I just put a script together last week to convert from DN to CN and back. I got
most of it from the articles already posted earlier in this thread. May not be
the cleanest code, but it works.
CN to DN
function ConvertFrom-Canonical {
param(
[string]$canoincal=(trow '$Canonical is required!')
)
$canoincal = "DOMAIN.com/" + $canoincal
$obj = $canoincal.Replace(',','\,').Split('/')
[string]$DN = "CN=" + $obj[$obj.count - 1]
for ($i = $obj.count - 2;$i -ge 1;$i--){$DN += ",OU=" + $obj[$i]}
$obj[0].split(".") | ForEach-Object { $DN += ",DC=" + $_}
return $dn
}
DN to CN
$Parts=$OU.Split(",")
$NumParts=$Parts.Count
$FQDNPieces=($Parts -match 'DC').Count
$Middle=$NumParts-$FQDNPieces
foreach ($x in ($Middle+1)..($NumParts)) {
$CN+=$Parts[$x-1].SubString(3)+'.'
}
$CN=$CN.substring(0,($CN.length)-1)
foreach ($x in ($Middle-1)..0) {
$Parts[$x].substring(3) | Out-Null
$CN+="/"+$Parts[$x].SubString(3)
}
$CN = $CN.Replace("DOMAIN.com/","")
$global:ADOUPrompt.Items.Add($CN)
$CN = ""
Daniel Ratliff
From: [email protected] [mailto:[email protected]] On
Behalf Of Michael B. Smith
Sent: Thursday, November 13, 2014 9:21 AM
To: [email protected]
Subject: [powershell] RE: Search For OU Using Filter With CanonicalName in AD
You can speed this up quite a bit by using .NET (in the
System.DirectoryServices namespace) - which is almost certainly what the QAD
cmdlets do - but you are always going to be limited by the fact that
CanonicalName is a constructed attribute.
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Aakash Shah
Sent: Wednesday, November 12, 2014 11:24 PM
To: [email protected]<mailto:[email protected]>
Subject: [powershell] RE: Search For OU Using Filter With CanonicalName in AD
Thanks for the information. I came across that while I was researching into
this, but I was hoping that there would be a better way to convert/search for
this with the newer versions of Powershell/AD cmdlets (the posted solution is 6
years old).
Thanks,
-Aakash Shah
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Damien Solodow
Sent: Wednesday, November 12, 2014 8:03 PM
To: [email protected]<mailto:[email protected]>
Subject: [powershell] RE: Search For OU Using Filter With CanonicalName in AD
Perhaps something like this: http://poshcode.org/512http://poshcode.org/512 ?
DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE
________________________________
From: [email protected]<mailto:[email protected]>
[[email protected]] on behalf of Aakash Shah [[email protected]]
Sent: Wednesday, November 12, 2014 10:48 PM
To: [email protected]<mailto:[email protected]>
Subject: [powershell] RE: Search For OU Using Filter With CanonicalName in AD
If I have the canonical name "domain.com/OU", I am looking for a way to convert
this into its corresponding DN value of "OU=OU,DC=domain,DC=com". I plan to
then use this to feed other cmdlets like Get-ADUser where the -SearchBase
parameter appears to expect a DN value.
In my earlier email, I was attempting to search AD for the canonical name using
the "-Filter" parameter in Get-ADOrganizationalUnit since it appears to have
CanonicalName as an attribute, but I was unsuccessful.
My apologies for the confusion.
Thank you,
-Aakash Shah
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Michael B. Smith
Sent: Wednesday, November 12, 2014 7:27 PM
To: [email protected]<mailto:[email protected]>
Subject: [powershell] RE: Search For OU Using Filter With CanonicalName in AD
I don't understand what you are asking for. Please give an example...
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Aakash Shah
Sent: Wednesday, November 12, 2014 9:59 PM
To: [email protected]<mailto:[email protected]>
Subject: [powershell] Search For OU Using Filter With CanonicalName in AD
Is there a clean/efficient way to filter for a canonical name in AD? I tried
the following but it did not work:
Get-ADOrganizationalUnit -Filter 'CanonicalName -eq "domain.com/OU"'
-Properties 'CanonicalName'
When I looked up other solutions, I found some sources where the string is
parsed and manually pieced together as a DN entry, but I would like to avoid
that preferably. I was able to previously do this with the Quest cmdlets but I
am working on moving away from them and am trying to find equivalent
approaches, if possible.
I can pipe Get-ADOrganizationalUnit to a Where cmdlet to then do a search, but
it is much slower:
Get-ADOrganizationalUnit -Filter * -Properties 'CanonicalName' | Where-Object
{$_.CanonicalName -eq 'domain.com/OU'}
Or, if anyone has information on using built in commands to convert a canonical
name to a DN value, that would also be appreciated (the solutions I found also
manually pieced each block together).
Thanks,
-Aakash Shah
================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1
================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1
================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1
================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1
================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1
================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1
The information transmitted is intended only for the person or entity to which
it is addressed
and may contain CONFIDENTIAL material. If you receive this
material/information in error,
please contact the sender and delete or destroy the material/information.
================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1
