none
Find distinguished name (DN) in AD MA RRS feed

  • Question

  • How can I use Powershell to retrieve a user's DN (cn=xx,ou=xx,dc=xxx) from the Active Directory MA.

    When I use export-fimconfig I can find a particular Person using a given accountname but that doesn't show me the DN.

    Looking at the AD connector space in the Sync Manager, I can see the the correct DN on the preview page (Source object Distiguished Name (DN).

    Tuesday, January 20, 2015 4:17 AM

Answers

All replies

  • Hi,

    I think best would be to Import the ADDN to Portal in a custom attribute.

    You are then able to use export-fimconfig to search for that attribute.

    Regards
    Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    • Marked as answer by JOTdude Thursday, January 22, 2015 8:28 AM
    Tuesday, January 20, 2015 9:48 AM
  • you could use WMI

    $accountName = "AccountName"
    $domain      = "DomainName"
    # MAGuid from mms_management_agent table in FIMSynchronizationService database
    $MAGuid      = "ax6bfd08-180d-4d61-94ea-cce17e5c8524}"
    $Computer    = "."
    $Class       = "MIIS_CSObject"
    $filter      = "Account=`'$accountName`' and Domain = '$($domain)' "

    $MC          = Get-WmiObject $class -computer $Computer -Namespace "ROOT\MicrosoftIdentityIntegrationServer" -filter $filter
    # result in $MC.dn ->

    $MC.dn

    Cheers, Henry

    Tuesday, January 20, 2015 8:00 PM