Split escaped characters

  • My network admins, in their wisdom, created admin accounts for us developers for those time when we simply must have some privileges.

    As you can see, my CN appears to be based on my DisplayName (Admin-LastName, Paul) rather than a concatenation of my FirstName and sn (Paul and Admin-LastName, respectively).

    CN=Admin-Lastame\, Paul,OU=Users,OU=Data_Admins,OU=Admins,DC=....

    My problem is that I need to split the CN based on comma, and don't know how to get -split to ignore the escaped comma after Admin-LastName.

    I was not able to find, among the myriad examples in the split docs on Technet, this kind of case.

    How do I do this? Do I need to replace the escape?

    For that matter, is there a better way of getting to the endpoint, which is, I need a list of all AD groups and their members in a FirstName.LastName format, not using QAD cmdlets?

    TIA.

  • I do not do much AD work these days, let alone from PowerShell, but I do know of the AD cmdlets MS published. http://technet.microsoft.com/en-us/library/ee617195

    Here is what I got (using replacement) with some basic PS in case you proceed down the current path. I could not find a slick split option or similar built into PS:

    $str = 'CN=Admin-Lastame\, Paul,OU=Users,OU=Data_Admins,OU=Admins'

    #$str

    [string[]]$a = $str.Replace('\,', '~~~').Split(',')

    #$a

    #$a.Count

    for ($i=0; $i -lt $a.Count; $i++)

    {

    $a[$i] = $a[$i].Replace('~~~',',')

    }

    $a

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

  • Here's a regex that might work for you.

    $cn = 'CN=Admin-Lastame\, Paul,OU=Users,OU=Data_Admins,OU=Admins,DC=....'

    $pat = 'CN=\w+\-(\w+)\\,\s+(\w+),.*$'

    [regex]::Replace($cn, $pat, '$2 $1')

    It returns Paul Lastame

    Edit: just reread your op. rewritten for just firstname lastname

    Edit2: I knew that original regex wouldn't handle two word last names like St. James or hyphenated names which was why I said "might work". Anyway while playing golf with the regex I modified it to handle hyphens and two word last names. If you don't have those kind of names the original works. Replace with the pattern below if you do.

    $pat = 'CN=Admin-(\w.+)\\, (\w+),.*$'

  • Never mind...

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.


    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

  • @opc.three: thanks. I can't wait for the time when we move on from XP :-), and I can begin using those AD cmdlets.

    @bruce-2: thanks for that. I can see I''m finally going to have to learn regex.

  • With that thought in mind, let me ask... do you really need to do this in PowerShell or is the ultimate target of your efforts to have something stored in T-SQL???

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.


    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

  • We grant SQL Server / DB access to Windows groups.

    We determine which version of the app (read "Server"), which projects (read "databases") users can see, as well as what functionality is enabled, based on group membership.

    Ultimate goal is to have a table containing AD Group Name and samaccountname.

    Currently doing this in PS because the custom system stored proc I'd been using in SQL2K is not allowed in SQL 2K8.

    The table needs to be refreshed every 15 minutes or so, as users are added/shuffled around.

    We have ~800 groups.

    Takes 19 seconds in PS + 3 to import to SQL Server, 50 seconds in T-SQL using xp_logininfo and xp_enumgroups and a cursor.

    Also, xp_logininfo only returns results for groups granted server access.

  • schleep (7/10/2012)


    @opc.three: thanks. I can't wait for the time when we move on from XP :-), and I can begin using those AD cmdlets.

    Bummer. I am in the same boat at the current shop on the desktop (I wanted to give them a quick spin). Seeing your setup however I am surprised you do not have an app server you could use for this. Granted, you would need one to develop on before releasing it into the wild, but sometimes with these types of system admin tasks that's a good thing.

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

  • The edict came from on high a couple of years ago: NO NEW SERVERS! (except when a prod box dies).

  • Booo 😛

    You could explore the possibility of using the command line tool dsquery which is available on XP. I have used it before, but never for automation. However with PS it may be a cinch to use stdout coming from it.

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

  • dsquery doesn't appear to be supported on XP.

    Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2008, Windows Server 2008 R2

    I get ...not recognized as an internal or external prog...

  • I have it installed on my XP workstation and I think it came with the Admin Tools Pack. I installed it so I could easily look up AD group members from my XP workstation as it also installs the handy AD MMC snap-in 😉

    Look here for section Finding Windows Server 2003 Administration Tools Packs.

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

  • Found it.

    It works, although it doesn't appear to be faster than my current solution.

    I'll keep at it...

    P

  • See if something like this is interesting to you. I get something like this, which should be easily parseable by PS:

    C:\>dsquery group domainroot -limit 2 | dsget group -members | dsget user -fn -ln -email -c

    Dsquery has reached the specified limit on number of results to display; use a different value for the -limit option to display more results

    . fn ln email

    Jane Doe jane.doe@domain.com

    John Doe john.doe@domain.com

    LastNameButNoFirstName LastNameButNoFirstName@domain.com

    dsget succeeded

    I limited the initial query to 2 so I would not bring by my entire directory.

    You can also add -L to the last dsget which may result in output that is easier to parse:

    C:\>dsquery group domainroot -limit 2 | dsget group -members | dsget user -fn -ln -email -c -L

    Dsquery has reached the specified limit on number of results to display; use a different value for the -limit option to display more results

    .fn: Jane

    ln: Doe

    email: jane.doe@domain.com

    fn: John

    ln: Doe

    email: jane.doe@domain.com

    fn:

    ln: LastNameButNoFirstName

    email: LastNameButNoFirstName@domain.com

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

Viewing 14 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic. Login to reply