We are considering a webapp to manage some aspects of AD groups which have a managedby attribute.  This allows Outlook Web Access (OWA) accounts to get at the Members attribute.

The example i found used get-adgroup.  So i tried it.  No soap.

Went to one of our AD servers and still didn’t work.  Load-Module ActiveDirectory was really fast and allowed me to test in the ISE.  Also means that with this module, i can run scripts and not have to worry about the AD Command shell.

get-adgroup -filter {Name -like "Shared*"}

worked as expected and when i piped the output to |measure-object, i got the count.

get-adgroup -filter {Name -like "Shared*"} -properties managedby | select name, properties

This code did NOT work (returned curly braces for every group.  Which on reflection is expected.  I found that appending managedby to the properties switch would add the managedby property to the standard output of

get-adgroup -filter {Name -like "Shared*"} -properties managedby

or to get less, which is more of what we want, to this

get-adgroup -filter {Name -like "Shared*"} -properties managedby | select name, managedby

Some of the managedby entries are blank.  To count those i was not able to use the filter to distinguish entries with managedby blank, so i returned everything and did a select-object like this, piped to measure-object to get the count.

get-adgroup -filter {Name -like "Shared*"} -properties managedby | 
select name, managedby|where-object {$_.managedby -like "CN*"}|measure-object

you DO remember that in Powershell, the pipe acts like a continuation, so that the code above on two lines runs without complaint.  And is considerably easier to read.  The backtick (`) is the formal continuation character, but is not that easy to see in code.

This entry was posted in Uncategorized. Bookmark the permalink.