none
unable to update "manager" AD attribute

    Question

  • Windows Server 2008 R2

    i have this code that i use to update our employee information in AD (created thanks to all the good people in this forum). today, i have to update the manager AD attribute but it keep saying like invalid ID. so i was forced to create a separate script just for updating the manager attribute. here is the script that doesn't work for the manager attribute:

    Import-CSV 'D:\Documents\16Apr2017.csv' | foreach-object {
    
    $hash = @{
    	givenName = $_.fname
    	sn = $_.lname
    	company = $_.comp
    	title = $_.title
    }
    
    if ($_.func) { $hash["department"] = $_.func }
    if ($_.physicalDeliveryOfficeName) { $hash["physicalDeliveryOfficeName"] = $_.dept }
    if ($_.address) { $hash["msExchExtensionAttribute17"] = $_.address }
    if ($_.city) { $hash["msExchExtensionAttribute18"] = $_.city }
    if ($_.zip) { $hash["msExchExtensionAttribute20"] = $_.zip }
    if ($_.phone) { $hash["Comment"] = $_.phone }
    if ($_.loc) { $hash["msExchExtensionAttribute19"] = $_.loc }
    if ($_.manager) { $hash["manager"] = $_.manager }
    
    echo $hash
    echo " "
    
    # $ErrorActionPreference = 'Stop'
    # $Error.Clear()
    try {
        Set-ADuser -Identity $_.ID -Replace $hash
        echo "record saved" $_.ID
        echo " "
        echo "---------------------------------------------------------------------"
    }
    catch {
        Write-Output "$_.ID does not exist"
    
    }
    }

    and here is the separate script just to update the manager attribute:

    $Users = Import-CSV 'D:\Documents\16Apr2017.csv'
    foreach ($User in $Users) 
     { 
     Set-ADUser $User.ID -Manager $User.manager 
     }

    what could i be missing in the first script?

    Sunday, April 16, 2017 1:14 PM

Answers

  • The -Manager parameter of the Set-ADUser cmdlet accepts either the sAMAccountName or the distinguishedName of the manager. But the manager attribute itself must be the distinguishedName. The -Manager parameter converts the sAMAccountName for you, but when you use the -Replace parameter, you are assigning a value to the manager AD attribute directly, so it must be a distinguished name.

    Either enter the distinguishedNames for managers in the CSV, or perhaps use both the -Replace parameter and the -Manager parameter in one Set-ADUser statement. You can assign the value of manager in your CSV file to a variable, then pass that to the -Manager parameter.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Sunday, April 16, 2017 7:27 PM

All replies

  • The -Manager parameter of the Set-ADUser cmdlet accepts either the sAMAccountName or the distinguishedName of the manager. But the manager attribute itself must be the distinguishedName. The -Manager parameter converts the sAMAccountName for you, but when you use the -Replace parameter, you are assigning a value to the manager AD attribute directly, so it must be a distinguished name.

    Either enter the distinguishedNames for managers in the CSV, or perhaps use both the -Replace parameter and the -Manager parameter in one Set-ADUser statement. You can assign the value of manager in your CSV file to a variable, then pass that to the -Manager parameter.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Sunday, April 16, 2017 7:27 PM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 21, 2017 8:39 AM
    Moderator