Powershell help: Pull only CN discard the rest of DistinguishedName

DistinguishedName  : CN=2015-06-01T08:49:51-06:00{570629ED-85B0-490A-BDD7-A0CB8DEE0C74},CN=JAK00886,OU=MS,OU=Workstations,OU=Machines,DC=domain,DC=org

I'd like to discard everything to the first comma and everything after CN's comma.. so in essential only keep the 'Jak00866' within a script.  Right now I call a get-adobject cmdlet, is there a way to pipe the DN change or would it need to be it's own subset routine?

Thanks
LVL 14
Ben HartAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

footechCommented:
Where are you getting the CN=2015-06-01T08:49:51-06:00{570629ED-85B0-490A-BDD7-A0CB8DEE0C74} portion?  With that included doesn't look like a valid DN to me, so wondering where it came from.  We could extract, but it might be better to fix this upstream.
0
Ben HartAuthor Commented:
I get that from here:

get-adobject -ldapfilter '(objectclass=msFVE-recoveryInformation)' -properties cn,distinguishedname
0
Ben HartAuthor Commented:
Honestly, I don't know where that portion is coming from since it's not in the objects extended attribute.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

footechCommented:
OK, unexpected but it looks like the object is a subcontainer of a computer object, so that DN truly is correct.  I wasn't aware.

If you're in the AD: drive you can use Split-Path.
Set-Location AD:
Get-ADObject -LDAPFilter '(objectclass=msFVE-recoveryInformation)' -Properties cn,distinguishedname | ForEach `
{
    ($_ | Select -ExpandProperty DistinguishedName |
     Split-Path -Parent | Split-Path -Leaf) -replace "^CN="
}

Open in new window


Here's an example with just treating the DN as a string.
(("CN=2015-06-01T08:49:51-06:00{570629ED-85B0-490A-BDD7-A0CB8DEE0C74},CN=JAK00886,OU=MS,OU=Workstations,OU=Machines,DC=domain,DC=org" -split ",?CN=")[2] -split ",")[0]

Open in new window

0
Ben HartAuthor Commented:
Thanks Foo.. I'm getting an error though:

Split-Path : Cannot bind argument to parameter 'Path' because it is an empty string.
At D:\Users\bhart.DIFC\Dropbox\Scripts\Get-BitlockerEnabledComputers.ps1:9 char:26
+     Split-path -parent | Split-path -Leaf) -replace "^CN="

On code:

set-location AD:
set-location AD:
$bitlockerenabled = Get-ADObject -ldapFilter '(ObjectClass=msFVE-RecoveryInformation)' -Properties cn,msfve-recoverypassword,distinguishedname | Foreach `
{ ($_ | Select -expandproperty DistinguishedName |
    Split-path -parent | Split-path -Leaf) -replace "^CN="
    }

Open in new window

0
footechCommented:
Break it down so you can verify what is present at each step.  I don't have an equivalent so I can't debug in my environment.
set-location AD:
Get-ADObject -ldapFilter '(ObjectClass=msFVE-RecoveryInformation)' -Properties cn,msfve-recoverypassword,distinguishedname | Foreach `
{ ($_ | Select -expandproperty DistinguishedName 
    }

set-location AD:
Get-ADObject -ldapFilter '(ObjectClass=msFVE-RecoveryInformation)' -Properties cn,msfve-recoverypassword,distinguishedname | Foreach `
{ ($_ | Select -expandproperty DistinguishedName |
    Split-path -parent
    }

set-location AD:
Get-ADObject -ldapFilter '(ObjectClass=msFVE-RecoveryInformation)' -Properties cn,msfve-recoverypassword,distinguishedname | Foreach `
{ ($_ | Select -expandproperty DistinguishedName |
    Split-path -parent | Split-path -Leaf)
    }

Open in new window


If that first doesn't have anything, then you have to work on the query.
0
Ben HartAuthor Commented:
The first one below returns all my messed DistinguishedNames.. the second returns literally nothing.  The third and full string returns the empty Path string.

PS AD:\> set-location AD:
Get-ADObject -ldapFilter '(ObjectClass=msFVE-RecoveryInformation)' -Properties cn,msfve-recoverypassword,distinguishedname | Foreach `
{ ($_ | Select -expandproperty DistinguishedName )
    }

CN=2015-05-28T13:48:22-06:00{BE27328C-BB63-4FB4-868D-B28F5D7BA059},CN=JAK00945,OU=IT computers,OU=MS,OU=Workstations,OU=Machines,DC=domain,DC=org
CN=2015-05-28T15:32:36-06:00{E56D7867-0052-41F5-AC01-E0A8ACE1CC21},CN=JAK00726,OU=MS,OU=Workstations,OU=Machines,DC=domain,DC=org
CN=2015-05-29T09:21:16-06:00{64E0F8D3-9BB3-4E61-A83B-0B1F86326FB6},CN=JAK00946,OU=MS,OU=Workstations,OU=Machines,DC=domain,DC=org
CN=2015-06-01T08:49:51-06:00{570629ED-85B0-490A-BDD7-A0CB8DEE0C74},CN=JAK00886,OU=MS,OU=Workstations,OU=Machines,DC=domain,DC=org
CN=2015-06-01T12:32:25-08:00{7080EF57-411B-4C10-A1E6-2DAE6C979102},CN=MI01000,OU=MI,OU=Workstations,OU=Machines,DC=domain,DC=org
CN=2015-06-02T16:29:04-06:00{B16669F1-0E48-49DA-B0FF-078C9C578ECF},CN=JAK00947,OU=MS,OU=Workstations,OU=Machines,DC=domain,DC=org

Open in new window


PS AD:\> set-location AD:
Get-ADObject -ldapFilter '(ObjectClass=msFVE-RecoveryInformation)' -Properties cn,msfve-recoverypassword,distinguishedname | Foreach `
{ ($_ | Select -expandproperty DistinguishedName |
    Split-path -parent)
    }



















PS AD:\> 

Open in new window



PS AD:\> set-location AD:
Get-ADObject -ldapFilter '(ObjectClass=msFVE-RecoveryInformation)' -Properties cn,msfve-recoverypassword,distinguishedname | Foreach `
{ ($_ | Select -expandproperty DistinguishedName) |
    Split-path -parent | Split-path -Leaf
    }
Split-Path : Cannot bind argument to parameter 'Path' because it is an empty string.
At line:4 char:26
+     Split-path -parent | Split-path -Leaf
+                          ~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:PSObject) [Split-Path], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,Microsoft.PowerShell.Commands.SplitPathCommand

Open in new window

0
footechCommented:
Looks like Split-Path has a problem with the colons.  We'll just revert to dealing with a string.
Get-ADObject -LDAPFilter '(objectclass=msFVE-recoveryInformation)' -Properties cn,distinguishedname | ForEach `
{
    (($_ | Select -ExpandProperty DistinguishedName) -split ",?CN=")[2] -split ",")[0]
}

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ben HartAuthor Commented:
Rock on Foo.  That did it!  You missed a 3rd ( on line 3 but great job!  Now the values for CN match in the rest of the script.

 #Set HasBitlockerRecoveryKey to true or false, based on matching against the computer-collection with BitLocker recovery information 
    if ($computer.cn -match ('(' + [string]::Join(')|(', $bitlockerenabled) + ')')) { 
    $computerobj | Add-Member -MemberType NoteProperty -Name HasBitlockerRecoveryKey -Value $true 
    } 
    else 
    { 
    $computerobj | Add-Member -MemberType NoteProperty -Name HasBitlockerRecoveryKey -Value $false 
    } 

Open in new window


This line was trying to match the values and with the weirdness prepending my DN's it was failing.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.