locked
Set-ADUser Multiple Attributes RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I am attempting to set multiple attributes against a list of users.  The attributes are coming from a CSV file.

    I can import the CSV file, created the ForEach and write-host all of the attributes, so I know this part is working.

    The problem I am having is how to use Set-ADUser -Identity $SamAccountName and my group of attributes

    (I did not create the custom attributes Company-xxxxx, that was a gift from the previous Administrators)

    I have tried using -Replace and -Add and a feeble attempt at an array, arrays and I just dont get along.  Without any luck.

    If someone could point me in a direction that would be awesome.  My code is somewhat ugly, as I have been editing, adding, deleting....

    #Create Log File
$date = (get-date).ToString('MMddyyy')
$file = New-Item -type file F:\temp\"$date"UserLog.csv -Force

$Attributes = Import-CSV "F:\temp\UserAttrbutes.csv"

ForEach ($Attribute in $Attributes)
{
	$SamAccountName = $null
	$SamAccountName = $Attribute.SamAccountName
	$UserTrue = Get-ADUser $SamAccountName -ErrorAction Stop
	IF($UserTrue -ne $null)
	{
		#$SamAccountName = $Attribute.SamAccountName
		#$UserTrue = Get-ADUser $SamAccountName -ErrorAction Stop
		Write-Host $Attribute.SamAccountName -ForegroundColor Yellow
		
		Write-Host "UPN:" $Attribute.UPN
		Write-Host "Company-CompanyID:" $Attribute.CompanyCompanyID
		Write-Host "Company-EmployeeType:" $Attribute.CompanyemployeeType
		Write-Host "Company-Generic00008:" $Attribute.CompanyGeneric0008
		Write-Host "Company-Generic00009:" $Attribute.CompanyGeneric0009
		Write-Host "Company-Generic0010:" $Attribute.CompanyGeneric0010
		Write-Host "Company-HireDate:" $Attribute.CompanyHireDate
		Write-Host "Company-HREmployeeID:" $Attribute.CompanyHREmployeeID
		Write-Host "Company-JObID:" $Attribute.CompanyJObID
		Write-Host "Company-PositionID:" $Attribute.CompanypositionID
		Write-Host "Company-StoreID:" $Attribute.CompanystoreID
		Write-Host "Company-TerminationDate:" $Attribute.CompanyTerminationDate
		Write-Host "City:" $Attribute.City
		Write-Host "Company:" $Attribute.Company
		Write-Host "Department:" $Attribute.Department
		Write-Host "State:" $Attribute.State
		Write-Host "Street Address:" $Attribute.StreetAddress
		Write-Host "*********************************************************" -ForegroundColor Green
		
		#$SamAccountName = $Attribute.SamAccountName
		$UPN = $Attribute.UserPrincipalName
		$CompanyCompanyID = $Attribute."Company-CompanyID"
		$CompanyEmployeeType =  $Attribute."Company-employeeType"
		$CompanyGeneric0008 = $Attribute."Company-Generic0008"
		$CompanyGeneric0009 = $Attribute."Company-Generic0009"
		$CompanyGeneric0010 = $Attribute."Company-Generic0010"
		$CGMHireDate = $Attribute."Company-HireDate"
		$CompanyHREmployeeID = $Attribute."Company-HREmployeeID"
		$CompanyJobID = $Attribute."Company-JObID"
		$CompanyPositionID = $Attribute."Company-positionID"
		$CompanyStoreID = $Attribute."Company-storeID"
		$CompanyTerminationDate = $Attribute."Company-TerminationDate"
		$City = $Attribute.City
		$Company = $Attribute.Company
		$Department = $Attribute.Department
		$State = $Attribute.State
		$StreetAddress = $Attribute.StreetAddres
		
		
		
		
		
		
		#Set-ADUser -Identity $SamAccountName -Add -UserPrincipalName $($UPN), -"Company-CompanyID" $($CompanyCompanyID);"Company-employeeType"=$CompanyEmployeeType;"Company-Generic0008"=$CompanyGeneric0008;"Company-Generic0009"=$CompanyGeneric0009;"Company-Generic0010"=$CompanyGeneric0010;"Company-HireDate"=$CompanyHireDate;"Company-HREmployeeID"=$CompanyHREmployeeID;"Company-JobID"=$CompanyJobID;"Company-positionID"=$CompanyPositionID;"Company-storeID"=$CompanyStoreID;"Company-TerminationDate"=$CompanyTerminationDate;City=$City;Company=$Company;Department=$Department;State=$State;StreetAddress=$StreetAddress}
		Set-ADUser -Identity $SamAccountName  -UserPrincipalName $UPN
		add-content $file -Value "$SAMAccountName, was successfully updated" -encoding ascii
	}
	Else
	{
		Write-Warning -Message "User $SAMAccountName Does Not Exist"
		Write-Host "*********************************************************" -ForegroundColor Green
		add-content $file -Value "$SAMAccountName, was does not exist" -encoding ascii
	}
	
	
}


    Tuesday, July 30, 2019 5:06 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Chris...

    If you look at microsoft's example for the -Add parameter, they show wrapping the list of parameters to be set in a powershell hashtable.

    When i look at your script example above, you seem to do this:  -Add -UserprincipalName.

    When i read that, it looks like the -Add is missing the expected value.  Maybe its a mistype in your script example?

    Also, you might need to look at the AD schema to get the actual 'ldapDisplayName' for these extended attributes.  I'm almost positive that the ldapDisplayName cannot have a dash '-' character in it.

    If this is true, then the ldap attribute name is likely CompanyCompanyID and not Company-CompanyID.  But again, this is an assumption about the ldapDisplayName.  Validate it with ADSIEDIT by looking for the attribute in the schema.

    From the doc on Set-ADUser:

    -Add

    Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is:

    -Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}

    When you use the AddRemoveReplace, and Clear parameters together, the operations will be performed in the following order:

    • Remove
    • Add
    • Replace
    • Clear

    -Eriq VanBibber, CTO, Priasoft Inc.

    Tuesday, July 30, 2019 5:32 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    For example, to update the Info attribute in Active Directory and replace it with a new value:

    SET-ADUSER john.smith –replace @{info=”John Smith is a Temporary Contractor”}

    Please refer the link below:

    https://devblogs.microsoft.com/scripting/powertip-set-custom-attributes-in-active-directory/

    Best regards,

    Lee

    Just do it.

    Wednesday, July 31, 2019 6:06 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Here is a much cleaner, easier to write and debug way. This is how PowerShell is designed to work and useful for large numbers of properties.

    #Create Log File
$date = (get-date).ToString('yyyyMMdd')
$fileName = "F:\temp\$date_UserLog.csv"
$file = New-Item -Name $fileName -ItemType File -Force

Import-CSV F:\temp\UserAttrbutes.csv |
ForEach-Object{
    Try{
        $userprops = @{
            Identity = $_.SamAccountName
            UserPrincipalName = $_.UserPrincipalName
            City = $_.City
            Company = $_.Company
            Department = $_.Department
            State = $_.State
            StreetAddress = $_.StreetAddress
            Replace = @{
                CompanyCompanyID = $_.'Company-CompanyID'
                CompanyEmployeeType = $_.'Company-employeeType'
                CompanyGeneric0008 = $_.'Company-Generic0008'
                CompanyGeneric0009 = $_.'Company-Generic0009'
                CompanyGeneric0010 = $_.'Company-Generic0010'
                CGMHireDate = $_.'Company-HireDate'
                CompanyHREmployeeID = $_.'Company-HREmployeeID'
                CompanyJobID = $_.'Company-JObID'
                CompanyPositionID = $_.'Company-positionID'
                CompanyStoreID = $_.'Company-storeID'
                CompanyTerminationDate = $_.'Company-TerminationDate'
            }
        }
        # uncomment for diagnostics
        #[pscustomobject]@userprops | Write-Host -fore green
        Set-ADUser @userprops -ErrorAction Stop
        Add-Content $fileName -Value "$SamAccountName, was successfully updated" -encoding ascii
    }
    Catch{
        Write-Host $_ -fore red
        Add-Content $fileName -Value "$SamAccountName, was does not exist" -encoding ascii
    }
}

    \_(ツ)_/

    Wednesday, July 31, 2019 6:35 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Chris...

    If you look at microsoft's example for the -Add parameter, they show wrapping the list of parameters to be set in a powershell hashtable.

    When i look at your script example above, you seem to do this:  -Add -UserprincipalName.

    When i read that, it looks like the -Add is missing the expected value.  Maybe its a mistype in your script example?

    Also, you might need to look at the AD schema to get the actual 'ldapDisplayName' for these extended attributes.  I'm almost positive that the ldapDisplayName cannot have a dash '-' character in it.

    If this is true, then the ldap attribute name is likely CompanyCompanyID and not Company-CompanyID.  But again, this is an assumption about the ldapDisplayName.  Validate it with ADSIEDIT by looking for the attribute in the schema.

    From the doc on Set-ADUser:

    -Add

    Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is:

    -Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}

    When you use the AddRemoveReplace, and Clear parameters together, the operations will be performed in the following order:

    • Remove
    • Add
    • Replace
    • Clear

    -Eriq VanBibber, CTO, Priasoft Inc.

    Tuesday, July 30, 2019 5:32 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    For example, to update the Info attribute in Active Directory and replace it with a new value:

    SET-ADUSER john.smith –replace @{info=”John Smith is a Temporary Contractor”}

    Please refer the link below:

    https://devblogs.microsoft.com/scripting/powertip-set-custom-attributes-in-active-directory/

    Best regards,

    Lee

    Just do it.

    Wednesday, July 31, 2019 6:06 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Here is a much cleaner, easier to write and debug way. This is how PowerShell is designed to work and useful for large numbers of properties.

    #Create Log File
$date = (get-date).ToString('yyyyMMdd')
$fileName = "F:\temp\$date_UserLog.csv"
$file = New-Item -Name $fileName -ItemType File -Force

Import-CSV F:\temp\UserAttrbutes.csv |
ForEach-Object{
    Try{
        $userprops = @{
            Identity = $_.SamAccountName
            UserPrincipalName = $_.UserPrincipalName
            City = $_.City
            Company = $_.Company
            Department = $_.Department
            State = $_.State
            StreetAddress = $_.StreetAddress
            Replace = @{
                CompanyCompanyID = $_.'Company-CompanyID'
                CompanyEmployeeType = $_.'Company-employeeType'
                CompanyGeneric0008 = $_.'Company-Generic0008'
                CompanyGeneric0009 = $_.'Company-Generic0009'
                CompanyGeneric0010 = $_.'Company-Generic0010'
                CGMHireDate = $_.'Company-HireDate'
                CompanyHREmployeeID = $_.'Company-HREmployeeID'
                CompanyJobID = $_.'Company-JObID'
                CompanyPositionID = $_.'Company-positionID'
                CompanyStoreID = $_.'Company-storeID'
                CompanyTerminationDate = $_.'Company-TerminationDate'
            }
        }
        # uncomment for diagnostics
        #[pscustomobject]@userprops | Write-Host -fore green
        Set-ADUser @userprops -ErrorAction Stop
        Add-Content $fileName -Value "$SamAccountName, was successfully updated" -encoding ascii
    }
    Catch{
        Write-Host $_ -fore red
        Add-Content $fileName -Value "$SamAccountName, was does not exist" -encoding ascii
    }
}

    \_(ツ)_/

    Wednesday, July 31, 2019 6:35 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thanks everyone.  I was able to get this working with all of your suggestions and figuring out the proper LDAP names for the attributes.
    Wednesday, July 31, 2019 2:19 PM