0 votes

I have a Powershell script running as a schedule task that is exporting user records. I have a custom attribute, positionPrimarySupervisor, that contains the DN of the user's supervisor. In the export, I don't want to send the DN, but rather the Full Name of the supervisor. Can you provide me a script to get the information.

Thanks...
Sandra

by (730 points)

1 Answer

0 votes
by (215k points)
selected by
Best answer

Hello Sandra,

Yes, sure:

$primarySupervisor = $Context.BindToObjectByDN("%positionPrimarySupervisor%")
$primarySupervisorFullName = $primarySupervisor.Get("name")
0

Thanks for the reply. I guess I needed to explain my scenario a little better. I'm unable to use $context because the export isn't running on just a "user" object. I have a "handle" on the user because it was retrieved as part of a search. I'm looping through the search results and exporting attributes from each user. I'll attach a snippet of the code so you get a better idea of what I'm doing.

try
{
    $userResult = $userSearcher.ExecuteSearch()
    $sortedUsers = $userResult.FetchAll()
    $totalUserCount = $sortedUsers.Count
    $Context.LogMessage("The number of users is: " + $totalUserCount, "Information")

    $count = 0

    # Get the user information from the search results, convert to JSON and add them to the file

    # Write out opening bracket
    Add-Content $exportFile "["

    foreach ($user in $sortedUsers)
    {

        $hash1 = @{}
        for ($i=0; $i -lt $eachFieldIn.length; $i++) 
        {
            if ($eachFieldIn[$i] = "positionPrimarySupervisor")
                {
                    # Get the Primary Supervisor's name
                    $managerLU = $user.Properties[$eachFieldIn[$i]].Value
                    $manager = $Context.BindToObject($managerLU.AdsPath)
                    $managerDN = New-Object "Softerra.Adaxes.Ldap.DN" $manager.Get("distinguishedName")
                    $parentDisplayName = GetObjectDisplayName($managerDN.Parent.ToString())
                    if ($managerDN -ne $NULL) {
                        $fldValue = $parentDisplayName
                        } else {
                            $fldValue = ""
                        }
                } else {
                    $fldValue = $user.Properties[$eachFieldIn[$i]].Value                        
                }
            # Add key/value pair to hash table      
            $hash1.Add($eachFieldOut[$i] , $fldValue)

            $result = ConvertTo-Json20($hash1)

            $count++

            # If it's not the last record, add a comma to the end of the content, otherwise, leave it off
            if ($count -ne $totalUserCount) {
                Add-Content $exportFile "`n$result,"  
                } else {
                    Add-Content $exportFile "`n$result"
                }
        }  # end for loop
    }  # end foreach loop
}  # end try
finally
{
    # Release resources used by the search
    $userResult.Dispose()
}
0

Hello,

Here's a correct version of the if-loop from your script that will do the job:

if ($eachFieldIn[$i] -eq "positionPrimarySupervisor")
{
    # Get the Primary Supervisor's name
    $managerDN = $user.Properties[$eachFieldIn[$i]].Value
    if ($managerDN -eq $NULL)
    {
        $fldValue = ""
    }
    else
    {
        $managerDisplayName = GetObjectDisplayName $managerDN
        $fldValue = $managerDisplayName
    }
} 
else 
{
    $fldValue = $user.Properties[$eachFieldIn[$i]].Value
}
0

Thanks. Can you verify that this code for the GetObjectDisplayName function works in my scenario. Here's what I'm using:

function GetObjectDisplayName($objectDN)
{
   $objectPath = New-Object -TypeName "Softerra.Adaxes.Adsi.AdsPath"`
       -ArgumentList @($null, $objectDN)   
   return [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName(
       $objectPath, "IncludeParentPath")
}
0

Yep, it will work.

0

Thanks again! That worked but I realize after seeing what is exported that I can't use the displayName. I really need the cn LDAP attribute or a way to parse the displayName to only get the supervisor's full name. Can you assist with that?

0

Hello,

Yes, sure, here you are:

if ($eachFieldIn[$i] -eq "positionPrimarySupervisor")
{
    # Get the Primary Supervisor's name
    $managerDN = $user.Properties[$eachFieldIn[$i]].Value
    if ($managerDN -eq $NULL)
    {
        $fldValue = ""
    }
    else
    {
        $supervisor = $Context.BindToObjectByDn($managerDN)
        $fldValue = $supervisor.Get("cn")
    }
}
else
{
    $fldValue = $user.Properties[$eachFieldIn[$i]].Value
}
0

That worked! Thanks so much.

So now for my next issue... My scheduled task is now failing on $supervisor = $Context.BindToObjectByDn($managerDN) when it encounters a Supervisor DN that it can't find in the Domain. Here's an example of a supervisor DN that was being retrieved: xxxfirstname xxxlastname\nDEL:87e63c71-002a-4acd-a2e9-f81e07a83298 (co.wake.nc.us\\Deleted Objects). What can I add to my script to "test" if the DN exists before I attempt to bind to it? Or something I can add to the catch logic that will allow me to log the error and then continue on to the next user?

0

Hello,

If you get such a DN, this means that the user who used to be the supervisor has been deleted from AD. We've added a try... catch block to your script block. Here you are:

$propertyName = $eachFieldIn[$i]
$propertyValue = $user.Properties[$propertyName].Value
if (($propertyName -eq "positionPrimarySupervisor") -and ($propertyValue -ne $NULL))
{
    # Get the Primary Supervisor's name
    try
    {
        $supervisor = $Context.BindToObjectByDn($propertyValue)
        $fldValue = $supervisor.Get("cn")
    }
    catch
    {
        $Context.LogMessage("Can't locate Primary Supervisor " + $propertyValue + ". Probably, the Supervisor's account has been deleted.", "Warning")
        $fldValue = $propertyValue
    }
}
else
{
    $fldValue = $propertyValue
}
0

That solved all of my issues. Thanks so much!

Related questions

0 votes
1 answer

I'm trying to retrive the Microsoft 365 License product name in a report as the 'Office 365 License' attribute in Adaxes shows each individual licensed product e.g. ... 365 F3"} } $productnames = $productnames -join ", " $Context.Value = $productnames

asked Jul 27, 2020 by richarddewis (220 points)
0 votes
1 answer

Hello, I don't find an attribute for the netbios name of managed Domains like adm-DomainDN? How can I add the NetBios name to a report like "All users"? regards Helmut

asked Mar 5 by a423385 (450 points)
0 votes
1 answer

We are still using version 2017.2, because otherwise we can no longer authorize with smart cards. Is it still possible to connect Adaxes with Azur?

asked Oct 12, 2020 by Johann Ihnen (110 points)
0 votes
1 answer

This message is displaying inside the Office 365 properties for every user on this account/domain. Multi-Factor Authentication is disabled on the tenant account and I am able ... domains that are working with O365 without issue on the same servers as well.

asked Oct 24, 2019 by jhutchinson (20 points)
0 votes
1 answer

We're trying to setup a new action in our Web interface that runs on User's that are currently in an OU called 'New Starters' that is in all of our domains (An ... no results, There are no other fields we can use that are unique to accounts in those OUs

asked Feb 7, 2020 by richarddewis (220 points)
2,554 questions
2,297 answers
6,126 comments
662,155 users