Another piece of knowledge to share from discussion forums: How to programmatically manipulate AD attributes?
As you recall, we have discussed before getting a list of all user properties. But then the question got asked on how to actually manipulate these attributes.
Of course if you know the property name in advance you just reference it in your code:
PS C:\> $me = Get-QADUser "Dmitry Sotnikov"
PS C:\> $me.Name
Dmitry Sotnikov
PS C:\> $me.wWWHomePage
http://dmitrysotnikov.wordpress.com
But what if you don’t know the name of the property in advance? After all AD schema is extensible and different AD forests can have different sets of attributes for the same class of object.
The answer is using the [] addressing and passing the name of the attribute as a string:
PS C:\> $me["Name"]
Dmitry Sotnikov
Or if you need to programmatically iterate through all user properties you could use something like:
#Get the full property list
$properties = Get-QADUser -ReturnPropertyNamesOnly -IncludeAllProperties
#Get the object:
$me = Get-QADUser "Dmitry Sotnikov" -IncludeAllProperties
#Now you can get any of them manually, for example:
$properties | ForEach { "Property '" + $_ + "' is " + $me[$_] }
In this example I am going through the properties list and just outputting them one by one. You could instead do something else with them.
Tags: oneliner, AD cmdlets, cmdlets, one-liner, PowerShell, AD, Active Directory, Examples
Subscribe by email
Great stuff.
But, how to WRITE a property in AD, when it’s not “disclosed”?
I mean… I’d like to enable a bunch of users to LCS2005.
THey are mail-enabled, and I’ve got to select them by a custom attribute I’ve already populated.
SO, I have to populate the LCS porperties (e.g. “mSRTCSIP-primaryuseraddress”).
Any hint?
Thanks
Francesco,
That’s a good point. I completely forgot to mention that in the blog.
When you need to set any of the attributes beyond the default scope, you can do that using the -ObjectAtributes parameter.
For example:
set-QADUser jsmith ObjectAttributes @{l=’New York’;description=”}
Or
Set-QADUser ‘mycompany.com/usersOU/User1′ -objectAttributes @{otherTelephone=@(’555-34-67′,’555-34-68′)}
Or
[Collections.DictionaryEntry] $de = new-object Collections.DictionaryEntry -argumentList ‘Append, @(’555-34-
67′,’555-34-68′)’
Set-QADUser ‘mycompany.com/usersOU/User1′ -objectAttributes @{otherTelephone=$de}
Hope that helps!
Dmitry
When I try to use GetPropertyValue I get this error:
[PS] C:\>$me.GetPropertyValue(“Name”)
Exception calling “GetPropertyValue” with “1″ argument(s): “Late bound operations cannot be performed on types or methods for which ContainsGenericParameters is true.”
At line:1 char:21
+ $me.GetPropertyValue( <<<< “Name”)
I get the same error for every property I try to get.
Any ideas why it doesn’t work?
Thanks,
Ben.
Ben,
We’ve changed the syntax to more array-like one:
$me["Name"]
Thanks for spotting that! I’ve updated the post.
Dmitry
Dmitry, so I was toying around with these commands and I can;t seem to figure out how to append multi-valued attributes, whenever I run this command:
[Collections.DictionaryEntry] $de = new-object Collections.DictionaryEntry -argumentList ‘Append, @(’5553467′,’5553468′)’
Set-QADUser ‘w2003M.ver/USA/Linux/Tina Fey’ -objectAttributes @{otherTelephone=$de}
I get an error:
A parameter cannot be found that matches parameter name ’5553467,5553468)’.
At :line:1 char:47
+ [Collections.DictionaryEntry] $de = new-object <<<< Collections.DictionaryEntry -argumentList ‘Append, @(’5553467′,’5553468′)’
Do you know what am I doing wrong?
Alexi,
Looks like you have set quotation marks incorrectly in the first line. You should put quotes around Append (the fist argument) and then around the numbers (as you do), but not in the end:
new-object -TypeName ‘Collections.DictionaryEntry’ -argumentList ‘Append’, @(’5553467′,’5553468′)
Dmitry
Thank you! I just figured it out.
-Alexi
Hey Dimitry, Am new with powershell am trying to test a PS script that reads from a csv to create DL Groups with email,members and owner of list can you give me some insight using power gui
Gene,
If you are on Exchange 2007-2010, you can probably do: import-csv filename | foreach { }
And then inside foreach, you will have $_ variable representing each row, and can use New-DistributionGroup in there:
http://technet.microsoft.com/en-us/library/aa998856(EXCHG.80).aspx
If you have any questions, please ask at the forums at http://powergui.org
Dmitry
Hey Dmitry,
Great info! I have been able to get all of the above scripts running. My question is how would I use this tool against an entire OU. I have a regional office that has moved and would love to run this against and OU and it’s objects rather than against a single object.
Any suggestions would be GREATLY appreciated and thanks for your time.
Paul
Paul,
Yes, absolutely, all QAD cmdlets can be targeted at specific OUs:
Get-QADUser -SearchRoot mydomain.local/employees/dev
See the cmdlet documentation for more examples: http://wiki.powergui.org/index.php/Get-QADUser
Please ask any additional questions on the PowerShell and AD forum here: http://powergui.org/forum.jspa?forumID=173
Dmitry