Solved

DN of user from their Employee ID

Posted on 2011-03-02
12
1,211 Views
Last Modified: 2012-05-11
I am looking for a PowerShell script to get the DN of a user from the users employeeID.

I have tried several Ldap Filters:
get-qaduser -LdapFilter "(&(!employeeID=*))" -IncludedProperties employeeID
This returns all users even those with a null employeeID.

I have tried variations by adding and removing the & and the !.

Some of these do not return errors, but they also do not return any data either.

Need a little help

Thanks
0
Comment
Question by:Runchr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 11

Expert Comment

by:Tasmant
ID: 35020262
To get all users where the EmployeeID attribute is set to any value, try this:
get-qaduser -LdapFilter "(&(employeeID=*))"

I don't think your need to the IncludedProperties switch to get DN only
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35020295
using the exclamation in the ldapfilter, you are telling it to give you the accounts where the employeeid does not exist.

get-qaduser -LdapFilter "(&(employeeID=*))" -sl 0 | select name,dn

0
 
LVL 27

Expert Comment

by:KenMcF
ID: 35020297
Try this

get-qaduser -LdapFilter "(employeeID=*)" -IncludedProperties employeeID | Select Name, DN, EmployeeID | Export-csv c:\users.csv
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:Runchr
ID: 35020377
Tasmut,

I got that, what I want is the DN of a specific user
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35020425
Based off of his/her employeeid ?

get-qaduser -LdapFilter "(employeeID=123456789)"  | Select Name, DN,

0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35020595
Asterisk is a special meaning in LDAP filter to represent "all". if you have some users where EmployeeID has the value " * ", then you need to represent this by escaping the *:
get-qaduser -LdapFilter "(employeeID=\2A)"  | Select Name, DN

or simply follow RickSheikh suggestion, as well as KenMcF
0
 

Author Comment

by:Runchr
ID: 35020809
Tasmant,

Thanks for the help, but none of these seem to work.  I do not get errors nor results.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 35020955
Are you sure you are using the employeeID attribute to store this information in? Try to run this on a user account that you know has an employee ID entered to verify the attribute you are searching for.

get-qaduser USERNAME -includedproperties * | FL *
0
 

Accepted Solution

by:
Runchr earned 0 total points
ID: 35022434
This is what I ended up using:

$objUser = Get-QADuser -sizelimit 0 -ldapfilter "(&(objectCategory=person)(objectClass=user)(employeeID=1))"
$DN = $objUser.DN
$DN

Funny thing is it did not work in PowerGUI, but is Quick Connect it ran fine.

Thanks to all
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35022575
That is rather a longer  way to accomplish something so simple.

If I have a user whose user ID is 1 and I want its DN. Following one liner is sufficient in PowerShell console or PowerGUI

get-qaduser -LdapFilter "(employeeID=1)"  | Select Name, dn
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35022588
I meant to say "whose employeeID is 1"
0
 

Author Closing Comment

by:Runchr
ID: 35067780
This works
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question