none
Active Directory New-/Set-ADorganizationalUnit OtherAttributes with empty values

    Question

  • Hello,

    i'm having some trouble creating or setting organizationalUnits with extended attributes. I have a created spreadsheet that has all entries. Unfortunately, not every field is set with a value. E.g. "lraIsBranchOffice" can have empty or TRUE, most of the entries are empty. about 2 dozen are TRUE.

    How is the correct Approach handling "otherAttributes" with New/Set-ADOrganizationalUnit, when empty values are likely?

    The code below creates Organizational Units - when no OtherAttributes are set. Fortunately even when streetAddress or City is empty.

    foreach($line in $SpreadSheet) { $collection = @() $item = $null $adpath = $null $collection = New-Object PSObject -Property ` @{ Name = $line.Name Description = $line.Description StreetAddress=$line.street PostalCode=$line.postalCode City = $line.l State=$line.st Path=$line.distinguishedName OtherAttributes = @{mail="$($line.mail)"; lraIsBranchOffice="$($line.lraIsBranchOffice)";telephoneNumber="$($line.telephoneNumber)";facsimileTelephoneNumber="$($line.facsimileTelephoneNumber)";info="$($line.info)"} } foreach ($object in $collection) { $object.PsObject.Properties | ?{ ($_.Value) } | %{ $item += @{ ($_.Name) = ($_.Value) } } } $adpath = "OU=$($item.Name),$($item.Path)" if(Test-Path "AD:\$adpath") { Write-Log -Message "[Warning] - OU $($item.Name) '$adpath' already exists. Just updating ist Attributes..." try { Set-ADOrganizationalUnit -Server $Server -Identity $adpath -Replace $item } catch { Write-Log -Message "[ERROR] - Failed updating Attributes for '$adpath': $ErrorMessage" } } else { Write-Log -Message "[Info] - OU $($item.Name) '$adpath' does not exist. Trying to create OU." try { New-ADOrganizationalUnit -Server $Server -ProtectedFromAccidentalDeletion $false @item } catch {

    $ErrorMessage = $_.Exception.Message

    Write-Log -Message "[ERROR] - OU creation failed: $ErrorMessage" }

    } }

    Thanks in advance,

    Sascha

    Wednesday, February 7, 2018 3:23 PM

Answers

  • Start by reading:

    help about_splatting

    Search the net and the Gallery for examples of how to use splatting with AD commands.

    A splat would look like this.

    Set-ADOrganizationalUnit @hash

    Once you understand how it works it will be easy.

    Set-ADOrganizationalUnit does not have a parameter called "OtherAttirbutes"

    Please read the help for the CmdLet until you understand what it can and cannot do.


    \_(ツ)_/


    Thursday, February 8, 2018 8:32 PM
    Moderator

All replies

  • You cannot assign blank or null entries in AD CmdLets.


    \_(ツ)_/

    Wednesday, February 7, 2018 3:29 PM
    Moderator
  • Actually, you cannot assign blank or null values to any AD attribute in any language. Use the -Clear parameter of the cmdlet to clear any existing value. Check the help for Set-ADOrganizationalUnit.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Wednesday, February 7, 2018 5:38 PM
  • Thanks for your replies.

    Sorry if you have misunderstood the question: I do not want to assign blank values to attributes in AD. I am aware i have to use the -clear parameter for empty values, but that is not what i want to achieve.

    The goal is to skip all empty values in $Collection.OtherAttributes, so the $item hashtable has only filled values and can be processed by Set-ADOrganizationalUnit or New-ADOrganizationalUnit

    Thursday, February 8, 2018 12:00 AM
  • That is correct.  Just skkp the empty values.  The easiest way to do this is with a hash.

    $props = @{}
    if($_.Name){$props.Add('Name',$_.Name)}

    Now just "splat" the command with the hash and all will be well.


    \_(ツ)_/

    Thursday, February 8, 2018 12:08 AM
    Moderator
  • Sorry, i'm still struggling with the OtherAttribues Hashtable....

    When printing out the values, it has skipped the empty fields successfully.

    Set-ADOrganizationalUnit does still deny the OtherAttributes Property with error "Invalid Type "System.Collection.Hashtable". Parameter OtherAttributes"

    foreach($line in $global:SpreadSheet)
    {    
    	$collection = @{}
    	$otherAttributes = @{}
    	$adpath = $null
    	
    	# filter empty other attributes
    	if($line.mail){
    		$otherAttributes.Add('mail',$line.mail)
    	}
    	if($line.lraIsBranchOffice){
    		$otherAttributes.Add('lraIsBranchOffice', $line.lraIsBranchOffice)
    	}
    	if($line.telephoneNumber){
    		$otherAttributes.Add('telephoneNumber',$line.telephoneNumber)
    	}
    	if($line.facsimileTelephoneNumber){
    		$otherAttributes.Add('facsimileTelephoneNumber',$line.facsimileTelephoneNumber)
    	}
    	if($line.info){
    		$otherAttributes.Add('info',$line.info)
    	}
    	# filter empty standard attribues
    	if($line.Description)
    	{
    		$collection.Add('Description',$line.Description)
    	}
    	if($line.street)
    	{
    		$collection.Add('StreetAddress',$line.street)
    	}
    	if($line.postalCode)
    	{
    		$collection.Add('PostalCode',$line.postalCode)
    	}
    	if($line.l)
    	{
    		$collection.Add('City',$line.l)
    	}
    	
    	if($line.st)
    	{
    		$collection.Add('State',$line.st)
    	}
    	
            # add the other attribues hashtable to the collection
    	$collection.Add('OtherAttributes',$otherAttributes)
       
    	
    	try
    	{
    		$adpath = "OU=$($line.Name),$($line.distinguishedName)"
    		Write-Log -Message "[Info] - Modifying Date for OU $($collection.Name) '$adpath'."
    		Set-ADOrganizationalUnit -Server $Server -Identity $adpath -Replace $collection
    	}
    	catch{
    			$ErrorMessage = $_.Exception.Message
    			$FailedItem = $_.Exception.ItemName
    			Write-Log -Message "[ERROR] - Failed writing changes to '$adpath': $ErrorMessage"
    	}
    }

    Another approach with more automatics also fails with the same error:

    foreach($line in $global:SpreadSheet) { $collection = @{} $otherAttributes = @{} $adpath = $null $tmp = @{} $item = @{} $otherAttributes = New-Object PSObject -Property @{ mail=$line.mail;lraIsBranchOffice=$line.lraIsBranchOffice;telephoneNumber=$line.telephoneNumber;facsimileTelephoneNumber=$line.facsimileTelephoneNumber;info=$line.info} $collection = New-Object PSObject -Property ` @{ Description = $line.Description StreetAddress=$line.street PostalCode=$line.postalCode City = $line.l State=$line.st } #filter empty standard attributes foreach ($object in $collection) { $object.PsObject.Properties | ?{ ($_.Value) } | %{ $item.Add($_.Name,$_.Value) } } #filter empty other attributes foreach($itm in $otherAttributes) { $itm.PsObject.Properties | ?{ ($_.Value) } | %{ $tmp.Add($_.Name,$_.Value) } }

    # join the other attributes to the item hash table $item.Add('OtherAttribues',$tmp) try { $adpath = "OU=$($line.name),$($line.distinguishedName)" Write-Log -Message "[Info] - Modifying Date for OU $($collection.Name) '$adpath'." Set-ADOrganizationalUnit -Server $Server -Identity $adpath -Replace $item } catch{ $ErrorMessage = $_.Exception.Message $FailedItem = $_.Exception.ItemName Write-Log -Message "[ERROR] - Failed writing changes to '$adpath': $ErrorMessage" } }



    Thursday, February 8, 2018 1:28 PM
  • Start by reading:

    help about_splatting

    Search the net and the Gallery for examples of how to use splatting with AD commands.

    A splat would look like this.

    Set-ADOrganizationalUnit @hash

    Once you understand how it works it will be easy.

    Set-ADOrganizationalUnit does not have a parameter called "OtherAttirbutes"

    Please read the help for the CmdLet until you understand what it can and cannot do.


    \_(ツ)_/


    Thursday, February 8, 2018 8:32 PM
    Moderator
  • You are absolutely right... shame on me i didn't see it -.-

    Friday, February 9, 2018 12:32 PM