Get AD distinguished name

Question

I'm trying to take input from a CSV file, which has a list of group names (canonical names) and get the Distinguished Name from it, then output to another CSV file. The code:

#get input file if passed    
Param($InputFile)

#Set global variable to null
$WasError = $null

#Prompt for file name if not already provided
If ($InputFile -eq $NULL) {
  $InputFile = Read-Host "Enter the name of the input CSV file (file must have header of 'Group')"
}

#Import Active Directory module
Import-Module -Name ActiveDirectory -ErrorAction SilentlyContinue

$DistinguishedNames = Import-Csv -Path $InputFile -Header Group | foreach-Object {
  $GN = $_.Group
  $DN = Get-ADGroup -Identity $GN | Select DistinguishedName
}
$FileName = "RESULT_Get-DistinguishedNames" + ".csv"

#Export list to CSV
$DNarray | Export-Csv -Path $FileName -NoTypeInformation

I've tried multiple solutions, and none have seemed to work. Currently, it throws an error because

Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try the command again.

I tried using -Filter also, and in a previous attempt I used this code:

Param($InputFile)

#Set global variable to null
$WasError = $null

#Prompt for file name if not already provided
If ($InputFile -eq $NULL) {
  $InputFile = Read-Host "Enter the name of the input CSV file(file must have header of 'GroupName')"
}

#Import Active Directory module
Import-Module -Name ActiveDirectory -ErrorAction SilentlyContinue

$DistinguishedNames = Import-Csv -Path $InputFile | foreach {
  $strFilter = "*"

  $Root = [ADSI]"GC://$($objDomain.Name)" 

  $objSearcher = New-Object System.DirectoryServices.DirectorySearcher($root) 
  $objSearcher.Filter = $strFilter 
  $objSearcher.PageSize = 1000
  $objsearcher.PropertiesToLoad.Add("distinguishedname") | Out-Null

  $objcolresults = $objsearcher.FindAll() 
  $objitem = $objcolresults.Properties 
  [string]$objDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
  [string]$DN = $objitem.distinguishedname
  [string]$GN = $objitem.groupname

  #Get group info and add mgr ID and Display Name
  $props = @{'Group Name'= $GN;'Domain' = $objDomain;'Distinguished Name' = $DN;}
  $DNS = New-Object psobject -Property $props 
}
$FileName = "RESULT_Get-DistinguishedNames" + ".csv"

#Export list to CSV
$DistinguishedNames | Sort Name | Export-Csv $FileName -NoTypeInformation

The filter isn't the same one I was using here, I can't find the one I was using, the I currently have is a broken attempt.

Anyway, the main issue I was having is that it will get the group name, but search for it in the wrong domain (it wouldn't include Organizational Units) which caused none of them to be found. When I search for a group in PowerShell though (using Get-ADGroup ADMIN) they show up with the correct DN and everything. Any hints or code samples are appreciated.

I can't because of business reasons, but it has a column with the header 'Group' and the names load correctly, it is only the canonical name though, such as . It will output an error for each loop, saying "can't find (name of group) in (domain without OU) — Austin, Jul 30 '15 at 14:04
Check if a group's `SAMAccountName` matches `cn`, if not, `Get-ADGroup` will return null. An uncommon problem, it arises if someone renamed the group altering its CN but not SAMAcccountName. `Get-ADGroup | where {$_.cn -ne $_.samaccountname}` — Vesper, Jul 30 '15 at 14:25
Thanks for that help, when I used [code] $check = Get-ADGroup $GN | where {$_.cn -ne $_.samaccountname} (new line) Write-Host $check [/code] it output what looks like the DN every time, meaning it output CN=xxx,OU=xxx,DC=xxx. Since that uses -ne does that mean they are unequal so it could output it? Thanks for the help so far :) — Austin, Jul 30 '15 at 14:45
Ouch, missed the attribute, it should read `name` instead of `cn`. `Get-ADGroup | where {$_.name -ne $_.samaccountname}` — Vesper, Jul 30 '15 at 14:50
Ah ok now nothing is output, which I assume means they are the same? And sorry about that last comment I'm on my phone it's hard to respond on it. — Austin, Jul 30 '15 at 15:03

score 1 · Accepted Answer · answered Jul 30 '15 at 15:29

1

You seemingly miss the point of $variable = cmdlet|foreach {script-block} assignment. The objects to assign to $variable should be returned (passed through the script block) in order to end up in $variable. Both your main loops contain the structure of the line $somevar=expectedOutput where expectedOutput is either a New-Object psobject or Get-ADGroup call. The assignment to $someVar suppresses the output, so that the script block does not have anything to return, and $variable remains null. To fix, do not prepend the call that should return an object into outside variable with an assignment.

$DistinguishedNames = Import-Csv -Path $InputFile -Header Group | foreach-Object {
    $GN = $_.Group
    Get-ADGroup -Identity $GN | Select DistinguishedName # drop '$DN=`
}
$DistinguishedNames | Export-CSV -Path $FileName -NoTypeInformation

The same issue with the second script.

answered Jul 30 '15 at 15:29

Vesper

18,599
6
39
61

Thanks! This works as the output file contains the DNs, although the script still gives an error that "Cannot find an object with identity: 'FCadmin' under: 'DC=xxx'." It still works, but do you think this could cause some type of issue in the future? – Austin Jul 30 '15 at 15:39
Check if `FCadmin` is actually a group, and is actually in the requested domain. I expect `FCadmin` to be a user. – Vesper Jul 30 '15 at 19:32
For clarification, this happens with every group, not just FCadmin, sorry I didn't make that clear. And these are all groups, no users. – Austin Jul 30 '15 at 19:34

Get AD distinguished name

1 Answers1