Actions

Powershell: Parse AD DistinguishedName

From Rabbi Blog

Revision as of 13:12, 20 April 2019 by Rabbi Bob (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Purpose

Using Powershell, break down the elements of the AD DistinguisedName value return. Ideally, use this has a launching point to handle CN, OU, DC, etc values from the resulting array.

Script will capture out the LDAP elements and allow for flipping the array (good for hierarchical output). The script can be used from this stage to then do more other things with the LDAP elements as needed.

Background

At first I wanted to do this via regex however at my level of knowledge it seemed to be a higher hurdle to break down the variable length input DN string. Luckily I realized that it's a comma separated value and it is nicely split by commas.

Code

########################################################################################
# User Variables
########################################################################################
$DN_ARRAY_FLIP=1;   #Set to 1 to flip $DN_ARRAY before parsing
$AD_distinguishedName = 'CN=Some B. User,OU=Accounting,OU=Part Time,OU=Staff,OU=Users,DC=Rabbibob,DC=com'
########################################################################################
# System Variables
$DN_ARRAY=@()
$DN_Counter=0
########################################################################################
write-host $AD_distinguishedName

## Split $AD_distinguishedName into $DN_ARRAY ##########################################
$AD_distinguishedName | Foreach{
    $DN_ARRAY=$_.split(",")
}

write-host "Size of Array:" $DN_ARRAY.Length "Flip Bit: $DN_ARRAY_FLIP" 

########################################################################################
# Check to see if the array should be flipped ($DN_ARRAY_FLIP)
########################################################################################
if ($DN_ARRAY_FLIP -eq 1){
    [array]::Reverse($DN_ARRAY)
    #Flipping the Array (for report from a heirarchy perspective)
    }

########################################################################################
# Run through $DN_ARRAY and match elements
########################################################################################
foreach($DN_ARRAY_VALUE in $DN_ARRAY)
    {
    $DN_COUNTER++

    if ($DN_ARRAY_VALUE -match '(CN=)(.*)') { 
        write-host "Matched CN at Position" $DN_COUNTER":" $Matches[2]         }
        elseif ($DN_ARRAY_VALUE -match '(DC=)(.*)') { 
            write-host "Matched DC at Position" $DN_COUNTER":" $Matches[2] }
            elseif ($DN_ARRAY_VALUE -match '(OU=)(.*)') { 
                write-host "Matched OU at Position" $DN_COUNTER":" $Matches[2]}
                    else {
                        write-host "Unmatched Item: $DN_ARRAY_VALUE "
                        }

    }

Output

CN=Some B. User,OU=Accounting,OU=Part Time,OU=Staff,OU=Users,DC=Rabbibob,DC=com
Size of Array: 7 Flip Bit: 1
Matched DC at Position 1: com
Matched DC at Position 2: Rabbibob
Matched OU at Position 3: Users
Matched OU at Position 4: Staff
Matched OU at Position 5: Part Time
Matched OU at Position 6: Accounting
Matched CN at Position 7: Some B. User
Retrieved from "https://www.rabbibob.com/index.php?title=Powershell:_Parse_AD_DistinguishedName&oldid=1314"