Programmatically manipulate AD user attributes with PowerShell

Another piece of knowledge to share from discussion forums: How to programmatically manipulate AD attributes?

As you recall, we have discussed before getting a list of all user properties. But then the question got asked on how to actually manipulate these attributes.

Of course if you know the property name in advance you just reference it in your code:

PS C:\> $me = Get-QADUser "Dmitry Sotnikov"
PS C:\> $me.Name
Dmitry Sotnikov
PS C:\> $me.wWWHomePage
https://dmitrysotnikov.wordpress.com

But what if you don’t know the name of the property in advance? After all AD schema is extensible and different AD forests can have different sets of attributes for the same class of object.

The answer is using the [] addressing and passing the name of the attribute as a string:

PS C:\> $me["Name"]
Dmitry Sotnikov

Or if you need to programmatically iterate through all user properties you could use something like:

#Get the full property list
$properties = Get-QADUser -ReturnPropertyNamesOnly -IncludeAllProperties
#Get the object:
$me = Get-QADUser "Dmitry Sotnikov" -IncludeAllProperties
#Now you can get any of them manually, for example:
$properties | ForEach { "Property '" + $_ + "' is " + $me[$_] }

In this example I am going through the properties list and just outputting them one by one. You could instead do something else with them.

Tags: , , , , , , ,

11 Responses to “Programmatically manipulate AD user attributes with PowerShell”


  1. 1 FrancescoB July 17, 2007 at 3:21 pm

    Great stuff.
    But, how to WRITE a property in AD, when it’s not “disclosed”?

    I mean… I’d like to enable a bunch of users to LCS2005.
    THey are mail-enabled, and I’ve got to select them by a custom attribute I’ve already populated.
    SO, I have to populate the LCS porperties (e.g. “mSRTCSIP-primaryuseraddress”).

    Any hint?
    Thanks

  2. 2 dmitrysotnikov July 17, 2007 at 3:44 pm

    Francesco,

    That’s a good point. I completely forgot to mention that in the blog.

    When you need to set any of the attributes beyond the default scope, you can do that using the -ObjectAtributes parameter.

    For example:

    set-QADUser jsmith ObjectAttributes @{l=’New York’;description=”}

    Or

    Set-QADUser ‘mycompany.com/usersOU/User1’ -objectAttributes @{otherTelephone=@(‘555-34-67′,’555-34-68’)}

    Or

    [Collections.DictionaryEntry] $de = new-object Collections.DictionaryEntry -argumentList ‘Append, @(‘555-34-
    67′,’555-34-68′)’
    Set-QADUser ‘mycompany.com/usersOU/User1’ -objectAttributes @{otherTelephone=$de}

    Hope that helps!
    Dmitry

  3. 3 Ben Lye February 11, 2008 at 10:01 am

    When I try to use GetPropertyValue I get this error:

    [PS] C:\>$me.GetPropertyValue(“Name”)
    Exception calling “GetPropertyValue” with “1” argument(s): “Late bound operations cannot be performed on types or methods for which ContainsGenericParameters is true.”
    At line:1 char:21
    + $me.GetPropertyValue( <<<< “Name”)

    I get the same error for every property I try to get.

    Any ideas why it doesn’t work?

    Thanks,

    Ben.

  4. 4 dmitrysotnikov February 11, 2008 at 10:16 am

    Ben,

    We’ve changed the syntax to more array-like one:

    $me[“Name”]

    Thanks for spotting that! I’ve updated the post.

    Dmitry

  5. 5 Alexi Vereschaga December 22, 2008 at 5:53 pm

    Dmitry, so I was toying around with these commands and I can;t seem to figure out how to append multi-valued attributes, whenever I run this command:

    [Collections.DictionaryEntry] $de = new-object Collections.DictionaryEntry -argumentList ‘Append, @(‘5553467′,’5553468′)’
    Set-QADUser ‘w2003M.ver/USA/Linux/Tina Fey’ -objectAttributes @{otherTelephone=$de}

    I get an error:

    A parameter cannot be found that matches parameter name ‘5553467,5553468)’.
    At :line:1 char:47
    + [Collections.DictionaryEntry] $de = new-object <<<< Collections.DictionaryEntry -argumentList ‘Append, @(‘5553467′,’5553468′)’

    Do you know what am I doing wrong?

  6. 6 Dmitry Sotnikov December 22, 2008 at 9:19 pm

    Alexi,

    Looks like you have set quotation marks incorrectly in the first line. You should put quotes around Append (the fist argument) and then around the numbers (as you do), but not in the end:

    new-object -TypeName ‘Collections.DictionaryEntry’ -argumentList ‘Append’, @(‘5553467′,’5553468’)

    Dmitry

  7. 7 Alexi Vereschaga December 22, 2008 at 9:33 pm

    Thank you! I just figured it out.

    -Alexi

  8. 8 Gene June 12, 2010 at 3:57 pm

    Hey Dimitry, Am new with powershell am trying to test a PS script that reads from a csv to create DL Groups with email,members and owner of list can you give me some insight using power gui

  9. 10 Paul June 30, 2010 at 4:41 pm

    Hey Dmitry,

    Great info! I have been able to get all of the above scripts running. My question is how would I use this tool against an entire OU. I have a regional office that has moved and would love to run this against and OU and it’s objects rather than against a single object.

    Any suggestions would be GREATLY appreciated and thanks for your time.

    Paul


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




My Recent Tweets

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

July 2007
M T W T F S S
« Jun   Aug »
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

%d bloggers like this: