Issue with passing variable to get-aduser cmdlt

1
votes

Just getting started with Powershell and I've run into a roadblock. I'm trying to iterate through AD and get a list of all OU's. From there I'm trying to get user account info for each user in each OU. To test I've been able to get the DN for all OU's and output to console but when I try and pass those values to the get-aduser cmdlt it fails.

Here's my code:

import-module activedirectory
$SearchBase = get-adorganizationalunit -filter * -searchbase "ou=users,ou=myUsers,dc=company,dc=local" -Properties CanonicalName | select-object -Property distinguishedName
foreach ($ou in $SearchBase) {
get-aduser -filter * -searchbase $ou -Properties givenName,sn,mail
}

I'm getting the following error message: "The supplied distinguishedName must belong to one of the following partitions..."

I think the issue is that when passing $ou to the get-aduser cmdlt the distinguished name must be enclosed in quotes after -searchbase correct? If so not sure how to go about that. Any help is appreciated.

1
powershellactive-directory
Try and use -Expandproperty in your select-object. This will only show the object and nothing else. - Anders

1 Answers

1
votes

The issue you are having is you need to expand the property you are selecting. You will notice if you run:

get-adorganizationalunit -filter * -searchbase "ou=users,ou=myUsers,dc=company,dc=local" -Properties CanonicalName | select-object -Property distinguishedName

It will show the parent property:

enter image description here

There are two ways to fix this:

  1. Expand the property in your select statement:

    $SearchBase = get-adorganizationalunit -filter * -searchbase "ou=users,ou=myUsers,dc=company,dc=local" -Properties CanonicalName | select-object -ExpandProperty distinguishedName

  2. OR Call the Property in your foreach:

    foreach ($ou in $SearchBase) { get-aduser -filter * -searchbase $ou.distinguishedName -Properties givenName,sn,mail }