CODEWITHSUNDEEP
powershelladsi
Matthias Güntert
Matthias Güntert

Reputation: 4667

Putting together an ADSI LDAP query

I am searching through the active directory for users under a specific organisation unit, that I would like to change using ADSI. 

# get all users from the organizational unit
$accounts = Get-ADObject -filter 'objectClass -eq "user"' -SearchBase $dsn 

# iterate over user objects 
foreach ($account in $accounts) {
    # unfortunately we have to use ADSI over the set-aduser cmdlet as we neeed to touch remote desktop attribues
    $user = [ADSI]"LDAP://" + ($account.DistinguishedName).ToString()

    # get logon name 
    $SamAccountName = $user.psbase.InvokeGet("SamAccountName")

    # Profile Attributes
    $user.psbase.InvokeSet("ProfilePath", "")
    $user.psbase.InvokeSet("ScriptPath", "DIR\Logon.cmd")
    $user.psbase.InvokeSet("HomeDrive", "H:")
    $user.psbase.InvokeSet("HomeDirectory", "\\host\users$\${SamAccountName}")

    # Remote Desktop Services Attributes
    $user.psbase.InvokeSet("TerminalServicesProfilePath", "")
    $user.psbase.InvokeSet("TerminalServicesHomeDirectory", "\\host\users$\${SamAccountName}")
    $user.psbase.InvokeSet("TerminalServicesHomeDrive", "H:")

    # Write attributes back to global catalog
    $user.SetInfo()
}

This all works fine, until it comes to the $user = [ADSI]"LDAP://" + ($account.DistinguishedName).ToString() part. 

Method invocation failed because [System.DirectoryServices.DirectoryEntry] does not contain a method named 'op_Addition'.
At \\tsclient\D\SourceCode\PowerShell\Set-ADUserAttributes.ps1:37 char:5
+     $user = [ADSI]"LDAP://" + ($account.DistinguishedName).ToString()
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (op_Addition:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound

Exception calling "InvokeGet" with "1" argument(s): "Unspecified error
"
At \\tsclient\D\SourceCode\PowerShell\Set-ADUserAttributes.ps1:40 char:5
+     $SamAccountName = $user.psbase.InvokeGet("SamAccountName")
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

It seems there is no query getting executed. However, $account.DistinguishedName contains the correct LDAP path (which I have tested manually).

So what am I doing wrong here?.

Upvotes: 1

Views: 5387

Answers (2)

Ansgar Wiechers
Ansgar Wiechers

Reputation: 200563

The casting operation has higher precedence than the concatenation operation, so you need to do the concatenation in a subexpression, either like this:

[adsi]("LDAP://" + $account.DistinguishedName)

or like this:

[adsi]"LDAP://$($account.DistinguishedName)"

The distinguished name is automatically converted to a string here, so you don't need to manually call ToString().

Upvotes: 1

mjolinor
mjolinor

Reputation: 68341

You're trying to append to an ADSI object by casting "LDAP://" as [ADSI] before you do the append.

Cat your strings first, then do the cast:

$user = [ADSI]("LDAP://" + $account.DistinguishedName)

Upvotes: 2

Related Questions