Solved

DN of user from their Employee ID

Posted on 2011-03-02
12
1,171 Views
Last Modified: 2012-05-11
I am looking for a PowerShell script to get the DN of a user from the users employeeID.

I have tried several Ldap Filters:
get-qaduser -LdapFilter "(&(!employeeID=*))" -IncludedProperties employeeID
This returns all users even those with a null employeeID.

I have tried variations by adding and removing the & and the !.

Some of these do not return errors, but they also do not return any data either.

Need a little help

Thanks
0
Comment
Question by:Runchr
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 11

Expert Comment

by:Tasmant
ID: 35020262
To get all users where the EmployeeID attribute is set to any value, try this:
get-qaduser -LdapFilter "(&(employeeID=*))"

I don't think your need to the IncludedProperties switch to get DN only
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35020295
using the exclamation in the ldapfilter, you are telling it to give you the accounts where the employeeid does not exist.

get-qaduser -LdapFilter "(&(employeeID=*))" -sl 0 | select name,dn

0
 
LVL 27

Expert Comment

by:KenMcF
ID: 35020297
Try this

get-qaduser -LdapFilter "(employeeID=*)" -IncludedProperties employeeID | Select Name, DN, EmployeeID | Export-csv c:\users.csv
0
 

Author Comment

by:Runchr
ID: 35020377
Tasmut,

I got that, what I want is the DN of a specific user
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35020425
Based off of his/her employeeid ?

get-qaduser -LdapFilter "(employeeID=123456789)"  | Select Name, DN,

0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35020595
Asterisk is a special meaning in LDAP filter to represent "all". if you have some users where EmployeeID has the value " * ", then you need to represent this by escaping the *:
get-qaduser -LdapFilter "(employeeID=\2A)"  | Select Name, DN

or simply follow RickSheikh suggestion, as well as KenMcF
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:Runchr
ID: 35020809
Tasmant,

Thanks for the help, but none of these seem to work.  I do not get errors nor results.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 35020955
Are you sure you are using the employeeID attribute to store this information in? Try to run this on a user account that you know has an employee ID entered to verify the attribute you are searching for.

get-qaduser USERNAME -includedproperties * | FL *
0
 

Accepted Solution

by:
Runchr earned 0 total points
ID: 35022434
This is what I ended up using:

$objUser = Get-QADuser -sizelimit 0 -ldapfilter "(&(objectCategory=person)(objectClass=user)(employeeID=1))"
$DN = $objUser.DN
$DN

Funny thing is it did not work in PowerGUI, but is Quick Connect it ran fine.

Thanks to all
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35022575
That is rather a longer  way to accomplish something so simple.

If I have a user whose user ID is 1 and I want its DN. Following one liner is sufficient in PowerShell console or PowerGUI

get-qaduser -LdapFilter "(employeeID=1)"  | Select Name, dn
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35022588
I meant to say "whose employeeID is 1"
0
 

Author Closing Comment

by:Runchr
ID: 35067780
This works
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now