locked
Powershell Newbie Question RRS feed

  • Question

  • I have a script that's searching active directory for all users with a specific email domain then the script is moving all the users to a specific OU. 

    Example:

    User1@domain1.com

    user2@domain2.com

    User3@domain3.com

    I need to move user1@domain1.com from its current OU to a new OU called domain1. 

    I have a text file with the list of OUs but its not the dn or cn. I have another text file with OUs that should be excluded. 

    Sample Script below:

                                     

    $outputfilelocation = "c:\temp\output.txt"

      Try {
            $QuestSnapInLoaded = $true
            Add-PSSnapin Quest.Activeroles.ADManagement -EA stop -ErrorVariable err
        }
    Catch { 
    Write-Warning " Quest PS Snapin failed to load. Please download and install Quest snapin"
    $err | Out-File $OutputFileLocation -Append
    $QuestSnapInLoaded = $false
        }

    $ous = get-content c:\temp\ou.txt

    foreach ($ou in $ous) {

    if ((get-content c:\temp\excludeou.txt) -eq $ou) {

    write-host "OU is on exclude OU list"

    pause}

    else {

    $oupath = Get-QADObject -type organizationalunit |Where-Object {$_.name -like "$ou"} |select CanonicalName

    $users = Get-QADUser | where-object {$_.email -like "*@$ou.com"}

    foreach ($user in $users) {

    Move-QADObject -id $user -NewParentContainer "$oupath" }

    }}

    When I run the script, I get the following error message. 

    Move-QADObject : Cannot resolve directory object for the given identity: '@{CanonicalName=domain.com/domain}'.

    I'm not sure how to extract only "domain.com/domain" from the CanonicalName prior to passing the variable to move-object. Any help provided will be greatly appreciated. Thanks in advance.




    • Edited by BP Guides Admin Friday, April 18, 2014 3:48 AM
    • Moved by Bill_Stewart Friday, May 23, 2014 6:46 PM Abandoned; outside forum scope
    Friday, April 18, 2014 3:45 AM

Answers

  • Hi - "PowerShell Newbie question" is not a question. A topic, if it is a question type of topic needs to be a question. It is how people find things and how we are able to understand what the topic is about.

    If this is a question it is hard to see what it is.  You discuss many things but it all seems to come down to having an error.

    You are passing a user object to a CmdLet that wants to have an identity.

    Your description and script are very hard to follow.  I suggest starting by spending some time leaning how to use PowerShell.  Take your task one step at a time.  Test the outcome of each step and be sure you understand what it does.  Once you learnthe basics of PowerSHell then look at exaamples of Quest scripts and try to understand how they work.  You will also need to learn what Active Directory is.  What is anidentity and what is a name or canonical name.

    Most of what I see has been copied from somewhere where the writers are clearly not skilled with scripting  so you may have picked up bad information.

    Here is a starter to get things back on a usable path:

    Start with this until you understand it and fix any other issues you may not have understood.   You can add the fancy stuff back in later.

    Add-PSSnapin Quest.Activeroles.ADManagement
    
    $excluded=get-content c:\temp\excludeou.txt
    $ous=get-content c:\temp\ou.txt | ?{$excluded -notcontains $_}
    
    # get users by maching email address to OU
    foreach($ou in $ous){
         $newParent=Get-QADObject -Type organizationalunit -Identity $ou
         Get-QADUser -Email "*$ou*" |
              Move-QADObject -NewParentContainer $newParent -whatif
    }
    


    ¯\_(ツ)_/¯

    • Proposed as answer by jrv Friday, April 18, 2014 6:18 PM
    • Marked as answer by Just Karl Tuesday, June 2, 2015 10:49 PM
    Friday, April 18, 2014 7:05 AM

All replies

  • Hi - "PowerShell Newbie question" is not a question. A topic, if it is a question type of topic needs to be a question. It is how people find things and how we are able to understand what the topic is about.

    If this is a question it is hard to see what it is.  You discuss many things but it all seems to come down to having an error.

    You are passing a user object to a CmdLet that wants to have an identity.

    Your description and script are very hard to follow.  I suggest starting by spending some time leaning how to use PowerShell.  Take your task one step at a time.  Test the outcome of each step and be sure you understand what it does.  Once you learnthe basics of PowerSHell then look at exaamples of Quest scripts and try to understand how they work.  You will also need to learn what Active Directory is.  What is anidentity and what is a name or canonical name.

    Most of what I see has been copied from somewhere where the writers are clearly not skilled with scripting  so you may have picked up bad information.

    Here is a starter to get things back on a usable path:

    Start with this until you understand it and fix any other issues you may not have understood.   You can add the fancy stuff back in later.

    Add-PSSnapin Quest.Activeroles.ADManagement
    
    $excluded=get-content c:\temp\excludeou.txt
    $ous=get-content c:\temp\ou.txt | ?{$excluded -notcontains $_}
    
    # get users by maching email address to OU
    foreach($ou in $ous){
         $newParent=Get-QADObject -Type organizationalunit -Identity $ou
         Get-QADUser -Email "*$ou*" |
              Move-QADObject -NewParentContainer $newParent -whatif
    }
    


    ¯\_(ツ)_/¯

    • Proposed as answer by jrv Friday, April 18, 2014 6:18 PM
    • Marked as answer by Just Karl Tuesday, June 2, 2015 10:49 PM
    Friday, April 18, 2014 7:05 AM
  • Jrv

    Thanks for your response. This was my first time posting here so I don't have a full understanding of how things work.

    Sorry for the confusion, your points are duly noted.  I resolved my issue by removing the Select CononicalName. 

    The script above was not completed because I was just playing with each section. 

    As you stated in your response  "Take your task one step at a time".  

    You are right all I wanted to know was why my array values were formatted with @{CanonicalName=domain.com/domain} instead of just domain.com/domain.

    If I run the same command (Get-QADObject -type organizationalunit |Where-Object {$_.name -like "$ou"} |select CanonicalName) at the powershell console, the output is formatted with "domain.com/domain

    However, once I store the values in an array the values are formatted different @{CanonicalName=domain.com/domain} 

    This has happened to me several times and I always just use a workaround but its has happened often enough that I think its time I understand why. If anyone can point me to some documentation that explains why this happens it will be greatly appreciated.

    Thank you very much for your help.

    Friday, April 18, 2014 12:43 PM
  • That is a noteproperty, Powershell  will output to the console with the CanonicalName as a table header but the object is still a noteproperty and is fully represented with the @{...}

    Try

    select -expand CanonicalName

    to get rid of the @{ ... } business


    I hope this post has helped!


    Friday, April 18, 2014 5:55 PM
  • That is a noteproperty, Powershell  will output to the console with the CanonicalName as a table header but the object is still a noteproperty and is fully represented with the @{...}

    Try

    select -expand CanonicalName

    to get rid of the @{ ... } business


    I hope this post has helped!


    The canonical name is not the issue.  It is the whole approach and code. There was never a need for the canonical name since the OU was directly specified.  The OP just didn't realize that the CmdLet gets the object by name.  His method waould possibly return all objects of type for no reason.


    ¯\_(ツ)_/¯

    Friday, April 18, 2014 6:18 PM