Hey, Scripting Guy! I have been trying, in vain, to return the parent-path of AD objects in distinguishedName format within PowerShell. I have created a function to do this, but it fails when AD objects have special characters in their name (e.g. '\', '/', '.', etc.). It would be great if the split-path was able to do this for a DN.
Thanks for any help you are able to give! The current function I have is as follows:
function Get-EParentPath
{
<#
.SYNOPSIS
Get's path from an AD object
.DESCRIPTION
Get-EParentPath Version 1.0 - Retrieves user, group, OU, Computer, etc. path from an AD object. This
function also has the ability to change the domain suffix of the parentpath object via the
NewDomainSuffix parameter.
.PARAMETER ObjectName
The name of the AD object to look up. This can be in the format that each cmdlet supports.
So for the ObjectType 'User', you can use DN, SamAccountName, etc.
Note: For an Organizational Unit, it must be in distinguishedName format.
.PARAMETER ObjectType
Provide the AD object type, such as User, Group, OrganizationalUnit, or Computer
.PARAMETER cmdletOptions
You can add additional arguments according the the cmdlet that is being run (i.e. ObjectType User uses
Get-ADUser, OrganizationalUnit uses Get-ADOrganizationalUnit, Group uses Get-ADGroup, Computer uses
Get-ADComputer). This parameter uses 'SPLAT' via a hashtable to write the arguments. For information
on the arguments, see get-help <cmdletName> -full (e.g. get-help Get-ADUser -full). For example,
you may want to add -properties Department,HomeDirectory,HomeDrive for a ObjectType 'User' and bind to
DC1. To do this you would add the following to the Get-EParentPath function:
Get-EParentPath <username> user -cmdletOptions @{"Properties"="Description","HomeDirectory","HomeDrive","ProxyAddresses";"Server"="DC7"}
.PARAMETER NewSuffix
The NewSuffix parameter gives the ability to change the suffix DN. You may desire
to change the path suffix of an AD object to copy the object to another domain. For example,
you may have a DN path that you want to change from DC=MyDomain,DC=CA to DC=YourDomain,DC=CA.
Note1: The -NewSuffix should be in quoted comma seperated list
(e.g. "dc=currentsuffix,dc=ca","dc=newsuffix,dc=ca")
Note2: The first input listed in the -NewSuffix array MUST be an exact match to your current
object suffix. So if the ParentPath is "OU=Clients,DC=MyDomain,DC=ca" then you must use
either "dc=ca" OR "DC=MyDomain,DC=ca OR (replace the entire path) "OU=Clients,DC=MyDomain,DC=ca"
.EXAMPLE
Get-EParentPath -ObjectName "OU=clients,DC=MyDomain,DC=ca" -ObjectType OrganizationalUnit
Get the path for the 'Clients' Organizational Unit at the base of AD Domain
* Note * Only accepts DistinguishedName
.EXAMPLE
Get-EParentPath -ObjectName "CN=Administrators,CN=Builtin,DC=MyDomain,DC=ca" -ObjectType Group
Get's the path for built-in Administrators group
.EXAMPLE
Get-EParentPath -ObjectName joesmith -ObjectType User
Get's the path for user sAMAccountName 'joesmith'
.EXAMPLE
Get-ADGroup "CN=Administrators,CN=Builtin,DC=MyDomain,DC=ca" | Get-EParentPath -ObjectType Group
Gets the builtin Administrator group and pipes it to the Get-EParentPath function
.EXAMPLE
$User = Get-EParentPath rchan user
Creates a variable called 'User' to store the ParentPath for user Chan. Since arguements are not
explicitly being assigned, the funciton uses possitional arguements.
.EXAMPLE
$User = Get-EParentPath rchan user -NewSuffix "DC=MyCurrentDomain,DC=ca","DC=NewDomain,DC=ca"
Converts the suffix domain from "DC=MyCurrentDomain,DC=ca" to "DC=NewDomain,DC=ca"
.EXAMPLE
Get-EParentPath rchan user -cmdletOptions @{"Properties"="Description","HomeDirectory","HomeDrive","ProxyAddresses";"Server"="DC1"}
Uses Get-ADUser '-Properties' to retrieve additional information ("Description","HomeDirectory","HomeDrive","ProxyAddresses")
and binds to DC1 using the '-Server' argument
.LINK
http://social.technet.microsoft.com/Forums/windowsserver/en-US/830ff383-9057-45d8-ae10-5e567efd36f8/how-to-get-parent-container-path-of-the-ad-user-object
#>
[CmdletBinding(SupportsShouldProcess=$True,ConfirmImpact='Low')]
param
(
[Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)]
[string]$ObjectName,
[Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)]
[ValidateSet("User","Group","OrganizationalUnit","Computer")]
[string]$ObjectType,
[Parameter(Mandatory=$false,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)]
[hashtable]$cmdletOptions= (@{Properties="DistinguishedName"}),
[Parameter(Mandatory=$false,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)]
[array]$NewSuffix
)
BEGIN
{
# Start Get-Path
}
PROCESS
{
try
{
$ADObject = @()
foreach($Object in $ObjectName)
{
#$ObjectClass = $Object.ObjectClass
if($ObjectType -eq 'User')
{
if($NewSuffix -ne $null)
{
$Result = Get-ADUser $Object @cmdletOptions| Select-Object *,@{l='ParentPath';e={([adsi]"LDAP://$($_.DistinguishedName)").Parent}}
$Result.ParentPath = (Split-Path $Result.ParentPath -Leaf)
$NewSuffixBuild = @{"CurrentSuffix"="$($NewSuffix[0])";"NewSuffix"="$($NewSuffix[1])"}
$NewSuffixReplace = $Result.ParentPath -replace ("$($NewSuffixBuild.CurrentSuffix)$","$($NewSuffixBuild.NewSuffix)")
$Result.ParentPath = $NewSuffixReplace
}
elseif($NewSuffix -eq $null)
{
$Result = Get-ADUser $Object @cmdletOptions | Select-Object *,@{l='ParentPath';e={([adsi]"LDAP://$($_.DistinguishedName)").Parent}}
$Result.ParentPath = (Split-Path $Result.ParentPath -Leaf)
}
$ADObject += $Result
}
elseif($ObjectType -eq 'Group')
{
if($NewSuffix -ne $null)
{
$Result = Get-ADGroup $Object @cmdletOptions| Select-Object *,@{l='ParentPath';e={([adsi]"LDAP://$($_.DistinguishedName)").Parent}}
$Result.ParentPath = (Split-Path $Result.ParentPath -Leaf)
$NewSuffixBuild = @{"CurrentSuffix"="$($NewSuffix[0])";"NewSuffix"="$($NewSuffix[1])"}
$NewSuffixReplace = $Result.ParentPath -replace ("$($NewSuffixBuild.CurrentSuffix)$","$($NewSuffixBuild.NewSuffix)")
$Result.ParentPath = $NewSuffixReplace
}
elseif($NewSuffix -eq $null)
{
$Result = Get-ADGroup $Object @cmdletOptions| Select-Object *,@{l='ParentPath';e={([adsi]"LDAP://$($_.DistinguishedName)").Parent}}
$Result.ParentPath = (Split-Path $Result.ParentPath -Leaf)
}
$ADObject += $Result
}
elseif($ObjectType -eq 'OrganizationalUnit')
{
if($NewSuffix -ne $null)
{
$Result = Get-ADOrganizationalUnit $Object @cmdletOptions| Select-Object *,@{l='ParentPath';e={([adsi]"LDAP://$($_.DistinguishedName)").Parent}}
$Result.ParentPath = (Split-Path $Result.ParentPath -Leaf)
$NewSuffixBuild = @{"CurrentSuffix"="$($NewSuffix[0])";"NewSuffix"="$($NewSuffix[1])"}
$NewSuffixReplace = $Result.ParentPath -replace ("$($NewSuffixBuild.CurrentSuffix)$","$($NewSuffixBuild.NewSuffix)")
$Result.ParentPath = $NewSuffixReplace
}
elseif($NewSuffix -eq $null)
{
$Result = Get-ADOrganizationalUnit $Object @cmdletOptions| Select-Object *,@{l='ParentPath';e={([adsi]"LDAP://$($_.DistinguishedName)").Parent}}
$Result.ParentPath = (Split-Path $Result.ParentPath -Leaf)
}
$ADObject += $Result
}
elseif($ObjectType -eq 'Computer')
{
if($NewSuffix -ne $null)
{
$Result = Get-ADComputer $Object @cmdletOptions| Select-Object *,@{l='ParentPath';e={([adsi]"LDAP://$($_.DistinguishedName)").Parent}}
$Result.ParentPath = (Split-Path $Result.ParentPath -Leaf)
$NewSuffixBuild = @{"CurrentSuffix"="$($NewSuffix[0])";"NewSuffix"="$($NewSuffix[1])"}
$NewSuffixReplace = $Result.ParentPath -replace ("$($NewSuffixBuild.CurrentSuffix)$","$($NewSuffixBuild.NewSuffix)")
$Result.ParentPath = $NewSuffixReplace
}
elseif($NewSuffix -eq $null)
{
$Result = Get-ADComputer $Object @cmdletOptions| Select-Object *,@{l='ParentPath';e={([adsi]"LDAP://$($_.DistinguishedName)").Parent}}
$Result.ParentPath = (Split-Path $Result.ParentPath -Leaf)
}
$ADObject += $Result
}
}
Write-Output $ADObject
}
Catch
{
Write-ELog -Type "ERROR" -Message "Could not get path for ObjectName: $ObjectName, ObjectType: $ObjectType"
write-ELog -Type "ERROR" -Message "$Error[0]"
}
}
END
{
# End of Get-EUserFromGroup
}
}