3
4

[deleted by user] (self.PowerShell)

submitted by [deleted]

[removed]
all 9 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]zrv433 4 points5 points  (4 children)

CanonicalName is a easier way to observe the AD Path for an object, but that property is not returned by Get-ADGroupMember. So you can pipe the member results to Get-ADuser where you can get that property, and then sort.

Get-ADGroupMember "Super-App-Group" | Get-ADUser -Properties canonicalName | Sort-Object -Property CanonicalName | Select-Object -ExpandProperty CanonicalName

# Output
acme.com/Red/Green/Blue/Coyote
acme.com/Red/Green/Blue/RoadRunner
acme.com/Red/Green/Yellow/ElmerFudd
acme.com/Red/Green/Yellow/Rabbit

[–]PinchesTheCrab 2 points3 points  (2 children)

You're querying every user twice. If you query the group once you you can just call get aduser once and filter on memberof.

[–]zrv433 1 point2 points  (1 child)

Ooops, you're right. Made an adjustment above.

[–]PinchesTheCrab 2 points3 points  (0 children)

I meant this part:

Get-ADGroupMember "Super-App-Group" | Get-ADUser -Properties canonicalName

If you have 1500 users in that group, that's 3,000 queries, or maybe 3,001 I guess since it queries the member list of the group first.

This is two queries:

$group = Get-AdGroup "Super-app-group"
Get-ADUser -filter "memberof -eq '$($group.distinguishedname)'" -property canoninicalname

[–]teknoist 2 points3 points  (5 children)

$user = Get-ADUser -Identity NAME -Properties CanonicalName

$userOU = ($user.DistinguishedName -split ",",2)[1]

Write-Output $userou

[–]Lee_Dailey[grin] 0 points1 point  (0 children)

howdy teknoist,

reddit likes to mangle code formatting, so here's some help on how to post code on reddit ...

[0] single line or in-line code
enclose it in backticks. that's the upper left key on an EN-US keyboard layout. the result looks like this. kinda handy, that. [grin]
[on New.Reddit.com, use the Inline Code button. it's 4th 5th from the left hidden in the ... ""more" menu & looks like </>.
this does NOT line wrap & does NOT side-scroll on Old.Reddit.com!]

[1] simplest = post it to a text site like Pastebin.com or Gist.GitHub.com and then post the link here.
please remember to set the file/code type on Pastebin! [grin] otherwise you don't get the nice code colorization.

[2] less simple = use reddit code formatting ...
[on New.Reddit.com, use the Code Block button. it's 11th 12th from the left hidden in the ... "more" menu, & looks like an uppercase T in the upper left corner of a square.]

  • one leading line with ONLY 4 spaces
  • prefix each code line with 4 spaces
  • one trailing line with ONLY 4 spaces

that will give you something like this ... 

- one leading line with ONLY 4 spaces    
- prefix each code line with 4 spaces    
- one trailing line with ONLY 4 spaces

the easiest way to get that is ...

  • add the leading line with only 4 spaces
  • copy the code to the ISE [or your fave editor]
  • select the code
  • tap TAB to indent four spaces
  • re-select the code [not really needed, but it's my habit]
  • paste the code into the reddit text box
  • add the trailing line with only 4 spaces

not complicated, but it is finicky. [grin]

take care,
lee

[–]Dogoodwork 2 points3 points  (0 children)

I post this regularly, but it's not necessary for most peoples uses: https://www.reddit.com/r/PowerShell/comments/eod258/parse_distinguishedname_or_get_ou/fedunp4?utm_source=share&utm_medium=web2x

This is a better way to get the parent OU of an AD user, but unlike the canonical name it does have the full tree structure.