I have the following script - it works except for the departmentNumber. Any ideas?
# Import AD Module
Import-Module ActiveDirectory
# Import CSV into variable $users
$users = Import-Csv -Path C:\users.csv
# Loop through CSV file and update users if they exist
foreach ($user in $users) {
Get-ADUser -Filter "SamAccountName -eq '$($user.samaccountname)'" - Properties * |
Set-ADUser -EmailAddress $($user.EmailAddress) -Title $($user.Title) -Office $($user.Office) -OfficePhone $($user.OfficePhone) -departmentNumber $($user.departmentNumber) }
EDIT:
I tried the following using the "-Add" operator:
Import-Module ActiveDirectory
$users = Import-Csv -Path C:\users.csv
foreach ($user in $users) {
Get-ADUser -Filter "SamAccountName -eq '$($user.samaccountname)'" -Properties * |
Set-ADUser -Add #{departmentNumber = "$($user.departmentNumber)"}
}
And the following, using the "-Replace" operator:
Import-Module ActiveDirectory
$users = Import-Csv -Path C:\users.csv
foreach ($user in $users) {
Get-ADUser -Filter "SamAccountName -eq '$($user.samaccountname)'" -Properties * |
Set-ADUser -Replace #{departmentNumber = "$($user.departmentNumber)"}
}
Still no luck - do I have the syntax messed up?
I'm taking a quick look at the help for Set-ADUser: https://technet.microsoft.com/en-us/library/ee617215.aspx
I see a parameter for -Department, but not one for -DepartmentNumber
Will it work within your company's structure to just use -Department ?
For a custom attribute, you should be able to use the -Add parameter
-Add #{otherTelephone='555-222-1111', '555-222-3333'; otherMobile='555-222-9999' }
In order to use -Add or -Replace, you'll need to use a hashtable as your input instead of a string.
Here's a quick set of commands I used to convert a string into a single item hashtable:
$DeptNo = 'test'
$hash = #{}
$hash.Add('DepartmentNumber',$DeptNo)
$hash
Output from $hash:
Name Value
---- -----
DepartmentNumber test
I think you'll then be able to use -Add $hash to get it to do what you want.
Here is my code that got it working:
Set-ADUser -Identity $samName -Add #{'departmentNumber'="$UserDept"}
It is important to note you can only use -Add if nothing is there
otherwise use -Replace
$UserDept was a number but the quotes make it a string
and the attribute must have single quotes around it.
Related
I have a CSV file of e-mail addresses. The CSV file has one column with the header name. I want to remove the Active Directory users associated with these addresses from a specific group.
Here's my attempt, but it seems like $user is not getting populated.
$data = import-csv -Path C:\Users\39415\Desktop\remove1.csv
ForEach ($name in $data)
{
$user = Get-ADUser -Filter {mail -eq "$_"} | Select SamAccountName
Remove-ADGroupMember -Identity "group name" -Members $user.SamAccountName -Confirm:$false
}
Please let me know what i'm doing wrong.
The biggest issue I see right away is you are using a named variable in your foreach loop but then trying to reference automatic variable $_
To use the named variable, change to
$data = import-csv -Path C:\Users\39415\Desktop\remove1.csv
ForEach ($name in $data.name)
{
$user = Get-ADUser -Filter "mail -eq '$name'" | Select SamAccountName
Remove-ADGroupMember -Identity "group name" -Members $user.SamAccountName -WhatIf
}
To use the automatic variable, change to Foreach-Object (still can be shortened to foreach but the former is known as the "foreach statement"
$data = import-csv -Path C:\Users\39415\Desktop\remove1.csv
$data.name | foreach {
$user = Get-ADUser -Filter "mail -eq '$_'" | Select SamAccountName
Remove-ADGroupMember -Identity "group name" -Members $user.SamAccountName -WhatIf
}
Also as I've shown you actually need to reference the name property of the $data variable.
I am trying to get only AD Objects of type user and then iterate over all them and change AD user object name. So I have done below:
$Users = Get-ADObject -Filter {(ObjectClass -eq "user")} # OR Get-ADObject -Filter 'ObjectClass -eq "user"'
$Users | foreach
{
# Here code to create name based on conditions ($newUserObjectName)
Rename-ADObject -Identity $_ -NewName $newUserObjectName
}
The problem is that Get-ADObject is returning not only users but also computer objects.... I only want user object classes. Also I am not sure If below line of code is correct by setting identity to $_ in order to update the current user in the iteration:
Rename-ADObject -Identity $_ -NewName $newUserObjectName
Why not use Get-ADUser instead of Get-ADObject and just return the DistinguishedName? Obviously, DON'T just run this code :)
$users = (Get-ADUser -Filter *).DistinguishedName #This gets all the users in AD
Foreach($user in $users){
Rename-ADObject -Identity $user -NewName $newUserObjectName
}
The Computer objectClass is derived from the User objectClass. Hence, queries for user class will return both Computers and Users. If you want to filter for Users only, you have to specify ObjectCategory as Person
$Users = Get-ADObject -Filter {(Objectclass -eq "user") -and (objectCategory -eq "Person")}
Use that or you can use the goodole Get-ADuser
Use Get-ADUser and Set-ADUser:
$Users = Get-ADUser -Filter *
$Users | foreach {
# Naming code
Set-ADUser -Identity $_.SamAccountName -SamAccountName $newName
}
This replaces all user's identities to $newName.
Note you can replace -SamAccountName with any other property of an ADUser. for example if you want to replace the display name instead, you would use -Name $newName
I can't get this to work, don't understand it because it works on a single user. Is it not possible to use a variable with the cmdlet Set-ADuser ?
I want to change extensionattributes from a csv or textfile.
This is my script:
Import-Module ActiveDirectory
$users = Import-Csv C:\csv.csv
Set-ADUser -Server servername -Identity $users -Replace #{extensionAttribute12="TEST"}
I am getting this error:
Set-ADUser : Cannot convert 'System.Object[]' to the type
'Microsoft.ActiveDirectory.Management.ADUser' required by parameter
'Identity'. Specified method is not supported.
users is an array.
Try below code:
Import-Module ActiveDirectory
$users = Import-Csv C:\csv.csv
foreach($user in $users)
{
Set-ADUser -Server servername -Identity $user -Replace #{extensionAttribute12="TEST"}
}
Import-Csv returns an array of your csv rows and therefore, Set-ADUser needs to be used within a loop of those rows.
$users = Import-Csv C:\csv.csv
foreach($user in $users) {
Set-ADUser -Server servername -Identity $user -Replace #{extensionAttribute12="TEST"}
}
I have a simple script to change part of the description for a user in AD.
Get-ADUser testuser -Properties description | ForEach-Object {
Set-ADUser $_.SamAccountName -Description "ChgDescript,$($_.Description.Split(',')[1])"
}
However, I now have 700 users, where I need to change part of the description, using the command above. I'm unable to figure out the script correctly to import the .csv file and run the script against it.
$csvFile = "path_is_here"
Import-Module ActiveDirectory
Import-Csv $csvFile | Get-ADUser -Properties description | ForEach-Object {
Set-ADUser $_.SamAccountName -Description "ChgDescript,$($_.Description.Split(',')[1])"
}
When I run the script above, I receive the following error:
Cannot validate argument on parameter 'Identity'.
The error is coming from the Get-ADuser cmdlet and informing you that its -Identity parameter is null. I don't know the structure of your input file; but lets assume that its just a list of account names (so I added a header value of AccountName for readability), pass that property of your custom object created by your Import-Csv cmdlet to the Get-ADUser's -Identity parameter and see if it helps.
Unit Test Example:
Import-Csv -Path "C:\Temp\Users.txt" -Header "AccountName" | ForEach-Object {
Get-ADUser -Identity $_.AccountName
}
Checkout method 3 in the help examples for Set-ADUser
http://go.microsoft.com/fwlink/?LinkID=144991
Modify the Manager property for the "saraDavis" user by
using the Windows PowerShell command line to modify a local instance
of the "saraDavis" user. Then set the Instance parameter to the local
instance.
See if this works:
$Users = Import-Csv -Path "C:\test_users.txt" -Header "AccountName"
foreach($User in $Users){
$ADUser = Get-ADUser -Identity $User.AccountName -Properties Description
$ADUser.Description = "PUT YOUR MODIFIED DESCRIPTION HERE"
Set-ADUser -Instance $ADUser
}
May you have to store the description in a variable before, like:
Get-Content users.txt | Get-ADUser -Prop Description | Foreach {
$desc = $_.description + " Disabled 21122012 123456"
Set-ADUser $_.sAMAccountName -Description $desc
}
(just copied from technet)
Tell PowerShell which delimiter to use, when it is not comma:
import-csv -Path "c:\test.csv" -Delimiter ";"
And it will work fine.
I'm trying to update the email address listed in AD for all the users in a particular OU. This is the powershell script I'm using, but it's not working properly
Import-Module ActiveDirectory
Get-ADUser -Filter * -SearchBase "OU=OtherOU,OU=SomeOu,DC=Domain,DC=local" | Set-ADUser -email $_.samaccountname#domain.com
I think it's because $_.samaccountname isn't returning anything when I try to do Set-ADUser.
Can anyone point me in the right direction for fixing this? Thanks!
Create a csv file with SamAccountName & email address
"SamAccountName","EmailAddress"
"john","john#xyz.com"
step 1: import to a variable
$users = Import-Csv .\email.csv
step 2: Call the variable
foreach ($user in $users) {
Set-ADUser -Identity $user.SamAccountName -EmailAddress $user.EmailAddress
}
In the current context $_ is null. You need to use Foreach-Object in order for $_ to be available.
Get-ADUser -Filter * ... | Foreach-Object{
Set-ADUser -Identity $_ -Email "$($_.samaccountname)#domain.com"
}
I suspect you'll need to use a subexpression for that:
"$($_.samaccountname)#domain.com"
Assuming username is domain\user1 or user1#domain.com
$user = "user1"
Set-ADUser $user -emailaddress "firtname.lastname#xyz.com"
Get-ADUser -Identity $user -Properties emailaddress
Get-ADUser -Filter * -SearchScope Subtree -SearchBase "OU=OUName,DC=domain,DC=com" |
Foreach-Object { Set-ADUser -Identity $_ -Email "$($_.samaccountname)#domain.com" }
This is from:
https://social.technet.microsoft.com/wiki/contents/articles/33311.powershell-update-mail-and-mailnickname-for-all-users-in-ou.aspx