0 votes

I have a Powershell script running as a schedule task that is exporting user records. I have a custom attribute, positionPrimarySupervisor, that contains the DN of the user's supervisor. In the export, I don't want to send the DN, but rather the Full Name of the supervisor. Can you provide me a script to get the information.

Thanks...
Sandra

by (870 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello Sandra,

Yes, sure:

$primarySupervisor = $Context.BindToObjectByDN("%positionPrimarySupervisor%")
$primarySupervisorFullName = $primarySupervisor.Get("name")
0

Thanks for the reply. I guess I needed to explain my scenario a little better. I'm unable to use $context because the export isn't running on just a "user" object. I have a "handle" on the user because it was retrieved as part of a search. I'm looping through the search results and exporting attributes from each user. I'll attach a snippet of the code so you get a better idea of what I'm doing.

try
{
    $userResult = $userSearcher.ExecuteSearch()
    $sortedUsers = $userResult.FetchAll()
    $totalUserCount = $sortedUsers.Count
    $Context.LogMessage("The number of users is: " + $totalUserCount, "Information")

    $count = 0

    # Get the user information from the search results, convert to JSON and add them to the file

    # Write out opening bracket
    Add-Content $exportFile "["

    foreach ($user in $sortedUsers)
    {

        $hash1 = @{}
        for ($i=0; $i -lt $eachFieldIn.length; $i++) 
        {
            if ($eachFieldIn[$i] = "positionPrimarySupervisor")
                {
                    # Get the Primary Supervisor's name
                    $managerLU = $user.Properties[$eachFieldIn[$i]].Value
                    $manager = $Context.BindToObject($managerLU.AdsPath)
                    $managerDN = New-Object "Softerra.Adaxes.Ldap.DN" $manager.Get("distinguishedName")
                    $parentDisplayName = GetObjectDisplayName($managerDN.Parent.ToString())
                    if ($managerDN -ne $NULL) {
                        $fldValue = $parentDisplayName
                        } else {
                            $fldValue = ""
                        }
                } else {
                    $fldValue = $user.Properties[$eachFieldIn[$i]].Value                        
                }
            # Add key/value pair to hash table      
            $hash1.Add($eachFieldOut[$i] , $fldValue)

            $result = ConvertTo-Json20($hash1)

            $count++

            # If it's not the last record, add a comma to the end of the content, otherwise, leave it off
            if ($count -ne $totalUserCount) {
                Add-Content $exportFile "`n$result,"  
                } else {
                    Add-Content $exportFile "`n$result"
                }
        }  # end for loop
    }  # end foreach loop
}  # end try
finally
{
    # Release resources used by the search
    $userResult.Dispose()
}
0

Hello,

Here's a correct version of the if-loop from your script that will do the job:

if ($eachFieldIn[$i] -eq "positionPrimarySupervisor")
{
    # Get the Primary Supervisor's name
    $managerDN = $user.Properties[$eachFieldIn[$i]].Value
    if ($managerDN -eq $NULL)
    {
        $fldValue = ""
    }
    else
    {
        $managerDisplayName = GetObjectDisplayName $managerDN
        $fldValue = $managerDisplayName
    }
} 
else 
{
    $fldValue = $user.Properties[$eachFieldIn[$i]].Value
}
0

Thanks. Can you verify that this code for the GetObjectDisplayName function works in my scenario. Here's what I'm using:

function GetObjectDisplayName($objectDN)
{
   $objectPath = New-Object -TypeName "Softerra.Adaxes.Adsi.AdsPath"`
       -ArgumentList @($null, $objectDN)   
   return [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName(
       $objectPath, "IncludeParentPath")
}
0

Yep, it will work.

0

Thanks again! That worked but I realize after seeing what is exported that I can't use the displayName. I really need the cn LDAP attribute or a way to parse the displayName to only get the supervisor's full name. Can you assist with that?

0

Hello,

Yes, sure, here you are:

if ($eachFieldIn[$i] -eq "positionPrimarySupervisor")
{
    # Get the Primary Supervisor's name
    $managerDN = $user.Properties[$eachFieldIn[$i]].Value
    if ($managerDN -eq $NULL)
    {
        $fldValue = ""
    }
    else
    {
        $supervisor = $Context.BindToObjectByDn($managerDN)
        $fldValue = $supervisor.Get("cn")
    }
}
else
{
    $fldValue = $user.Properties[$eachFieldIn[$i]].Value
}
0

That worked! Thanks so much.

So now for my next issue... My scheduled task is now failing on $supervisor = $Context.BindToObjectByDn($managerDN) when it encounters a Supervisor DN that it can't find in the Domain. Here's an example of a supervisor DN that was being retrieved: xxxfirstname xxxlastname\nDEL:87e63c71-002a-4acd-a2e9-f81e07a83298 (co.wake.nc.us\\Deleted Objects). What can I add to my script to "test" if the DN exists before I attempt to bind to it? Or something I can add to the catch logic that will allow me to log the error and then continue on to the next user?

0

Hello,

If you get such a DN, this means that the user who used to be the supervisor has been deleted from AD. We've added a try... catch block to your script block. Here you are:

$propertyName = $eachFieldIn[$i]
$propertyValue = $user.Properties[$propertyName].Value
if (($propertyName -eq "positionPrimarySupervisor") -and ($propertyValue -ne $NULL))
{
    # Get the Primary Supervisor's name
    try
    {
        $supervisor = $Context.BindToObjectByDn($propertyValue)
        $fldValue = $supervisor.Get("cn")
    }
    catch
    {
        $Context.LogMessage("Can't locate Primary Supervisor " + $propertyValue + ". Probably, the Supervisor's account has been deleted.", "Warning")
        $fldValue = $propertyValue
    }
}
else
{
    $fldValue = $propertyValue
}
0

That solved all of my issues. Thanks so much!

Related questions

0 votes
1 answer

Hi, I want to know how do i create an AD user whose UPN address is directly associated with the country. eg if i enter the country of the user india then he ... be comapny.in and if i select company Istabbul tekd then automatically comapny.tk thank you.

asked Feb 22, 2022 by Kamini (80 points)
0 votes
1 answer

I'm trying to retrive the Microsoft 365 License product name in a report as the 'Office 365 License' attribute in Adaxes shows each individual licensed product e.g. ... 365 F3"} } $productnames = $productnames -join ", " $Context.Value = $productnames

asked Jul 27, 2020 by richarddewis (260 points)
0 votes
1 answer

We have users with a value of a space for their mobile number and telephone number. I would like to figure out who these users are and null the value. Or if the value contains a number leave it alone. if it does not have a number then null the value.

asked Nov 15, 2022 by B_Witmer (40 points)
0 votes
1 answer

Hello, I don't find an attribute for the netbios name of managed Domains like adm-DomainDN? How can I add the NetBios name to a report like "All users"? regards Helmut

asked Mar 5, 2021 by a423385 (510 points)
0 votes
1 answer

The section is not defined in the available options in Adaxes and it is in the AD as well. Eg; I need to add a section called ' Security Access' and have it ... to select from options like User Directory, Internet access, Track-It account , SAP access etc.

asked Oct 13, 2021 by Aishwarya Gavali (40 points)
3,326 questions
3,025 answers
7,724 comments
544,678 users