0 votes

I have a Powershell script running as a schedule task that is exporting user records. I have a custom attribute, positionPrimarySupervisor, that contains the DN of the user's supervisor. In the export, I don't want to send the DN, but rather the Full Name of the supervisor. Can you provide me a script to get the information.

Thanks...
Sandra

by (820 points)

1 Answer

0 votes
by (215k points)
selected by
Best answer

Hello Sandra,

Yes, sure:

$primarySupervisor = $Context.BindToObjectByDN("%positionPrimarySupervisor%")
$primarySupervisorFullName = $primarySupervisor.Get("name")
0

Thanks for the reply. I guess I needed to explain my scenario a little better. I'm unable to use $context because the export isn't running on just a "user" object. I have a "handle" on the user because it was retrieved as part of a search. I'm looping through the search results and exporting attributes from each user. I'll attach a snippet of the code so you get a better idea of what I'm doing.

try
{
    $userResult = $userSearcher.ExecuteSearch()
    $sortedUsers = $userResult.FetchAll()
    $totalUserCount = $sortedUsers.Count
    $Context.LogMessage("The number of users is: " + $totalUserCount, "Information")

    $count = 0

    # Get the user information from the search results, convert to JSON and add them to the file

    # Write out opening bracket
    Add-Content $exportFile "["

    foreach ($user in $sortedUsers)
    {

        $hash1 = @{}
        for ($i=0; $i -lt $eachFieldIn.length; $i++) 
        {
            if ($eachFieldIn[$i] = "positionPrimarySupervisor")
                {
                    # Get the Primary Supervisor's name
                    $managerLU = $user.Properties[$eachFieldIn[$i]].Value
                    $manager = $Context.BindToObject($managerLU.AdsPath)
                    $managerDN = New-Object "Softerra.Adaxes.Ldap.DN" $manager.Get("distinguishedName")
                    $parentDisplayName = GetObjectDisplayName($managerDN.Parent.ToString())
                    if ($managerDN -ne $NULL) {
                        $fldValue = $parentDisplayName
                        } else {
                            $fldValue = ""
                        }
                } else {
                    $fldValue = $user.Properties[$eachFieldIn[$i]].Value                        
                }
            # Add key/value pair to hash table      
            $hash1.Add($eachFieldOut[$i] , $fldValue)

            $result = ConvertTo-Json20($hash1)

            $count++

            # If it's not the last record, add a comma to the end of the content, otherwise, leave it off
            if ($count -ne $totalUserCount) {
                Add-Content $exportFile "`n$result,"  
                } else {
                    Add-Content $exportFile "`n$result"
                }
        }  # end for loop
    }  # end foreach loop
}  # end try
finally
{
    # Release resources used by the search
    $userResult.Dispose()
}
0

Hello,

Here's a correct version of the if-loop from your script that will do the job:

if ($eachFieldIn[$i] -eq "positionPrimarySupervisor")
{
    # Get the Primary Supervisor's name
    $managerDN = $user.Properties[$eachFieldIn[$i]].Value
    if ($managerDN -eq $NULL)
    {
        $fldValue = ""
    }
    else
    {
        $managerDisplayName = GetObjectDisplayName $managerDN
        $fldValue = $managerDisplayName
    }
} 
else 
{
    $fldValue = $user.Properties[$eachFieldIn[$i]].Value
}
0

Thanks. Can you verify that this code for the GetObjectDisplayName function works in my scenario. Here's what I'm using:

function GetObjectDisplayName($objectDN)
{
   $objectPath = New-Object -TypeName "Softerra.Adaxes.Adsi.AdsPath"`
       -ArgumentList @($null, $objectDN)   
   return [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName(
       $objectPath, "IncludeParentPath")
}
0

Yep, it will work.

0

Thanks again! That worked but I realize after seeing what is exported that I can't use the displayName. I really need the cn LDAP attribute or a way to parse the displayName to only get the supervisor's full name. Can you assist with that?

0

Hello,

Yes, sure, here you are:

if ($eachFieldIn[$i] -eq "positionPrimarySupervisor")
{
    # Get the Primary Supervisor's name
    $managerDN = $user.Properties[$eachFieldIn[$i]].Value
    if ($managerDN -eq $NULL)
    {
        $fldValue = ""
    }
    else
    {
        $supervisor = $Context.BindToObjectByDn($managerDN)
        $fldValue = $supervisor.Get("cn")
    }
}
else
{
    $fldValue = $user.Properties[$eachFieldIn[$i]].Value
}
0

That worked! Thanks so much.

So now for my next issue... My scheduled task is now failing on $supervisor = $Context.BindToObjectByDn($managerDN) when it encounters a Supervisor DN that it can't find in the Domain. Here's an example of a supervisor DN that was being retrieved: xxxfirstname xxxlastname\nDEL:87e63c71-002a-4acd-a2e9-f81e07a83298 (co.wake.nc.us\\Deleted Objects). What can I add to my script to "test" if the DN exists before I attempt to bind to it? Or something I can add to the catch logic that will allow me to log the error and then continue on to the next user?

0

Hello,

If you get such a DN, this means that the user who used to be the supervisor has been deleted from AD. We've added a try... catch block to your script block. Here you are:

$propertyName = $eachFieldIn[$i]
$propertyValue = $user.Properties[$propertyName].Value
if (($propertyName -eq "positionPrimarySupervisor") -and ($propertyValue -ne $NULL))
{
    # Get the Primary Supervisor's name
    try
    {
        $supervisor = $Context.BindToObjectByDn($propertyValue)
        $fldValue = $supervisor.Get("cn")
    }
    catch
    {
        $Context.LogMessage("Can't locate Primary Supervisor " + $propertyValue + ". Probably, the Supervisor's account has been deleted.", "Warning")
        $fldValue = $propertyValue
    }
}
else
{
    $fldValue = $propertyValue
}
0

That solved all of my issues. Thanks so much!

Related questions

0 votes
1 answer

Hi, I want to know how do i create an AD user whose UPN address is directly associated with the country. eg if i enter the country of the user india then he ... be comapny.in and if i select company Istabbul tekd then automatically comapny.tk thank you.

asked Feb 22 by Kamini (80 points)
0 votes
1 answer

I'm trying to retrive the Microsoft 365 License product name in a report as the 'Office 365 License' attribute in Adaxes shows each individual licensed product e.g. ... 365 F3"} } $productnames = $productnames -join ", " $Context.Value = $productnames

asked Jul 27, 2020 by richarddewis (260 points)
0 votes
1 answer

Hello, I don't find an attribute for the netbios name of managed Domains like adm-DomainDN? How can I add the NetBios name to a report like "All users"? regards Helmut

asked Mar 5, 2021 by a423385 (510 points)
0 votes
1 answer

The section is not defined in the available options in Adaxes and it is in the AD as well. Eg; I need to add a section called ' Security Access' and have it ... to select from options like User Directory, Internet access, Track-It account , SAP access etc.

asked Oct 13, 2021 by Aishwarya Gavali (20 points)
0 votes
1 answer

We are still using version 2017.2, because otherwise we can no longer authorize with smart cards. Is it still possible to connect Adaxes with Azur?

asked Oct 12, 2020 by Johann Ihnen (170 points)
2,803 questions
2,535 answers
6,606 comments
62,610 users