Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

PowerShell command to update "extensionAttribute1"

1,610 views
Skip to first unread message

Denis

unread,
Jul 1, 2009, 1:41:01 AM7/1/09
to

Hello,

Is there any command to update "extensionAttribute1" attribute of an Active
Directory User?

Thanks in Advance.

Regards,
Denis

Shay Levy [MVP]

unread,
Jul 1, 2009, 3:03:51 AM7/1/09
to

Hi Denis,

With Quest AD cmdlets it's as simple as:

Get-QADUser user1 | Set-QADUser -objectAttributes @{extensionAttribute1="your
value"}


You can downlaod the cmdlets for free here:

http://www.quest.com/powershell/activeroles-server.aspx

---
Shay Levy
Windows PowerShell MVP
http://blogs.microsoft.co.il/blogs/ScriptFanatic
PowerShell Toolbar: http://tinyurl.com/PSToolbar

D> Hello,
D>
D> Is there any command to update "extensionAttribute1" attribute of an
D> Active Directory User?
D>
D> Thanks in Advance.
D>
D> Regards,
D> Denis


Denis

unread,
Jul 1, 2009, 4:37:01 AM7/1/09
to

Thanks Shay for your valued reply.

I have gone through the link, but I do not want to use any non-microsoft /
non-standard tool to do that.

Is there any way I can do it?

Thanks in Advance.

Regards,
Denis

Chris Dent

unread,
Jul 1, 2009, 5:05:50 AM7/1/09
to

Sure, but it take a bit more work, none of it particularly pretty.

Assuming you already know the DistinguishedName of the user:

$User = [ADSI]"LDAP://CN=User Name,OU=somewhere,DC=domain,DC=com"
$User.Put("extensionAttribute1", "Value")
$User.SetInfo()

If you don't know the DistinguishedName and happen to have Exchange 2007
installed / available you can use Get-User go get from a name to the
Distinguished Name:

$User = [ADSI]"LDAP://$((Get-User 'User Name').DistinguishedName)"
$User.Put("extensionAttribute1", "Value")
$User.SetInfo()

Or split up a bit:

$DN = (Get-User "User Name").DistinguishedName
$User = [ADSI]"LDAP://$DN"
$User.Put("extensionAttribute1", "Value")
$User.SetInfo()

If you don't have that either you can have it find the DN for you based
on a unique attribute like the username:

$Username = "UserN"
$LdapFilter =
"(&(objectClass=user)(objectCategory=person)(sAMAccountName=$Username))"
$User = (((New-Object System.DirectoryServices.DirectorySearcher( `
$Null, $LdapFilter)).FindOne()).GetDirectoryEntry())
$User.Put("extensionAttribute1", "Value")
$User.SetInfo()

That lot can be expanded into it's separate pieces, all those
parentheses make it short but a bit lacking in any kind of clarity.

$Username = "UserN"
$LdapFilter =
"(&(objectClass=user)(objectCategory=person)(sAMAccountName=$Username))"
# $Null has this search run for the current domain
$Searcher = New-Object System.DirectoryServices.DirectorySearcher( `
$Null, $LdapFilter)
# Run the search and get the result
$Result = $Searcher.FindOne()
# Change the result into a DirectoryEntry (same as [ADSI]" ... " above)
$User = $Result.GetDirectoryEntry()
$User.Put("extensionAttribute1", "Value")
$User.SetInfo()

Which should make it pretty clear why the Quest CmdLets are suggested so
often :)

Chris

0 new messages