This may help explain why your filter is not supported: http://blogs.technet.com/b/efleis/archive/2004/11/17/258710.aspx
CanonicalName is a constructed attribute in AD, so you cannot use it in a search filter. You have to explicitly ask for that attribute to be returned so you can view it. Once it that attribute is constructed and returned, you and then pipe that result to where-object to “filter” for what you are looking for, as you did in your working “slow” example. That is why you are having issues using that value as a filter. There are other ways to accomplish what you want. Why don’t you just return DistinguishedName instead of CanonicalName, since that is what you need to pipe into get-aduser anyway? Maybe one of the following searches may work to pull something useful for you? (Get-ADOrganizationalUnit -Filter " Name -eq 'OU' ").DistinguishedName Get-ADOrganizationalUnit -LDAPFilter "(&(objectclass=organizationalUnit)(OU=OU))" -Properties CanonicalName Get-ADOrganizationalUnit -Filter "Name -eq 'OU'" -Properties CanonicalName From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Aakash Shah Sent: Wednesday, November 12, 2014 11:50 PM To: powershell@lists.myITforum.com Subject: RE: [powershell] RE: Search For OU Using Filter With CanonicalName in AD Thanks for the information. I had come across that but was hoping there was a simpler way. However, it appears that there may not be. If anyone has any other tricks/shortcuts that they’ve used for this scenario, please let us know. Thanks, -Aakash Shah From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Isaac Holmes Sent: Wednesday, November 12, 2014 8:19 PM To: powershell@lists.myITforum.com<mailto:powershell@lists.myITforum.com> Subject: Re: [powershell] RE: Search For OU Using Filter With CanonicalName in AD http://windowsitpro.com/active-directory/translating-active-directory-object-names-between-formats On Wed, Nov 12, 2014 at 11:02 PM, Damien Solodow <damien.solo...@harrison.edu<mailto:damien.solo...@harrison.edu>> wrote: Perhaps something like this: http://poshcode.org/512http://poshcode.org/512 ? DAMIEN SOLODOW Systems Engineer 317.447.6033<tel:317.447.6033> (office) 317.447.6014<tel:317.447.6014> (fax) HARRISON COLLEGE ________________________________ From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] on behalf of Aakash Shah [aakash.s...@uci.edu<mailto:aakash.s...@uci.edu>] Sent: Wednesday, November 12, 2014 10:48 PM To: powershell@lists.myITforum.com<mailto:powershell@lists.myITforum.com> Subject: [powershell] RE: Search For OU Using Filter With CanonicalName in AD If I have the canonical name “domain.com/OU”, I am looking for a way to convert this into its corresponding DN value of “OU=OU,DC=domain,DC=com”. I plan to then use this to feed other cmdlets like Get-ADUser where the -SearchBase parameter appears to expect a DN value. In my earlier email, I was attempting to search AD for the canonical name using the “-Filter” parameter in Get-ADOrganizationalUnit since it appears to have CanonicalName as an attribute, but I was unsuccessful. My apologies for the confusion. Thank you, -Aakash Shah From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Michael B. Smith Sent: Wednesday, November 12, 2014 7:27 PM To: powershell@lists.myitforum.com<mailto:powershell@lists.myitforum.com> Subject: [powershell] RE: Search For OU Using Filter With CanonicalName in AD I don’t understand what you are asking for. Please give an example… From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Aakash Shah Sent: Wednesday, November 12, 2014 9:59 PM To: powershell@lists.myITforum.com<mailto:powershell@lists.myITforum.com> Subject: [powershell] Search For OU Using Filter With CanonicalName in AD Is there a clean/efficient way to filter for a canonical name in AD? I tried the following but it did not work: Get-ADOrganizationalUnit -Filter 'CanonicalName -eq "domain.com/OU<http://domain.com/OU>"' -Properties 'CanonicalName' When I looked up other solutions, I found some sources where the string is parsed and manually pieced together as a DN entry, but I would like to avoid that preferably. I was able to previously do this with the Quest cmdlets but I am working on moving away from them and am trying to find equivalent approaches, if possible. I can pipe Get-ADOrganizationalUnit to a Where cmdlet to then do a search, but it is much slower: Get-ADOrganizationalUnit -Filter * -Properties 'CanonicalName' | Where-Object {$_.CanonicalName -eq 'domain.com/OU<http://domain.com/OU>'} Or, if anyone has information on using built in commands to convert a canonical name to a DN value, that would also be appreciated (the solutions I found also manually pieced each block together). Thanks, -Aakash Shah ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 -- Isaac Holmes IT Engineering Specialist University of Notre Dame 320 IT Center Notre Dame, IN 46556 (574) 631-3254 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1
