Programmatically manipulate AD user attributes with PowerShell « Dmitry’s PowerBlog: PowerShell and beyond

Another piece of knowledge to share from discussion forums: How to programmatically manipulate AD attributes?

As you recall, we have discussed before getting a list of all user properties. But then the question got asked on how to actually manipulate these attributes.

Of course if you know the property name in advance you just reference it in your code:

PS C:\> $me = Get-QADUser “Dmitry Sotnikov” PS C:\> $me.Name Dmitry Sotnikov PS C:\> $me.wWWHomePage http://dmitrysotnikov.wordpress.com

But what if you don’t know the name of the property in advance? After all AD schema is extensible and different AD forests can have different sets of attributes for the same class of object.

The answer is using the [] addressing and passing the name of the attribute as a string:
PS C:\> $me["Name"] Dmitry Sotnikov

Or if you need to programmatically iterate through all user properties you could use something like:

#Get the full property list $properties = Get-QADUser -ReturnPropertyNamesOnly -IncludeAllProperties #Get the object: $me = Get-QADUser “Dmitry Sotnikov” -IncludeAllProperties #Now you can get any of them manually, for example: $properties | ForEach { “Property ‘” + $_ + “‘ is ” + $me[$_] }
In this example I am going through the properties list and just outputting them one by one. You could instead do something else with them.

Tags: oneliner, AD cmdlets, cmdlets, one-liner, PowerShell, AD, Active Directory, Examples

4 Responses to “Programmatically manipulate AD user attributes with PowerShell”

Feed for this Entry Trackback Address

1 FrancescoB July 17, 2007 at 3:21 pm

Great stuff.
But, how to WRITE a property in AD, when it’s not “disclosed”?

I mean… I’d like to enable a bunch of users to LCS2005.
THey are mail-enabled, and I’ve got to select them by a custom attribute I’ve already populated.
SO, I have to populate the LCS porperties (e.g. “mSRTCSIP-primaryuseraddress”).

Any hint?
Thanks
2 dmitrysotnikov July 17, 2007 at 3:44 pm

Francesco,

That’s a good point. I completely forgot to mention that in the blog.

When you need to set any of the attributes beyond the default scope, you can do that using the -ObjectAtributes parameter.

For example:

set-QADUser jsmith ObjectAttributes @{l=’New York’;description=”}

Or

Set-QADUser ‘mycompany.com/usersOU/User1′ -objectAttributes @{otherTelephone=@(’555-34-67′,’555-34-68′)}

Or

[Collections.DictionaryEntry] $de = new-object Collections.DictionaryEntry -argumentList ‘Append, @(’555-34-
67′,’555-34-68′)’
Set-QADUser ‘mycompany.com/usersOU/User1′ -objectAttributes @{otherTelephone=$de}

Hope that helps!
Dmitry
3 Ben Lye February 11, 2008 at 10:01 am

When I try to use GetPropertyValue I get this error:

[PS] C:\>$me.GetPropertyValue(”Name”)
Exception calling “GetPropertyValue” with “1″ argument(s): “Late bound operations cannot be performed on types or methods for which ContainsGenericParameters is true.”
At line:1 char:21
+ $me.GetPropertyValue( <<<< “Name”)

I get the same error for every property I try to get.

Any ideas why it doesn’t work?

Thanks,

Ben.
4 dmitrysotnikov February 11, 2008 at 10:16 am

Ben,

We’ve changed the syntax to more array-like one:

$me["Name"]

Thanks for spotting that! I’ve updated the post.

Dmitry