Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

extract from DN of the object OU in the domain's root

Posted on 2014-11-18
13
Medium Priority
?
132 Views
Last Modified: 2014-11-20
Hi folks,

sorry for my English

I need extract from DN of the object OU in the domain's root ( ou=development or ou=staff)
 
                                                                       dc= Biomed  
                                                                             |
                                                                             |                                    
                                                  development _  _|___ou=staff
                                                                       |              |
                                                                       |              |
                                   win7 desktops    --------               -------ou=research
                                           |                                            |
                                      comp1                                        ------ou=accounting
                                                                                                        |
                                                                                                           cn=john's comp

DN >cn="john comp", ou=accounting,ou=staff, dc=biomed



please, help
0
Comment
Question by:nesher13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 41

Expert Comment

by:footech
ID: 40450455
Are you saying that you have an object with a DN like "cn=john's comp,ou=accounting,ou=research,ou=staff,dc=biomed" and you need it to be
"cn=john's comp,ou=accounting,ou=staff,dc=biomed" (in essence removing the "ou=research" portion)?
0
 

Author Comment

by:nesher13
ID: 40450468
footech

yes
0
 
LVL 41

Expert Comment

by:footech
ID: 40450655
The distinguishedName is just a string, so you can do a replace operation on it, replacing the desired text (in this case ",ou=research"), with nothing.  It's hard to give a complete example without knowing how you're using it, but hopefully this example shows the syntax well enough for you.
Given a particular string this would work.
"cn=john's comp,ou=accounting,ou=research,ou=staff,dc=biomed" -replace ",ou=research"

Open in new window


Here's an example working on a list of computers retrieved from AD.
Get-ADComputer -filter * | Select DistinguishedName,@{n="new DN";e={$_.DistinguishedName -replace ",ou=research"}}

Open in new window

0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:nesher13
ID: 40451993
footech,

I do not quite understand your answer and how to apply it in my task

I want to run following pipe:

Search-ADAccount -AccountInactive -TimeSpan "90" -computersOnly | select replasementDN, name | sort replasementDN

Many thanks
0
 
LVL 41

Expert Comment

by:footech
ID: 40452098
The second example in my previous post is applicable.  It uses what is known as a "calculated property".  The Select command is used to create a new property for the object that is calculated from other information.  Here it is integrated with the command you want to run.
Search-ADAccount -AccountInactive -TimeSpan "90" -computersOnly | select @{n="replacementDN";e={$_.DistinguishedName -replace ",ou=research"}}, name | sort replacementDN

Open in new window

0
 

Author Comment

by:nesher13
ID: 40452266
footech

I am sorry, but this is not working.

I probably do not accurately formulate the problem. In the picture is not visible multilevel structure of the domain. I not want to see in replacementDN contained domain,hierarchy ou's or CN . I quote a few lines of output:

replacementDN                                                                     name



CN=ACC2 Desktops,DC=tr,DC=Biomed         (does not exist in the root domain)                                                         ACC2

CN=ADM-PC,OU=OLD Comps,DC=Biomed      ( there is CN )                                                                                    ADM-PC

CN=ADREYGXPV2,OU=WXP Desktops,OU=Bio Institute,DC=Biomed  (2 OU +CN)                                            ADREYGXPV2

CN=ALBERTS-PC1,OU=W7,OU=Bio Institute,DC=Biomed       (2 OU +CN)                                                              ALBERTS-PC1

CN=AMIT13 Desktops,DC=Biomed          (does not exist in the root domain)                                                        AMIT13

Also, I get output not only from ou Amit (I use Amit  instead Research). But and of several OU's on top-level
0
 
LVL 41

Expert Comment

by:footech
ID: 40452395
I'm sorry, but I don't understand what you want.

Maybe I'll understand if you explain the following:
- what command you want to run
- what the current output is
- what you want the output to be
0
 

Author Comment

by:nesher13
ID: 40452483
footech

I am running following pipeline:
 Search-ADAccount -AccountInactive -TimeSpan "90" -computersOnly | select @{n="replacementDN";e={$_.DistinguishedName -replace ",ou=Amit"}}, name | sort replacementDN | export-csv c:\temp\replasment-DN.csv

Open in new window

Search-ADAccount -AccountInactive -TimeSpan "90" -computersOnly | select @{n="replacementDN";e={$_.DistinguishedName -replace ",ou=Amit"}}, name | sort replacementDN | export-csv c:\temp\replasment-DN.csv

instead of the previous output, I would like to receive:

replacementDN                                                    Name


Amit                                                                                      ACC2

OLD Comps                                                                          ADM-PC

Bio Institute                                                                           ADREYGXPV2

Bio Institute                                                                           Albert-pc1

AMIT                                                                                      Amit13
0
 
LVL 41

Expert Comment

by:footech
ID: 40452984
What's the output if you just run
Search-ADAccount -AccountInactive -TimeSpan "90" -computersOnly | select distinguishedname, name | sort distinguishedname

Open in new window

0
 

Author Comment

by:nesher13
ID: 40454723
footech,

I am run Search-ADAccount -AccountInactive -TimeSpan "90" -computersOnly | select distinguishedname, name | sort distinguishedname
                                         
CN=AMIT13,OU=AMIT Desktops,OU=AMIT,DC=tr,DC=technion,DC=..
CN=AMIT15,OU=AMIT Desktops,OU=AMIT,DC=tr,DC=technion,DC=..
CN=AMIT20,OU=AMIT Desktops,OU=AMIT,DC=tr,DC=technion,DC=..
CN=AMIT8,OU=AMIT Desktops,OU=AMIT,DC=tr,DC=technion,DC=a..
CN=AMITSERVER,OU=OLD Comps,DC=tr,DC=technion,DC=ac,DC=il
CN=AMITUSER19,OU=AMIT Desktops,OU=AMIT,DC=tr,DC=technion..
CN=AMITUSER2,OU=OLD Comps,DC=tr,DC=technion,DC=ac,DC=il
CN=AMITUSER9,OU=OLD Comps,DC=tr,DC=technion,DC=ac,DC=il
CN=ANAT-LAP,OU=OLD Comps,DC=tr,DC=technion,DC=ac,DC=il
CN=ATL,OU=WinXPWMI,DC=Biomed
CN=ACC2,OU=AMIT Desktops,OU=AMIT,DC=tr,DC=Biomed
CN=ACC3,OU=AMIT Desktops,OU=AMIT,DC=Biomed
CN=ACC6,OU=AMIT Desktops,OU=AMIT,DC=Biomed
CN=AUTHRIZATIONMMI,OU=OLD Comps,DC=Biomed
CN=AVIAVXPSP2,OU=OLD Comps,DC=Biomed
CN=B-D_COMP1,OU=OLD Comps,DC=Biomed
CN=BDIKAXP,OU=OLD Comps,DC=Biomed
CN=BENI-LAP,OU=OLD Comps,DC=Biomed
CN=BENIR,OU=OLD Comps,DC=Biomed
CN=BENIS-W7,OU=OLD Comps,DC=Biomed
CN=BOLGA-PC,OU=W7,OU=Metal Institute,DC=Biomed
CN=BUSDEVSTUDXP-1,OU=OLD Comps,DC=Biomed
CN=BUSDEVSTUDXP-4,OU=OLD Comps,DC=Biomed
CN=AMITUSER19,OU=AMIT Desktops,OU=AMIT,DC=Biomed
0
 

Author Comment

by:nesher13
ID: 40454742
fotech,

please ignore previous comment
------------------------------------------------------
I am run Search-ADAccount -AccountInactive -TimeSpan "90" -computersOnly | select distinguishedname, name | sort distinguishedname

CN=ATL,OU=WinXPWMI,DC=Biomed
CN=ACC2,OU=AMIT Desktops,OU=AMIT,DC=tr,DC=Biomed
CN=ACC3,OU=AMIT Desktops,OU=AMIT,DC=Biomed
CN=ACC6,OU=AMIT Desktops,OU=AMIT,DC=Biomed
CN=AUTHRIZATIONMMI,OU=OLD Comps,DC=Biomed
CN=AVIAVXPSP2,OU=OLD Comps,DC=Biomed
CN=B-D_COMP1,OU=OLD Comps,DC=Biomed
CN=BDIKAXP,OU=OLD Comps,DC=Biomed
CN=BENI-LAP,OU=OLD Comps,DC=Biomed
CN=BENIR,OU=OLD Comps,DC=Biomed
CN=BENIS-W7,OU=OLD Comps,DC=Biomed
CN=BOLGA-PC,OU=W7,OU=Metal Institute,DC=Biomed
CN=BUSDEVSTUDXP-1,OU=OLD Comps,DC=Biomed
CN=BUSDEVSTUDXP-4,OU=OLD Comps,DC=Biomed
CN=AMITUSER19,OU=AMIT Desktops,OU=AMIT,DC=Biomed
0
 
LVL 41

Accepted Solution

by:
footech earned 2000 total points
ID: 40456304
Maybe this is what you want?
Search-ADAccount -AccountInactive -TimeSpan "90" -computersOnly | Select @{n="parentOU";e={ ((($_.DistinguishedName -split "OU=")[-1]) -split ",")[0] }},Name

Open in new window

0
 

Author Comment

by:nesher13
ID: 40456718
footech,

excellent!!!

only ignores the container Computers
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question