System Center Orchestrator 2012: Active Directory IP – Get User Activity – How to search for Distinguished name!

Today I am working on Runbooks for Configuration Manager 2012.

Part of this runbook has to find a user in the active directory, and afterwards find his manager’s email address, before sending an email to the manager.


So I start by search for the user in the “Get User ” Activity.

I get the result, and have the “manager” field as Distinguished Name format.

I setup the “Get manager” (Get user activity), and need to set the filters to search for this DN.

Problem is that it is not possible to select DistinguishedName as filter!!


What to do………….. First of I spend some time complaining, but when I was done crying I figured something out! 😉

by reading the manual at

you will see that it is possible to set different properties for the search.

These properties include



Valid Values


If true, only the Distinguished Name property will be returned instead of all properties


Search Root

The distinguished name of the node in the Active Directory Domain Services hierarchy where the search starts


Search Scope

The scope of the search that is observed by the server. The options are Base, OneLevel or SubTree.


Oh! We can use the “Search root” to select where we want to start our search! This means I can map the manager DN to this property and define no filters, and our result will be the user!


I did also define the “Search scope” as base. This means I will not search in any sub objects of the root object. (since a user is not a container, it is not possible to have any subs, but I seemed to perform faster anyway.

So there you have it! How to search for DN by using “Get User”

By | 2012-01-04T10:16:53+00:00 January 4th, 2012|Automation|6 Comments

About the Author:

Jakob Gottlieb Svendsen

Twitter: @JakobGSvendsen

Jakob Gottlieb Svendsen is a Microsoft Cloud and Data Center Management MVP (, Working as Global Lead Developer, Senior Consultant and Trainer at CTGlobal, where he is one of the driving forces in keeping CTGlobal a System Center Gold Partner and member of the System Center Alliance.

Since he started at Coretech in 2007, he has focused on Scripting and Development, primarily developing tools, extensions and scripts for the System Center Suite. His main area is Automation (including OMS/Azure Automation, Service Management Automation, PowerShell and Orchestrator). Another area is Windows Azure Pack / Azure Stack, where he does implementation, development, workshops and presentations. He is a world-wide renowned voice in the Automation field.

He is passionately devoted to the community, to which he contributes by being a moderator at TechNet and sharing his knowledge at

  • Co-founder: PowerShell User Group Denmark
  • Speaker at MMS 2016, Minneapolis (
  • SCU Europe 2014, 2015, 2016 (
  • Microsoft TechEd North America 2014, Houston
  • NIC 2012,2013,2014,2015, Oslo (
  • Microsoft CampusDays 2011, 2013, Copenhagen
  • Microsoft TechDays 2015, Sweden (
  • Microsoft Partner Event: New in SC2012 SP1
  • User group meetings (PSUG.DK , SCUG.DK/BE/NO, AZMUG + more)
  • Microsoft Certified Trainer.
  • Microsoft Scripting Guys Forum Moderator

Main working areas:

  • Automation (Azure Automation, SMA, SCO)
  • Windows Azure Pack / Azure Stack
  • System CenterVisual Studio Team Services / Team Foundation Server
  • Development:C#.Net, VB.NET, VBScript, PowerShell, Service Manager, OpsMgr, ConfigMgr
  • Orchestrator
  • Windows Azure Pack / Azure Stack


  • Azure Automation
  • Service Management Automation
  • System Center Orchestrator
  • PowerShell, VBScript, C#.Net, VB.Net
  • Windows Azure Pack / Azure Stack Development Workshops


  1. […] System Center Orchestrator 2012: Active Directory IP – Get User Activity – How to search… […]

  2. Casey Robertson April 4, 2013 at 18:43 - Reply

    This was a good tip – I am creating a runbook to notify the Assigned To User’s manager if the SLA goes to Warning or Breach. Testing it now. Thanks!

  3. Martin Korsgaard October 9, 2013 at 13:20 - Reply

    Nice guide but for some reason I had to prefix the Search Root with LDAP:// or else I got an error when looking up the manager through the DN.

    The result is then Search Root: LDAP://{Manager from ‘Get User’}


    • Jakob Gottlieb Svendsen
      Jakob Gottlieb Svendsen October 9, 2013 at 13:45 - Reply

      hello martin

      weird. never had to do that myself.

      are you sure you are not using the AD IP from codeplex? 🙂

  4. […] System Center Orchestrator 2012: Active Directory IP – Get User Activity – How to search for Dis… […]

  5. vatsal December 1, 2014 at 12:44 - Reply

    Hi Jakob,

    Really good article. Can you please let me know how that can search based on existing windows logon name. I have a AD env. which sets windows logon based on first letter of first and last name and we want to get it done automated using get user activity.

Leave A Comment