Remove From My Forums

Active Directory New-/Set-ADorganizationalUnit OtherAttributes with empty values

Question

Hello,

i'm having some trouble creating or setting organizationalUnits with extended attributes. I have a created spreadsheet that has all entries. Unfortunately, not every field is set with a value. E.g. "lraIsBranchOffice" can have empty or TRUE, most of the entries are empty. about 2 dozen are TRUE.

How is the correct Approach handling "otherAttributes" with New/Set-ADOrganizationalUnit, when empty values are likely?

The code below creates Organizational Units - when no OtherAttributes are set. Fortunately even when streetAddress or City is empty.

foreach($line in $SpreadSheet)
{    
            
                $collection = @()
                $item = $null
                $adpath = $null
                        
                $collection = New-Object PSObject -Property `
                @{ 
                    Name = $line.Name
                    Description = $line.Description
                    StreetAddress=$line.street
                    PostalCode=$line.postalCode
                    City = $line.l
                    State=$line.st
                    Path=$line.distinguishedName
                    OtherAttributes = @{mail="$($line.mail)"; lraIsBranchOffice="$($line.lraIsBranchOffice)";telephoneNumber="$($line.telephoneNumber)";facsimileTelephoneNumber="$($line.facsimileTelephoneNumber)";info="$($line.info)"}
                }

                foreach ($object in $collection)
                {
                    $object.PsObject.Properties | ?{ ($_.Value) } | %{
                        $item += @{
                            ($_.Name) = ($_.Value)
                        }
                    }
                }    
                
                $adpath = "OU=$($item.Name),$($item.Path)"
                
                if(Test-Path "AD:\$adpath")
                {
                    Write-Log -Message "[Warning] - OU $($item.Name) '$adpath' already exists. Just updating ist Attributes..."
                    try
                    {
                        Set-ADOrganizationalUnit -Server $Server -Identity $adpath -Replace $item
                    }
                    catch 
                    {
                        Write-Log -Message "[ERROR] - Failed updating Attributes for '$adpath': $ErrorMessage"
                    }
                }
                else 
                {
                    Write-Log -Message "[Info] - OU $($item.Name) '$adpath' does not exist. Trying to create OU."
                    try
                    {
                        New-ADOrganizationalUnit -Server $Server -ProtectedFromAccidentalDeletion $false @item 
                    }
                    catch
                    {
$ErrorMessage = $_.Exception.Message                        
Write-Log -Message "[ERROR] - OU creation failed: $ErrorMessage"                    }
                }
            }

Thanks in advance,

Sascha

Wednesday, February 7, 2018 3:23 PM

Answers

0

Sign in to vote
Start by reading:

help about_splatting

Search the net and the Gallery for examples of how to use splatting with AD commands.

A splat would look like this.

Set-ADOrganizationalUnit @hash

Once you understand how it works it will be easy.

Set-ADOrganizationalUnit does not have a parameter called "OtherAttirbutes"

Please read the help for the CmdLet until you understand what it can and cannot do.

\_(ツ)_/
- Edited by jrv Thursday, February 8, 2018 8:35 PM
- Proposed as answer by Albert LingMicrosoft contingent staff Friday, February 9, 2018 9:00 AM
- Marked as answer by SKuemmel Friday, February 9, 2018 12:32 PM
Thursday, February 8, 2018 8:32 PM

All replies

0

Sign in to vote

You cannot assign blank or null entries in AD CmdLets.

\_(ツ)_/

Wednesday, February 7, 2018 3:29 PM
0

Sign in to vote

Actually, you cannot assign blank or null values to any AD attribute in any language. Use the -Clear parameter of the cmdlet to clear any existing value. Check the help for Set-ADOrganizationalUnit.
Richard Mueller - MVP Enterprise Mobility (Identity and Access)

Wednesday, February 7, 2018 5:38 PM
0

Sign in to vote

Thanks for your replies.

Sorry if you have misunderstood the question: I do not want to assign blank values to attributes in AD. I am aware i have to use the -clear parameter for empty values, but that is not what i want to achieve.

The goal is to skip all empty values in $Collection.OtherAttributes, so the $item hashtable has only filled values and can be processed by Set-ADOrganizationalUnit or New-ADOrganizationalUnit

Thursday, February 8, 2018 12:00 AM
0

Sign in to vote

That is correct. Just skkp the empty values. The easiest way to do this is with a hash.

$props = @{}
if($_.Name){$props.Add('Name',$_.Name)}

Now just "splat" the command with the hash and all will be well.

\_(ツ)_/

Thursday, February 8, 2018 12:08 AM

Sorry, i'm still struggling with the OtherAttribues Hashtable....

When printing out the values, it has skipped the empty fields successfully.

Set-ADOrganizationalUnit does still deny the OtherAttributes Property with error "Invalid Type "System.Collection.Hashtable". Parameter OtherAttributes"

foreach($line in $global:SpreadSheet)
{    
	$collection = @{}
	$otherAttributes = @{}
	$adpath = $null
	
	# filter empty other attributes
	if($line.mail){
		$otherAttributes.Add('mail',$line.mail)
	}
	if($line.lraIsBranchOffice){
		$otherAttributes.Add('lraIsBranchOffice', $line.lraIsBranchOffice)
	}
	if($line.telephoneNumber){
		$otherAttributes.Add('telephoneNumber',$line.telephoneNumber)
	}
	if($line.facsimileTelephoneNumber){
		$otherAttributes.Add('facsimileTelephoneNumber',$line.facsimileTelephoneNumber)
	}
	if($line.info){
		$otherAttributes.Add('info',$line.info)
	}
	# filter empty standard attribues
	if($line.Description)
	{
		$collection.Add('Description',$line.Description)
	}
	if($line.street)
	{
		$collection.Add('StreetAddress',$line.street)
	}
	if($line.postalCode)
	{
		$collection.Add('PostalCode',$line.postalCode)
	}
	if($line.l)
	{
		$collection.Add('City',$line.l)
	}
	
	if($line.st)
	{
		$collection.Add('State',$line.st)
	}
	
        # add the other attribues hashtable to the collection
	$collection.Add('OtherAttributes',$otherAttributes)
   
	
	try
	{
		$adpath = "OU=$($line.Name),$($line.distinguishedName)"
		Write-Log -Message "[Info] - Modifying Date for OU $($collection.Name) '$adpath'."
		Set-ADOrganizationalUnit -Server $Server -Identity $adpath -Replace $collection
	}
	catch{
			$ErrorMessage = $_.Exception.Message
			$FailedItem = $_.Exception.ItemName
			Write-Log -Message "[ERROR] - Failed writing changes to '$adpath': $ErrorMessage"
	}
}

Another approach with more automatics also fails with the same error:

foreach($line in $global:SpreadSheet)
{    
	$collection = @{}
	$otherAttributes = @{}
	$adpath = $null
	$tmp = @{}
	$item = @{}
	
	$otherAttributes = New-Object PSObject -Property @{ mail=$line.mail;lraIsBranchOffice=$line.lraIsBranchOffice;telephoneNumber=$line.telephoneNumber;facsimileTelephoneNumber=$line.facsimileTelephoneNumber;info=$line.info}
	$collection = New-Object PSObject -Property `
	@{ 
		Description = $line.Description
		StreetAddress=$line.street
		PostalCode=$line.postalCode
		City = $line.l
		State=$line.st
	}

	#filter empty standard attributes
	foreach ($object in $collection)
	{
		$object.PsObject.Properties | ?{ ($_.Value) } | %{
			$item.Add($_.Name,$_.Value)
		}
	}

	#filter empty other attributes
	foreach($itm in $otherAttributes)
	{
		$itm.PsObject.Properties | ?{ ($_.Value) } | %{
			$tmp.Add($_.Name,$_.Value)
		}
	}
        # join the other attributes to the item hash table
	$item.Add('OtherAttribues',$tmp)

	
	try
	{
		$adpath = "OU=$($line.name),$($line.distinguishedName)"
		Write-Log -Message "[Info] - Modifying Date for OU $($collection.Name) '$adpath'."
		Set-ADOrganizationalUnit -Server $Server -Identity $adpath -Replace $item
	}

	catch{
			$ErrorMessage = $_.Exception.Message
			$FailedItem = $_.Exception.ItemName

			Write-Log -Message "[ERROR] - Failed writing changes to '$adpath': $ErrorMessage"
	}
}

Thursday, February 8, 2018 1:28 PM

0

Sign in to vote
Start by reading:

help about_splatting

Search the net and the Gallery for examples of how to use splatting with AD commands.

A splat would look like this.

Set-ADOrganizationalUnit @hash

Once you understand how it works it will be easy.

Set-ADOrganizationalUnit does not have a parameter called "OtherAttirbutes"

Please read the help for the CmdLet until you understand what it can and cannot do.

\_(ツ)_/
- Edited by jrv Thursday, February 8, 2018 8:35 PM
- Proposed as answer by Albert LingMicrosoft contingent staff Friday, February 9, 2018 9:00 AM
- Marked as answer by SKuemmel Friday, February 9, 2018 12:32 PM
Thursday, February 8, 2018 8:32 PM
0

Sign in to vote

You are absolutely right... shame on me i didn't see it -.-

Friday, February 9, 2018 12:32 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Active Directory New-/Set-ADorganizationalUnit OtherAttributes with empty values

Question

Answers

All replies