Often times you need the second cmdlet in a pipeline to not only accept the collection from the first one but also re-use some of the properties of the members. For example:
- Renaming objects so the new name is the old one plus some prefix, or
- Move objects to an OU based on some of objects’ attributes, or
- Set password for a user to something containing his/her username.
I guess you got the idea. The problem with that is that in PowerShell if you just try to add this as an expression this will not work.
With AD cmdlets 1.0.5 the problem finally got a solution. Although PowerShell still does not allow to use expressions in the parameters you can use scriptblocks and AD cmdlets will handle the rest.
Just remember to use {} brackets instead of ():
[Update] This scriptblock approach works for Move/Rename but not for Set cmdlets:
# Add prefix to a set of user accounts:
Get-QADUser -SearchRoot ps64.local/test | Rename-QADObject -NewName {"Test_" + $_.Name}
# Restructure AD:
Get-QADUser -SearchRoot ps64.local/employees | Move-QADObject -to {"ps64.local/employees/" + $_.City}
For other cases you still need to use ForEach:
# Set password to username (note that your AD password restrictions might prevent you from setting passwords containing usernames)
Get-QADUser Test* | ForEach { Set-QADObject $_ -UserPassword {$_.sAMAccountName} }
#Set description including user properties
Get-QADUser | ForEach { Set-QADObject $_ -Description {$_.Title + " from " + $_.City + " " + $_.Department}}
Good luck with your bulk changes!
Tags: AD, AD cmdlets, Active Directory, Examples, one-liner, oneliner, PowerShell
Subscribe by email
Hi Dmitry,
there are two tabs on the User Property page in AD which I cant get access to from powershell: Session and Remote Control.
I figured out that the settings are kept in the userParameters property but I can’t decode the string it returns:
$k = Get-QADUser -lastname abc
$k.userParameters
P☺CtxCfgPresent????☺CtxCfgFlags1????☺CtxShadow????☺CtxMaxDisco
nnectionTime???☺CtxMaxIdleTime????*☻☺CtxMinEncryptionLevel?
Much less I can think of a way of setting these properties.
You are my last hope
George,
It looks like this are not really represented directly by specific attributes in AD.
If you happen to be a Quest ActiveRoles Server customer you can use the -proxy mode and get access to the virtual attributes which ARS is constructing for these properties, but from your question I assume this is not the case you you are looking for a way to get hold of these attributes without buying extra stuff.
In this case you might want to post the question to the Active Directory forum at PowerGUI.org: http://powergui.org/forum.jspa?forumID=173 – there are guys there who know the stuff much better than me, so they might be able to help you out.
Dmitry
Thanks Dmitry,
help they did right away:
http://powergui.org/thread.jspa?messageID=13544㓨
Dimitry, can’t you can make expressions work with subexpressions? ‘$()’ ? Having support for scriptblocks as an input object type is cool though.