one value.
  		If (($Linked -eq $Null) -And (($ADObject.$Prop).Count -gt 0))
  		{
  			if ($Prop -eq "serialNumber")
  			{
  				# Display the attribute lDAPDisplayName and the number of values.
  				$Prop + " (" + ($ADObject.$Prop).Count + ")";
  				# Sum the number of values of all non-linked multi-valued attributes
  				# for this object.
  				$Total = $Total + ($ADObject.$Prop).Count;
  			}
  		}
  	}
  
  	<#
  	$serialNumberCollection = $User.Properties.Item("serialNumber");
  	foreach ($val in $serialNumberCollection)
  	{
  		if ($serialNumber.length -gt 0)
  		{
  			$serialNumber = $serialNumber + ";";
  		}
  		$serialNumber = $serialNumber + $val.toString();
  	}
  	#>
  
      $Properties = @{'UPN' = $upn; 'Name'= $name ; 'DisplayName' = $displayname; 'SAM' = $sam; 'serialNumber' = $serialNumber}
  
      $UserArray += New-Object -TypeName PSObject -Property $Properties            
  
  }
  
  $Results.Dispose()
  $Searcher.Dispose()
  
  $UserArray | select UPN,SAM,Name,DisplayName,serialNumber | Out-GridView -Title 'AD Users with serial numbers'

  
  

  ---

  Anthony LaMark

  
  

  • Edited by ALaMark Tuesday, April 24, 2018 12:18 AM typo

  Tuesday, April 24, 2018 12:18 AM