none
Use Get-ADuser and Set-ADUser Powershell to set extended Schema attribute with concatenation of sAMAccountName and my.domain RRS feed

  • Question

  • Thanks in advance for any help.

    I have been trying various ways to set the value of an attribute added to the AD DS schema.

    Attribute "googleAppsDomain" is a Case Insensitive string.

    Test users located at "ou=Users Test OU,ou=MYDOMAIN USERS,dc=MYDOMAIN,dc=LOCAL".

    Using:

    Get-ADUser -SearchBase 'ou=Users Test OU,ou=MYDOMAIN USERS,dc=MYDOMAIN,dc=LOCAL' -filter * | ForEach { Set-ADUser -googleAppsDomain "$($_.SamAccountName + '@MYDOMAIN.COM')" }

    returns:

    cmdlet Set-ADUser at command pipeline position 1
    Supply values for the following parameters:
    Identity:

    So I try:

    Get-ADUser -SearchBase 'ou=Users Test OU,ou=MYDOMAIN USERS,dc=MYDOMAIN,dc=LOCAL' -filter *| ForEach { Set-ADUser -Identity "$_.samAccountName" -googleAppsDomain "$($_.samAccountName + '@MYDOMAIN.COM<')" }

    Which Returns:

    Set-ADUser : Cannot find an object with identity: 'CN=Some
    User,OU=Staff,OU=Users Test OU,OU=MYDOMAIN USERS,DC=MYDOMAIN,DC=LOCAL.samAccountName' under: 'DC=MYDOMAIN,DC=LOCAL'.
    At line:1 char:97
    + Get-ADUser -SearchBase 'ou=Users Test OU,ou=MYDOMAIN USERS,dc=MYDOMAIN,dc=LOCAL'
    -filt ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~
        + CategoryInfo          : ObjectNotFound: (CN=Test User....samAccountName:ADUser) [Set-ADUser], ADIdentityNotFoundException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.
       Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.SetADUser

    This for each of the users that are there and it lists their names correctly in the errors. 

    I've also tried these variations: sAMAccountname, SamAccountName and samAccountName. I finally figured out it may be because it's not a "commonly used" attribute. So documentation seams to say to use -Add.

    So I use:                                                                                                                                                                                   Get-ADUser -SearchBase 'ou=Users Test OU,ou=MYDOMAIN USERS,dc=MYDOMAIN,dc=LOCAL' -filter * | Set-ADUser [-Identity] "$_.SamAccountName" -Add @{googleAppsDomain="$($_.SamAccountName + '@MYDOMAIN.COM')"}                                                                                                                                                                                                                                     I get:                                                                                                                                                                                      

    Set-ADUser : The input object cannot be bound to any parameters for the
    command either because the command does not take pipeline input or the input
    and its properties do not match any of the parameters that take pipeline input.
    At line:1 char:88
    + Get-ADUser -SearchBase 'ou=Users Test OU,ou=MYDOMAIN USERS,dc=MYDOMAIN,dc=LOCAL'
    -filt ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~
        + CategoryInfo          : InvalidArgument: (CN=Some User...DC=MYDOMAIN,DC=LO
       CAL:PSObject) [Set-ADUser], ParameterBindingException
        + FullyQualifiedErrorId : InputObjectNotBound,Microsoft.ActiveDirectory.Ma
       nagement.Commands.SetADUser

    I've also tried populating the OtherName attribute with no luck. 

    I could use some constructive criticism about the achieving the desired results with the Script:-D!


    • Edited by darcfyre Wednesday, July 1, 2015 2:16 PM Typo
    Wednesday, July 1, 2015 2:13 PM

Answers

  • Nope - won't work like that.

    $serachbase='ou=Users Test OU,ou=MYDOMAIN USERS,dc=MYDOMAIN,dc=LOCAL'
    Get-ADUser -SearchBase $searchBase -filter * | 
        ForEach-Object{
            Set-ADUser $_.SamAccountName -Add @{GoogleAppsDomain="$($_.SamAccountName)@MYDOMAIN.COM" }
        }
    

    Optional and Custom attributes have to bee added or replaced explicitly.


    \_(ツ)_/

    • Proposed as answer by Braham20 Wednesday, July 1, 2015 2:43 PM
    • Marked as answer by darcfyre Wednesday, July 1, 2015 3:18 PM
    Wednesday, July 1, 2015 2:36 PM

All replies

  • Does this work?

    Get-ADUser -SearchBase 'ou=Users Test OU,ou=MYDOMAIN USERS,dc=MYDOMAIN,dc=LOCAL' -filter * | ForEach {Set-ADUser -Identity $_.samAccountName -googleAppsDomain "$($_.samAccountName + '@MYDOMAIN.COM')"}


    • Edited by Braham20 Wednesday, July 1, 2015 2:33 PM
    Wednesday, July 1, 2015 2:30 PM
  • Nope - won't work like that.

    $serachbase='ou=Users Test OU,ou=MYDOMAIN USERS,dc=MYDOMAIN,dc=LOCAL'
    Get-ADUser -SearchBase $searchBase -filter * | 
        ForEach-Object{
            Set-ADUser $_.SamAccountName -Add @{GoogleAppsDomain="$($_.SamAccountName)@MYDOMAIN.COM" }
        }
    

    Optional and Custom attributes have to bee added or replaced explicitly.


    \_(ツ)_/

    • Proposed as answer by Braham20 Wednesday, July 1, 2015 2:43 PM
    • Marked as answer by darcfyre Wednesday, July 1, 2015 3:18 PM
    Wednesday, July 1, 2015 2:36 PM
  • The attribute googleAppsDomain shows in Attribute editor in Active Directory Users and Computers as well as ADSI Edit and the Schema MMC Snap In, but the code returns this when I try that:

    Set-ADUser : A parameter cannot be found that matches parameter name
    'googleAppsDomain'.
    At line:1 char:160
    + ... samAccountName -googleAppsDomain "$($_.samAccountName + '@MYDOMAIN.COM')"}
    +                    ~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Set-ADUser], ParameterBind
       ingException
        + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory
       .Management.Commands.SetADUser

    Wednesday, July 1, 2015 2:37 PM
  • I think because it is a "custom" attribute that the "-Add" has to be used. I tried the code you supplied, Braham20,  against the attribute that Powershell shows as "OtherName" and it populated correctly the Active Directory Users and Computers Attribute Editor attribute labeled "middleName".


    • Edited by darcfyre Wednesday, July 1, 2015 3:21 PM Making clear
    Wednesday, July 1, 2015 2:45 PM
  • It returns :

    Whoops forgot to convert back to real Domain and OU names. Testing again....

    • Edited by darcfyre Wednesday, July 1, 2015 3:11 PM wrong Information
    Wednesday, July 1, 2015 3:08 PM
  • The question was for a custom attribute. JRV's worked for the custom attribute.

    Braham20's worked for common attribute's, so is also helpful to know.

    Thank you both such rapid and accurate answers!

    Wednesday, July 1, 2015 3:20 PM