PowerShell Script: Finding A Distinguished Name of a Group/User: Function Find-DN
By: Brenton Blawat
This article explains the the method by which one would be able to Search Active Directory for the distinguished name of a User or Group. This is helpful when trying to add an object to Active Directory or adding Users to Groups.
Function Find-DN Finding Distinguished Name: Download PS1 Here
1: # Function Find Distinguished Name
2: function find-dn { param([string]$adfindtype, [string]$cName)
3: # Create A New ADSI Call
4: $root = [ADSI]''
5: # Create a New DirectorySearcher Object
6: $searcher = new-object System.DirectoryServices.DirectorySearcher($root)
7: # Set the filter to search for a specific CNAME
8: $searcher.filter = "(&(objectClass=$adfindtype) (CN=$cName))"
9: # Set results in $adfind variable
10: $adfind = $searcher.findall()
11:
12: # If Search has Multiple Answers
13: if ($adfind.count -gt 1) {
14: $count = 0
15: foreach($i in $adfind)
16: {
17: # Write Answers On Screen
18: write-host $count ": " $i.path
19: $count += 1
20: }
21: # Prompt User For Selection
22: $selection = Read-Host "Please select item: "
23: # Return the Selection
24: return $adfind[$selection].path
25: }
26: # Return The Answer
27: return $adfind[0].path
28: }
Using this Function:
1: # To use the function to find a User:
2: find-dn "user" "Blawat"
3:
4: # To use the function to find a Group:
5: find-dn "group" "IT Help Desk"
Dude, there are many Free Active Directory reporting tools that you can use to find the DN of objects.
You ought to try one of those as well. Why would you want to waste your time writing quirky PowerShell scripts?!
Marc
May 28, 2010
Marc,
Thank you for your post on my blog. I respectfully disagree with your blog about Powershell not being a tool. When I first started working with Powershell, I felt the same way as well as I was more comfortable with a GUI environment for all of my transactions. This however, became quickly clear as a Systems Engineer that the GUI would not work in enterprise environments. Why?
Take a school, for example, where you have students that come and go every year. One of my largest school clients has in excess of 700 students a year. When each student gets an active directory logon and an exchange email, you will have to develop a script to import these students. While the import-csv utility maps a csv file to active directory attributes, what happens when you try to import a user with an existing username? That’s why the function described in this article is powerful, as you can check before you import and have an error.
A second example, the company I am currently consulting for is in the Top 10 of the Fortune 500 organizations. They have to create systems to distribute to a multitude of hospitals. We have to create unique forests and domains for the systems. In doing this, we have a script that populates the active directory schema with OUs, Users and Groups, imports the predefined policies, and does a validation check to ensure Active directory meets the regulatory requirements.
With VB Scripts slated to go away in the next Server release, it’s imperative that Systems Engineers learn Powershell as it is the new standard for systems. Plus being able to perform EVERYTHING that you can in a VB script with Powershell and make references to .NET assemblies (like my encryption article), it’s a tough argument to not use it.
Happy Coding!
-Brenton
brentblawat
May 28, 2010