0

I'm trying to create a simple script that will automate membership to a security group for my org. I think my variables are coming back empty and are likely either defined wrong or I messed up the syntax somehow. Hoping someone here can help me see the error in my ways!

I am going to edit the code below to better explain my issue. The attribute I am calling can either have a value of M or it is null.

If I run the following command, I get back a list of users who have extensionattribute6 = M

get-aduser -filter {extensionattribute6 -like 'M*'}

If I attempt to add in the section that specifies OU, the results become null. I guess all I'm asking is if there is a syntax mistake with the OUs or, if not, if anyone could hazard a guess as to what I am doing wrong. :)

$OU = "ou=ou1,ou=ou2,ou=ou3,dc=dc1,dc=dc2"
get-aduser -filter {extensionattribute6 -like 'M*'} -searchbase $OU
Improve this question
2
  • 1
    What editor or IDE are you using? You should be able to check the variable values using code breakpoints. Are you getting any specific issues or errors? Commented Jan 15, 2020 at 14:54
  • I'm using the locally installed powershell on a server. In this case, it's powershell 2.0 and there is no ISE that came with it. I don't think I'll be able to install anything too fancy-- this needs to run on a domain controller. I am the apprentice here. Let me know if any of that doesn't sound quite right. Thanks! Commented Jan 15, 2020 at 17:15

2 Answers 2

Reset to default
2

When you use the filter and like operator, you have to use the * on the right side of the statement.

$managers = Get-ADUser -SearchBase $OU -Filter "extensionattribute6 -like 'M*'"

This will add a list of AD Users that have a value that Starts with M in extensionattribute6. If you dont add the * to the right side, 'M', then it will look for all users with an extensionAttribute6 value that equals M.

If you are comparing them to be equal, then you can use -eq for equality (without stars * inside quote)

$managers = Get-ADUser -SearchBase $OU -Filter "extensionattribute6 -eq 'M'"

If you have multiple specific OUs you want to go over, might i suggest using a list of these OUs and iterating over them.

$OUs = @()
$OUs += "OU=OU1,DC=domain,dc=com"
$OUs += "OU=OU2,OU=someParent,dc=domain,dc=com"
...

$managers = @()
foreach($OU in $OUs) {
  $managers += Get-ADUser -SearchBase $OU -Filter "extensionattribute6 -eq 'M'"
}
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

Thanks for the tip! That is a good catch. Unfortunately, it doesn't seem to be the root cause, though it did clear up some of the errors.
Are you sure extensionAttribute6 is filled up for all the users you are working with ? What errors are you getting. Can you post those in your question please
I've edited my original post to be clearer. Sorry for the confusion!
for testing purposes, change your OU to "dc=domain,dc=com" (actual domain values) dc=domain,dc=com represents the root domain: domain.com.
I was able to successfully pull a list of users when excluding OU and only specifying "dc=domain,dc=com"
|
0

I arrived at a solution to this. I needed to call a new variable, borrowing heavily from what Jawad suggested.

The code I settled on is as follows.

$Managers = @()
$Managers += get-aduser -filter * -searchbase "ou=ou1,ou=ou2,ou=ou3,dc=dc1,dc=dc2" -properties extensionattribute6 | where-object{$_.extensionattribute6 -like 'M*'}
foreach ($Manager in $Managers) {add-adgroupmember -identity <groupname> -members $Manager}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.