Home Extended Attribute Unresolvable, Powershell
Reply: 1

Extended Attribute Unresolvable, Powershell

Mark Vickery
1#
Mark Vickery Published in 2017-12-06 17:26:51Z

I am trying to set up a method in which a user can tell me there username, I plug it in and it will return me their computerName.

//Get the Username

$username = Read-Host -prompt 'Username'

//Get the DistinguishedName and store it

$usernameDN = Get-ADUser $username -properties * | SELECT DistinguishedName

//Get the ComputerName
//This one fails everytime

Get-ADComputer -Filter {ManagedBy -eq $usernameDN} -properties * | SELECT CN,ManagedBy

//Error I receive...almost as if it has to be a string

Get-ADComputer : Invalid value: '' specified for extended attribute: 'ManagedBy'. At line:1 char:1 + Get-ADComputer -Filter {ManagedBy -eq $usernamedn} -properties * | SE ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Get-ADComputer], ArgumentException + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Comm ands.GetADComputer

//So you put it as a string

PS C:\WINDOWS\system32> Get-ADComputer -Filter {ManagedBy -eq '$usernamedn'} -properties * | SELECT CN,ManagedBy

//Error

Get-ADComputer : Identity info provided in the extended attribute: 'ManagedBy' could not be resolved. Reason: 'Cannot find an object with identity: '$usernamedn' under: 'DC=****,DC=*****'.'. At line:1 char:1 + Get-ADComputer -Filter {ManagedBy -eq '$usernamedn'} -properties * | ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [Get-ADComputer], ADIdentityResolutionException + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityResolutionException ,Microsoft.ActiveDirectory.Management.Commands.GetADComputer

//However if you replace the variable with the literal DistinguishedName...it will work

PS C:\WINDOWS\system32> Get-ADComputer -Filter {ManagedBy -eq 'CN=*******\, ***** *.,OU=********,OU=*****,OU=******,DC=*****,DC=******'} -properties * | SELECT CN,ManagedBy

//Result

CN        ManagedBy
--        ---------
********* CN=**\, ** *.,OU=***,OU=***,OU=***,DC=***,DC=**
********* CN=**\, ** *.,OU=***,OU=***,OU=***,DC=***,DC=**

So I'm thinking my issue is that the Filter requires it to be string, but I can't figure out the right escape to make the variable read that way.

I tried to do the string formatting as well, but I don't completely understand that yet

Thanks,

Bill_Stewart
2#
Bill_Stewart Reply to 2017-12-06 17:34:53Z

I recommend using -LDAPFilter instead of -Filter and using an LDAP filter string:

Get-ADUser -LDAPFilter "(managedBy=$usernameDN)"

It is worth your while to learn the LDAP search filter syntax, since that's what PowerShell has to "translate" the -Filter into anyway.

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.372985 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO