Extract the Name from an Active Directory Distinguished Name with PowerShell and a Regular Expression

This is actually something I had a small blurb about in my previous blog article, but I wanted to go back, revisit it, and write a dedicated blog article about it.

Sometimes there are properties in Active Directory like the one in the following example where the “Manager” property is being returned as a distinguished name and what you really wanted was just their name (in human readable format):

distname1

You could write a complicated function or script to query Active Directory for the “Managers” information and create a custom object to return both the actual users information and the managers information, but if you simply want the name of the manager (in this example), it’s much easier to use the substring method or a regular expression. In this blog article, I’ll be using a regular expression.

If you want to create a custom column name and/or a calculated property value with either the Select-Object cmdlet or the Format-Table cmdlet, start out by adding a hash table where you would normally have a property name as shown in the following example:

You can mix and match multiple hash tables and/or hash tables and the normal property names in a comma separated list to return more than one property.

Add “label” or “name” and what you want the “name of the custom property” to be, preferably without spaces and end with a semicolon:

Label can be abbreviated with an “L” and Name can be abbreviated with an “N”. I treat these like aliases and I don’t use the abbreviations in scripts or functions.

Then add the ‘Expression’ portion of the hash table. The calculated value portion of the expression goes in another set of curly braces:

At this point, all it does is change the label or name of the manager property to Supervisor:

distname2

I don’t claim to be a master of regular expressions, but I can write a fairly simple one to accomplish the task of extracting the name from a distinguished name. I’ll first start out replacing the “CN=” since all managers should have that at the beginning of them:

distname3

The caret symbol (^) in the previous example means look only at the beginning.

For the sake of simplicity, I’ll just write another regular expression to take care of everything after the name portion of the distinguished name:

distname4a

This one says match a comma, then any character zero or more times and the dollar sign matches the end of a string. This gets rid of everything after the first comma.

The pipe symbol is used to match more than one pattern in a regular expression which gives you the human readable name that you were looking for:

distname5

Now to apply this to the first example where multiple users and properties were returned:

distname6

µ

6 Comments

  1. techvet

    This looks awesome because this is exactly what I need to pull out the manager’s first and last name for a user report I have to create. I haven’t tried it yet but it look VERY interesting. Thank you very much!

    -Techvet

    Reply
  2. misfit

    Thank you Mike, it’s very helpful

    Reply
  3. You Rock

    Thank you so much for this tutorial

    Reply
  4. Godly George

    How about if i wanted the OU= Northwind Users?

    Reply
  5. Shadoe Oversun

    Thanks for this!!

    This may be a little unrelated; do you know how I could pipe a Manager field into a:

    Search-ADAccount -AccountExpiring -TimeSpan 15.00:00:00 | Select Name,AccountExpirationDate,Manager

    My output has a Manager column, but there is no actual data.

    Thanks!

    Reply

Leave a Reply

%d bloggers like this: