I am doing a powershell script that can update the Account Expires field in the AD based on sAMAccoutname but i faced some issue on Set-ADUser powershell command when it tried to update the Account Expires field in AD. I tested several way with various combination of command option but none of them work as expected
1st attempt
Set-ADUser -Identity xxxx00242 -accountExpires 130618739743580353
Error received
Set-ADUser : A parameter cannot be found that matches parameter name 'accountExpires'.
At line:1 char:31
+ Set-ADUser -Identity xxxx0242 -accountExpires 130618739743580353
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Set-ADUser], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.SetADUser
2nd attempt
Set-ADUser -identity xxxx0242 -Add #{accountExpires=" 130612691742815904"}
Error Received
Set-ADUser : The parameter is incorrect
At line:1 char:1
+ Set-ADUser -identity xxxx0242 -Add #{accountExpires=" 130612691742815 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (xxxx0242:ADUser) [Set-ADUser], ADInvalidOperationException
+ FullyQualifiedErrorId : ActiveDirectoryServer:87,Microsoft.ActiveDirectory.Management.Commands.SetADUser
3rd attempt
Set-ADUser -identity xxxx0242 -Add #{AccountExpirationDate=" 130612691742815904"}
Error Received
Set-ADUser : The specified directory service attribute or value does not exist
Parameter name: AccountExpirationDate
At line:1 char:1
+ Set-ADUser -identity xxxx0242 -Add #{AccountExpirationDate=" 13061269 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (xxxx0242:ADUser) [Set-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Comm
ands.SetADUser
my powershell version is 5.1.14393.206 or Set-ADUser cant update Account Expires field in AD?This is the link
You need to input a valid datetime.
For instance if you want to let the account expire in 1 month.
$date = Get-Date
$dateExpiry = $date.AddMonths(1)
Set-ADUser xxxx0242 -AccountExpirationDate $dateExpiry
Please note that the returned int64 value can easily be converted to a usable datetime for instance to add 6 months to it:
$currentExpiry = (Get-ADUser xxxx0242 -Properties AccountExpires).accountExpires
[datetime]$expireDate = $currentExpiry
$newExpireDate = $expireDate.AddMonths(6)
Set-ADUser xxxx0242 -AccountExpirationDate $newExpireDate
Hope this helps!
Related
I need to change multiple AD Attributes value as per: https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_exchon-mso_o365b/recipient-type-values/7c2620e5-9870-48ba-b5c2-7772c739c651
Therefore I have created this simple script snippet below:
$properties = 'Name,sAMAccountName,msExchRemoteRecipientType,msExchRecipientDisplayType,msExchRecipientTypeDetails,proxyAddresses' -split ','
$ADUserAttributesValues = Get-ADUser -identity $Input -Properties $properties |
Select-Object Name,
msExchRemoteRecipientType,
msExchRecipientDisplayType,
msExchRecipientTypeDetails
# Set The attributes value for Remote Shared Mailboxes
$replace = #{
msExchRemoteRecipientType = 100
msExchRecipientDisplayType = -2147483642
msExchRecipientTypeDetails = 34359738368
}
Set-ADUser -Identity $ADUserAttributesValues.sAMAccountName -Replace $replace
However, I get this error:
Set-ADUser -Identity $ADUserAttributesValues.ToString() -Replace $replace
Set-ADUser : Cannot find an object with identity: '' under: 'DC=Domain,DC=com'.
At line:47 char:9
+ Set-ADUser -Identity $ADUserAttributesValues.ToString() -Repl ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:ADUser) [Set-ADUser], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.SetADUser
changing it into sAMAccountName
Set-ADUser -Identity $ADUserAttributesValues.sAMAccountName -Replace $replace
Set-ADUser : Cannot find an object with identity: '' under: 'DC=Domain,DC=com'.
At line:47 char:9
+ Set-ADUser -Identity $ADUserAttributesValues.sAMAccountName -Repl ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:ADUser) [Set-ADUser], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.SetADUser
also not working either.
I am trying to replace users description with a substring of his description. I want it to be just the first 10 letters. I try like this:
Get-ADUser abc -Properties description | Set-ADUser -Description "($($PSItem.Description).substring(0,10))"
Can you give me a hint how to make it work?
You never mentioned in what way it doesn't work for you but I assume it's because your SubString method never gets called but instead gets interpreted as text in your string. Try changing your line to the following instead and see if it does what you expect.
You could try it out first by just writing the output to screen rather than (potentially) updating your AD object with the wrong value.
Get-ADUser -abc -Properties Description | foreach { Write-Output "$($PSItem.Description.SubString(0,10))" }
And then run your line once you've made sure you have what you need.
Get-ADUser -abc -Properties Description | Set-ADUser -Description "$($PSItem.Description.SubString(0,10))"
this one gives good output:
Get-ADUser abc -Properties Description | foreach { Write-Output "$($PSItem.Description.SubString(0,10))" }
But this one not:
Get-ADUser abc -Properties Description | Set-ADUser -Description "$($PSItem.Description.SubString(0,10))"
it is giving error like this:
You cannot call a method on a null-valued expression. At line:1
char:71
+ ... on | Set-ADUser -description "$($PSItem.description.SubString(0,10))"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull Set-ADUser : replace At line:1 char:44
+ ... scription | Set-ADUser -description "$($PSItem.description.SubString( ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (CN=abc...C=DOMAIN,DC=com:ADUser) [Set-ADUser],
ADInvalidOperationException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser
I'm trying to get users created in last 24 hours or today, from Azure or Msol. But whatever I tried is not working;
$When = ((Get-Date).AddDays(-1))
Get-AzureADUser -Filter {(whenCreated -ge $When)} -Properties whenCreated
But it gives me this error;
Get-AzureADUser : Cannot evaluate parameter 'Filter' because its argument is specified as a script block and there is
no input. A script block cannot be evaluated without input.
At line:6 char:25
+ Get-AzureADUser -Filter {(whenCreated -ge $When)} -Properties whenCre ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (:) [Get-AzureADUser], ParameterBindingException
+ FullyQualifiedErrorId : ScriptBlockArgumentNoInput,Microsoft.Open.AzureAD16.PowerShell.GetUser
How can I change the Name attribute in Active Directory in powershell?
I would like to change the 'Name' row, but when I enter the following I get an error:
Set-ADuser -Identity test1 -Name Test 11
The error message:
Set-ADUser : A parameter cannot be found that matches parameter name 'Name'.
At line:1 char:28
+ Set-ADUser -Identity test1 -Name Test 11
+ ~~~~~
+ CategoryInfo : InvalidArgument: (:) [Set-ADUser], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.SetADUser
You should use the cmdlet Rename-ADObject to change the name attribute of the AD object.
If you want to change multiple properties for an account in one go (say changing a users name), add the PassThru param to Set-AdUser and then pipe to Rename-ADObject:
Set-ADUser -Identity "test1" -DisplayName "DisplayName" -GivenName "GivenName" -Surname "Surname" -PassThru | Rename-ADObject -NewName "TestAccount1" -PassThru
I'm trying to write a script that updates every user's msIIS-FTPRoot attribute where the user's description = ‘FTPuser’.
import-module activedirectory
$users = Get-ADUser -SearchBase "dc=NAME,dc=com" -Filter {Description -eq "FTPUser"}
Set-ADUser $users -Replace #{msIIS-FTPRoot='NewTEXT'}
I get the following error:
Missing '=' operator after key in hash literal.
At line:1 char:60
+ Set-ADUser $users -Replace #{msIIS-FTPRoot='\\SOMETEXT\' <<<< }
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MissingEqualsInHashLiteral
Using quotation marks on the attribute name solves your problem.
Set-ADUser $users -Replace #{'msIIS-FTPRoot'='NewTEXT'}