How Can I Get the “Grandparent” of an Object in Active Directory?

Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I get the “grandparent” of an object in Active Directory?

— JG

Spacer Hey, Scripting Guy! Answer Script Center

Hey, JG. Wait a second: is this “grandparent” thing some sneaky reference to the fact that the Scripting Guys (well, except for Jean, of course) are all starting to show their age a bit? OK; we just wanted to make sure. (Editor’s Note: Yes, that originally said “except for Greg,” but it’s the editor’s job to keep these articles accurate….)

Note. It’s not that the Scripting Guys (well, except for Jean, of course) aren’t getting old; it just doesn’t seem very sporting to rub it in. Although at their age they probably won’t remember what was said about them anyway.

Actually, what JG is referring to is this. Suppose we have an Active Directory object with the following ADsPath:

In this case, the Ken Myer user account can be found in the Finance OU; that makes the Finance OU the parent object for this account. Meanwhile, the Finance OU can be found in; that makes the parent object for the Finance OU. And because the parent of a parent is a grandparent, is also the grandparent of the Ken Myer user account.

Interesting historical fact. National Grandparents Day falls each year on the first Sunday after Labor Day. This holiday was started by a married couple that had 40 grandchildren. The Scripting Guys fully support the idea of a Grandparents Day; after all, who could be more deserving? Still, we find it interesting that Grandparents Day was started by a couple who would then be eligible to receive 40 additional gifts each and every year.

Say, did we mention that January 11th is Scripting Guys Day…?

Here’s a script that can determine the grandparent for an Active Directory object:

That’s right: this is very easy. That’s because Active Directory objects all have a Parent attribute that returns the ADsPath to the parent object. That’s the secret to determining the grandparent of an object. The script begins by binding to the Ken Myer account in Active Directory. We then encounter this line of code:

All we’re doing here is binding to the parent object for the Ken Myer account (objUser.Parent). As we noted, the Parent attribute returns the ADsPath for the parent object; in this case, that’s LDAP://ou=finance, dc=fabrikam, dc=com. After we’ve made a connection to the Finance OU we can then echo back the value of its Parent attribute:

As we noted, the parent of the parent will be the grandparent of the Ken Myer account.

Hey, no need to thanks us. Just be sure to mark January 11th on your calendar and we’ll call it good.


No Comment.