I'm trying to make a report for some managers that shows who is listed as the "Managedby" for a list of groups. Not every group has a managedby listed. The groups are in different domains or child domains.  The user (or group) in the managedby attribute for the group could be in a different domain as well. Now the following script works great for getting the information:

$results = @()
$groups = Get-Content "C:\Temp\Groups.txt"
ForEach($group in $groups)
    {
    $results += Get-ADObject -Server "GlobalCatalog.Server.com:3268" -Filter {name -eq $group} -property msDS-PrincipalName, name, managedby, whenCreated, whenChanged, description, info|
    Select-Object  msDS-PrincipalName, name, managedby, whenCreated, whenChanged, description, info
    }$results| export-csv "C:\Temp\Groups-info.csv" -NoTypeInformation

My isssue is the "Managedby" attribute is a DN value, not real Non-techincal manager real reader friendly. I'm trying to format the Managedby attribute into something more reader friendly. Does anyone have any ideas? I have been trying something like the following but with no luck. Really any and all help is appreciated

$results = @()
$groups = Get-Content "C:\Temp\Groups.txt"
ForEach($group in $groups)
    {
    $results += Get-ADObject -Server "GC.Server.com:3268" -Filter {name -eq $group} -property msDS-PrincipalName, name, managedby, whenCreated, whenChanged, description, info|
        ForEach-Object{
            $ManagedByName = Get-ADObject -Server "GC.Server.com:3268" -Filter {$results.managedby} -Properties cn
            $ManagedByNTID = Get-ADObject -Server "GC.Server.com:3268" -Filter {$results.managedby} -Properties msDS-PrincipalName
            $ManagedByObjClass = Get-ADObject -Server "GC.Server.com:3268" -Filter {$results.managedby} -Properties ObjectClass
        }|Select-Object msDS-PrincipalName, name, managedby, $ManagedByName, $ManagedByNTID, $ManagedByObjClass, whenCreated, whenChanged, description, info
    
    } $results| export-csv "C:\Temp\Groups-info.csv"

Use the Translate-ADName.ps1 script to translate the DN to whatever format you want.

Bill,

thanks for the reply, but how do I get the translate-adname.ps1 to tell me if the mangedby attribute is a user or a group?

When I ran the following script:

$results = @()
$groups = Get-Content "C:\Temp\Groups.txt"
ForEach($group in $groups)
    {
    $results += Get-ADObject -Server "GC.Server:3268" -Filter {name -eq $group} -property msDS-PrincipalName, name, managedby, whenCreated, whenChanged, description, info|
            ForEach-Object{
            $ManagedByName = "C:\Scripts\PS-Scripts\Translate-ADName.ps1" Display "$group" -InitType server -InitName "GC.Server:3268"
            $ManagedByNTID = "C:\Scripts\PS-Scripts\Translate-ADName.ps1" NT4 "$group" -InitType server -InitName "GC.Server:3268"
            }|Select-Object msDS-PrincipalName, name, managedby, $ManagedByName, $ManagedByNTID, whenCreated, whenChanged, description, info
    }$results| export-csv "C:\Temp\Test-Groups-info.csv"

I get the following error:

C:\Scripts\PS-Scripts\Translate-ADName.ps1 : Exception calling "InvokeMember" with "5" argument(s): "The list of RPC servers available for the binding of auto handles has been exhausted. 
(Exception from HRESULT: 0x800706EC)"

Any other suggestions?

This would be a more PowerShell-like approach:

Bill,

I want to thank you for taking the time to reply and showing me a differernt way to think about using powershell. I'm still learning about what can be done and how to make the scripts more efficent with powershell. So for you to take the extra time and write out the previous script I do truely appreciate it.

So I ran the script you provided and I ran into two issues. 1st while it does make the columns ManagedbyDisplayName and MangedbyNTName there aren't any values in the columns. Now I'm most likely wrong, but I would have guessed it would give me the NTName and Display name of the original group, not the mangedby?

The reason I thought that was the 2nd thing I need is if the object listed in managedby is what type of object it is. Since I want to get what type of object the managedby. I tried to kind of follow your example I included the following:

      @{Name="managedByType";
      Expression={Get-ADObject -Server "GC.Server:3268" -Filter {DistinguishedName -eq $_.DistinguishedName} -Properties ObjectClass}},

which produced the managedbyType column and column of @{objectClass=group}, So the ?script block? part isn't doing what I thought it should be doing in searching for the mangedby (by DN) and selecting that objects object class. I do appologize for my lack of understanding but I'm just trying to learn and If I don't ask then I figure its my own fault for just not asking.

If you or anyone can help I would be more than willing to try and learn.

Sorry, you're correct - those calculated properties are getting display and NT4 name for the base group, not the DN specified in the managedBy attribute. I meant to write these two lines:

I'm still not gettting any values in the columns

Bill,

I modified your script and as of now I'm not using the Translate-ADName.ps1, but I am getting the values I 'm looking for....well kind of here is the script I working on:

get-content "C:\Temp\Test-Groups.txt" | foreach-object {
  $params = @{
    "Filter" = { Name -eq $_ }
    "Properties" = @("msDS-PrincipalName", "name","managedBy","ObjectClass", "whenCreated","whenChanged","description","info")
    "Server" = "CG.server.com:3268"
  }
  get-adobject @params | select-object msDS-PrincipalName, name, managedBy,
    @{Name="managedByDisplayName";
      Expression={Get-ADObject -Server "GC.server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} -Properties cn |Select cn}},
    @{Name="managedByNTName";
      Expression={Get-ADObject -Server "GC.server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} -Properties msDS-PrincipalName|Select msDS-PrincipalName}},
      @{Name="managedByType";
      Expression={Get-ADObject -Server "GC.server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} -Properties ObjectClass |Select ObjectClass}},
    whenCreated,whenChanged, description, Info
} | export-csv "C:\Temp\Test-Groups-info.csv" -notypeinformation

The part I don't understand entirely is the out-put.....It does give me the information I want, BUT each of the values has @{%requested-Attribute%=%Value-of-Attribute%} Ex: @{cn=LastName, FirstNam

Try adding -expandproperty to your select-object commands.

Bill,

YOU ROCK!!!!, Thank you SOOOOOO much for your help. That was the last part. In case someone in the future is looking through forums here is the final script I used to get the information I needed:

get-content "C:\Temp\Groups.txt" | foreach-object {
  $params = @{
    "Filter" = { Name -eq $_ }
    "Properties" = @("DistinguishedName", "msDS-PrincipalName", "name","managedBy","ObjectClass", "whenCreated","whenChanged","description","info")
    "Server" = "GC.Server.com:3268"
  }
  get-adobject @params | select-object @{Name="Domain\GroupName";
    Expression={Get-ADObject -Server "GC.Server.com:3268" -Filter {DistinguishedName -eq $_.DistinguishedName} -Properties msDS-PrincipalName |Select -expandproperty msDS-PrincipalName}},
    name, 
    @{Name="managedBy Display Name";
      Expression={Get-ADObject -Server "GC.Server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} -Properties cn |Select -expandproperty cn}},
    @{Name="managedBy Domain\UserName";
      Expression={Get-ADObject -Server "GC.Server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} -Properties msDS-PrincipalName |Select -expandproperty msDS-PrincipalName}},
    @{Name="managedBy Type";
      Expression={Get-ADObject -Server "GC.Server.com:3268" -Filter {DistinguishedName -eq $_.managedBy} |Select -expandproperty ObjectClass}},
    whenCreated,whenChanged, description, Info
} | export-csv "C:\Temp\Groups-info.csv" -notypeinformation

Bill is DA MAN!!!!!