Powershell script help, get-adcomputer managedby properties

This should work.  Note you will need to edit to include the actual OU in your environment where computers live:

$results = @()

Get-Content 'c:\oracle.txt' | ForEach-Object {
    $comp = Get-ADComputer -LDAPFilter "(managedby=$_)" -SearchBase 'CN=Computers,DC=domain,DC=local'
    $results += $comp
}

$results | Export-Csv results.csv -NoTypeInformation

Select allOpen in new window

Thanks Jason.. I'll try this tomorrow.  I have to ask though, I've been working with powershell for about 3 years now.  What made you format your script like you did?

Hmm errors.  Since we don't use the builtin containers I had to change to OU= but the script runs it just does not populate the csv.  I'm betting its the format of my txt file.

What I was wanting to do was search by common or SAM names, however the ManagedBy field is formatted as such:

Domain.org/People/Employees/IT/IT Staff/Tester, John

Ok I was right.. the format of our ManagedBy attribute is:

CN=Tester\, John,OU=IT Staff,OU=IT,OU=Employees,OU=People,DC=Domain,DC=org

Which is how I'd have to format my txt/csv file in order to search.  Now I just need to figure out how to take a list of names like Tester, Bob or btester and convert into the format above. Which means I need to convert CN into DistinguishedName.

Yes the input values have to match the ManagedBy attribute exactly or it won't work.  A little bleeding might be expected in which case we can trap them in a try catch block.  Feel free to PM me if you want to review the input file together outside the public forum.

I base the format of my scripts off veterans around this site like Qlemo and Will Szymkowski.  I think it makes it more readable and structured.

Thanks Jason.. What do you think of another another get-content piece tying to a dsquery?

Something like:

get-content 'c:\oracle.txt' | foreach-object {
$user = dsquery * domainroot -filter "(&(objectcategory=Person)(objectclass=User) (Samaccountname=$user))"

Select allOpen in new window

And then exporting that to a new csv?

Ok so full script as it sits right now..

import-module activedirectory

get-content 'c:\oracle.txt' | foreach-object {
$user = dsquery * domainroot -filter "(&(objectcategory=Person)(objectclass=User) (Samaccountname=$user))"
$results += $user
}

$results | export-csv c:\users\bhart.difc\desktop\oracleusers.csv -NoTypeInformation


$results = @()

Get-Content 'c:\users\bhart.difc\desktop\oracleusers.csv' | ForEach-Object {
    $comp = Get-ADComputer -LDAPFilter "(managedby=$_)" -SearchBase 'OU=Workstations,OU=Machines,DC=difc,DC=root01,DC=org'
    $results += $comp
}

$results | Export-Csv c:\users\bhart.difc\Desktop\results.csv -NoTypeInformation

Select allOpen in new window

My current issue is that I'm not defining the SamAccountname correctly on line 4.  I'm either having a brain fart or over complicating it..

I'm unclear what advantage dsquery has over Get-ADComputer or Get-ADObject.   How are you populating your input .csv file?  I did test this prior to answering, and I populated my input file with actual ManagedBy values

My issue is that I'm on a time crunch.  I'm getting a list of users from the dev group that will likely be in cn or displayname format.  So I will need to convert those to DistinguishedName to correctly match our ManagedBy values.

I'll then use the resulting csv to deploy java security properties to only the computers that need it.

The concatenate feature of Excel would work perfectly in that situation.  I've used it many times for lists submitted to IT by HR.

My Excel-Fu is poor, plus I usually prefer to script stuff like this versus messing around in too many spreadsheets but yeah that's def an option too.

But back on point.. what is the correct value for the (SamaccountName=$_____)

Boom got it.

$_

Hmm except the export-csv part.  Output pane shows it correctly getting the DistName values but writes nothing to the CSV. Actually no thats a lie.. one column labeled Length with numerical values in the 6 lines below it.

Ok if I go for a strictly dsquery format then this works:

import-module activedirectory

get-content 'c:\users\bhart.difc\desktop\oracle.txt' | foreach-object {
#$user = 
dsquery * domainroot -filter "(&(objectcategory=Person)(objectclass=User) (Samaccountname=$_))" >>c:\users\bhart\desktop\oracleusers.txt
#$results += $user
}

Select allOpen in new window

However the second half is now halting on:

PS C:\Windows\System32\WindowsPowerShell\v1.0> get-adcomputer -ldapfilter
Get-ADComputer : Missing an argument for parameter 'LDAPFilter'. Specify a parameter of type 'System.String' and try again.
At line:1 char:16
+ get-adcomputer -ldapfilter
+                ~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ADComputer], ParameterBindingException
    + FullyQualifiedErrorId : MissingArgument,Microsoft.ActiveDirectory.Management.Commands.GetADComputer

If I separate out the second half into a new ps1 and run it alone (against the same oracleusers.txt file it completes without error but does not write to the csv.

Entire current script:

import-module activedirectory

get-content 'c:\users\bhart.difc\desktop\oracle.txt' | foreach-object {
 
dsquery * domainroot -filter "(&(objectcategory=Person)(objectclass=User) (Samaccountname=$_))" >>c:\users\bhart.difc\desktop\oracleusers.txt

}

$results = @()

Get-Content 'c:\users\bhart.difc\desktop\oracleusers.txt' | ForEach-Object {
    $comp = Get-ADComputer -LDAPFilter "(managedby=$_)" -SearchBase 'OU=Workstations,OU=Machines,DC=difc,DC=root01,DC=org'
    $results += $comp
}

$results | Export-Csv c:\users\bhart.difc\Desktop\results.csv -NoTypeInformation

Select allOpen in new window

It reads the oracle.txt file, runs dsquery and correctly generated oracleusers.txt.  The second half reads the file and runs without error and creates an empty results.csv.

Well first the file you generate and subsequently use as the source file for my portion contains the DN surrounded by quotes.  Remove the quotes and it will work.

Second there is a better way to do this than outputting to a file then reading from that file in the same script.  I'm stuck on several calls for the next couple of hours but I'll hop on it as soon as I'm done.

Friggin amazing.  Yes precisely what I needed and much cleaner than my rendition.  Thanks Jason.

Glad I could help, Ben.  Take care.

No functional change to above, just a simplification:

Import-Module activedirectory

Import-Csv source.csv | Select -Expand SamAccountName | 
  Get-ADUser -Properties distinguishedname |
  % {
    Get-ADComputer -LDAPFilter "(managedby=$_)"
  } |
  Export-Csv results.csv -NoTypeInformation

Select allOpen in new window

I asked Qlemo to weigh in on simplifying the script I provided, and, as expected, he was able to condense it.  Thanks again, Qlemo.

Very nice!