Extract the Name from an Active Directory Distinguished Name with PowerShell and a Regular Expression
This is actually something I had a small blurb about in my previous blog article, but I wanted to go back, revisit it, and write a dedicated blog article about it.
Sometimes there are properties in Active Directory like the one in the following example where the
Manager
property is being returned as a distinguished name and what you really wanted was just
their name (in human readable format):
1Get-ADUser -Filter * -SearchBase 'OU=Northwind Users,OU=Users,OU=Test,DC=mikefrobbins,DC=com' -Properties Manager, Title |
2Format-Table -Property Name, Title, Manager -AutoSize
You could write a complicated function or script to query Active Directory for the Managers
information and create a custom object to return both the actual users information and the managers
information, but if you simply want the name of the manager (in this example), it's much easier to
use the substring method or a regular expression. In this blog article, I'll be using a regular
expression.
If you want to create a custom column name and/or a calculated property value with either the
Select-Object
cmdlet or the Format-Table
cmdlet, start out by adding a hash table where you
would normally have a property name as shown in the following example:
1Select-Object -Property @{}
You can mix and match multiple hash tables and/or hash tables and the normal property names in a comma separated list to return more than one property.
Add label
or name
and what you want the "name of the custom property" to be, preferably without
spaces and end with a semicolon:
1Select-Object -Property @{label='Supervisor';}
Label can be abbreviated with an L
and Name can be abbreviated with an N
. I treat these like
aliases and I don't use the abbreviations in scripts or functions.
Then add the Expression
portion of the hash table. The calculated value portion of the expression
goes in another set of curly braces:
1Select-Object -Property @{label='Supervisor';expression={$_.manager}}
At this point, all it does is change the label or name of the manager property to Supervisor:
1Get-ADUser -Identity ndavolio -Properties manager |
2Select-Object -Property @{label='Supervisor';expression={$_.manager}}
I don't claim to be a master of regular expressions, but I can write a fairly simple one to
accomplish the task of extracting the name from a distinguished name. I'll first start out replacing
the CN=
since all managers should have that at the beginning of them:
1Get-ADUser -Identity ndavolio -Properties manager |
2Select-Object -Property @{label='Supervisor';expression={$_.manager -replace '^CN='}}
The caret symbol (^)
in the previous example means look only at the beginning.
For the sake of simplicity, I'll just write another regular expression to take care of everything after the name portion of the distinguished name:
1Get-ADUser -Identity ndavolio -Properties manager |
2Select-Object -Property @{label='Supervisor';expression={$_.manager -replace ',.*$'}}
This one says match a comma, then any character zero or more times and the dollar sign matches the end of a string. This gets rid of everything after the first comma.
The pipe symbol is used to match more than one pattern in a regular expression which gives you the human readable name that you were looking for:
1Get-ADUser -Identity ndavolio -Properties manager |
2Select-Object -Property @{label='Supervisor';expression={$_.manager -replace '^CN=|,.*$'}}
Now to apply this to the first example where multiple users and properties were returned:
1Get-ADUser -Filter * -SearchBase 'OU=Northwind Users,OU=Users,OU=Test,DC=mikefrobbins,DC=com' -Properties Manager, Title |
2Select-Object -Property Name, Title, @{label='Manager';expression={$_.manager -replace '^CN=|,.*$'}}
µ