none
AD Groups, populate mail attribute from cn name RRS feed

  • Question

  • Hi

    I am hoping someone can give some advice on whether this is possible and maybe a sample script to get me started.

    We have a complicated FIM solution in place to migrate Novell eDirectory objects into AD. For some reason GroupWise distributions lists don't get migrated with the mail attribute into AD and has to be filled out manually. For various reasons it seems we can't amend FIM to include it as the person who managed it has left the company and says we should use some other Dell tool which is a manual process.

    Instead is it possible to have a script which looks at this specific container in AD with the groups and checks if the mail attribute is missing and if it is, the script appends the mail attribute part with the CN part and adds the E-mail part to the end. Ie if the Group was called Finance, the script would append the mail attribute part to be finance@samplecompany.com?

    I would then schedule this script to run every few hours.

    Many thanks in advance,

    Ant

    Wednesday, May 11, 2016 12:12 PM

Answers

  • You're welcome.

    You're close, but you'll need to use -Add in Set-ADGroup. There isn't an -Email parameter to use.

    Here's how you can use Get-ADGroup to return only the groups that don't have the mail property set:


    Get-ADGroup -Filter "mail -notlike '*'" -SearchBase 'OU=Testing,DC=domain,DC=com'


    • Proposed as answer by cdomansky Wednesday, May 11, 2016 6:04 PM
    • Marked as answer by Ant Ks Wednesday, May 11, 2016 6:24 PM
    Wednesday, May 11, 2016 4:01 PM
  • No worries, everyone starts somewhere.

    The basic change you'll need to make is that you need to use a hashtable when using the -Add parameter.

    Get-ADGroup -Filter "mail -notlike '*'" -SearchBase 'OU=Testing,DC=domain,DC=com' | ForEach-Object {
    
        Set-ADGroup -Identity $_.DistinguishedName -Add @{mail="$($_.SamAccountName)@domain.com"} -WhatIf
    
    }

    Remove the -WhatIf switch and run the script again to make the change if the groups you're expecting to be updated are returned by this.


    • Marked as answer by Ant Ks Wednesday, May 11, 2016 7:18 PM
    Wednesday, May 11, 2016 6:31 PM

All replies

  • Hi,

    Sure, this is possible.

    Use Get-ADGroup to find your groups without the mail attribute set, using the -Filter parameter (and -SearchBase to point at the OU you're interested in). Then use Set-ADGroup with the -Add parameter to set the mail attribute.

    http://ss64.com/ps/get-adgroup.html

    http://ss64.com/ps/set-adgroup.html


    Wednesday, May 11, 2016 12:20 PM
  • Hi Mike

    Many thanks, that is really good to know.

    Am I roughly along the right lines with this you reckon? I haven't had a chance to test it yet as waiting for access to our test environment:

    Get-ADGroup -Filter * ... | Foreach-Object{
       Set-ADGroup -Identity $_ -Email "$($_.samaccountname)@domain.com"} -Partition "CN=Configuration,DC=Europe,DC=Test,DC=SS64,DC=com"


    Wednesday, May 11, 2016 3:56 PM
  • You're welcome.

    You're close, but you'll need to use -Add in Set-ADGroup. There isn't an -Email parameter to use.

    Here's how you can use Get-ADGroup to return only the groups that don't have the mail property set:


    Get-ADGroup -Filter "mail -notlike '*'" -SearchBase 'OU=Testing,DC=domain,DC=com'


    • Proposed as answer by cdomansky Wednesday, May 11, 2016 6:04 PM
    • Marked as answer by Ant Ks Wednesday, May 11, 2016 6:24 PM
    Wednesday, May 11, 2016 4:01 PM
  • Fantastic many thanks again for all your help!
    Wednesday, May 11, 2016 4:14 PM
  • Cheers, you're welcome. Glad I could help out.

    Wednesday, May 11, 2016 4:17 PM
  • Okay your command worked perfectly returning those groups without an E-Mail address by itself. Yet when I try to combine the command, I am hitting these errors:

    PS C:\Users\Administrator> Get-ADGroup -Filter "mail -notlike '*'" -SearchBase 'ou=test,ou=groups,ou=ho,dc=bloggs,dc=ads'
    | Foreach-Object{Set-ADGroup -Add -Identity $_ -mail "$($_.samaccountname)@bloggs.org.uk"} 
    Set-ADGroup : Missing an argument for parameter 'Add'. Specify a parameter of type 'System.Collections.Hashtable' and
    try again.
    At line:1 char:123
    + ... ct{Set-ADGroup -Add -Identity $_ -mail "$($_.samaccountname)@bloggs.org.uk"} 
    +                    ~~~~
        + CategoryInfo          : InvalidArgument: (:) [Set-ADGroup], ParameterBindingException
        + FullyQualifiedErrorId : MissingArgument,Microsoft.ActiveDirectory.Management.Commands.SetADGroup

    Set-ADGroup : Missing an argument for parameter 'Add'. Specify a parameter of type 'System.Collections.Hashtable' and
    try again.
    At line:1 char:123
    + ... ct{Set-ADGroup -Add -Identity $_ -mail "$($_.samaccountname)@bloggs.org.uk"} 
    +                    ~~~~
        + CategoryInfo          : InvalidArgument: (:) [Set-ADGroup], ParameterBindingException
        + FullyQualifiedErrorId : MissingArgument,Microsoft.ActiveDirectory.Management.Commands.SetADGroup

    PS C:\Users\Administrator> 


    Sorry to be a pain, I have never used Powershell before and know it is probably something really simple I am doing wrong, but if it is obvious to you please let me know.

    Many thanks again,

    Ant

    Wednesday, May 11, 2016 6:24 PM
  • No worries, everyone starts somewhere.

    The basic change you'll need to make is that you need to use a hashtable when using the -Add parameter.

    Get-ADGroup -Filter "mail -notlike '*'" -SearchBase 'OU=Testing,DC=domain,DC=com' | ForEach-Object {
    
        Set-ADGroup -Identity $_.DistinguishedName -Add @{mail="$($_.SamAccountName)@domain.com"} -WhatIf
    
    }

    Remove the -WhatIf switch and run the script again to make the change if the groups you're expecting to be updated are returned by this.


    • Marked as answer by Ant Ks Wednesday, May 11, 2016 7:18 PM
    Wednesday, May 11, 2016 6:31 PM
  • Needless to say that worked absolutely perfectly, cannot thank you enough and really grateful. I am definitely going to be learning powershell more just seeing what it can do here.
    Wednesday, May 11, 2016 7:18 PM
  • You're very welcome once again.

    There are some good resources here for getting started:

    http://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx


    Wednesday, May 11, 2016 7:25 PM