Active Directory - Parsing a 'Multi-Line' Description Property

Interesting one this...

A customer had some information they needed to obtain from the description property on an object. The information was 'multi-valued' and saved as a Unicode string. What am I talking about?

Here's the string in the attribute editor of Active Directory Users and Computers (note the ';' delimiter):

Here it is in the Multi-valued String Editor:

Here's what happens when the object is retrieved with PowerShell:

What happened to those other values?!

Take a look at the description of the object in the GUI:

What happened to those other values?!

The customer wanted to search the 'multi-valued' description for a particular string. Obviously, the bit they wanted to check wasn't in the description returned by Get-ADObject! What to do?

 

[adsisearhcer] Saves the Day!

$Search = 'sweetdreams*'

$Objects = Get-ADObject -SearchBase "CN=Policies,CN=System,DC=halo,DC=net" -SearchScope OneLevel -Filter {Description -like "*"}

foreach ($Object in $Objects) {

$MultiDescription = ([adsisearcher]"(distinguishedname=$($Object.DistinguishedName))").FindOne().properties.description

if ($MultiDescription -like $Search) {

$Found = $MultiDescription -split " " | Select-String $Search

Write-Output $Found

}

}

The interesting bits:

• Get-ADObject returns any objects from the Policies container that have a populated description
• These are saved to an array and then checked individually
• [adsisearcher] is used to connect to the individual object and pull back the 'multi-valued' description property - $MultiDescription
• This is then split by value and checked for a particular string
• If matched the value will be returned as the contents of $Found

 

Fun in the [adsisearcher] type accelerator sun!