Updating AD users in bulk

A question was raised on the forums about bulk updated of user information.  This is an example of how to handle it

A CSV file was created

Import-Csv -Path “C:\Scripts\AD Examples\Users\bulkchangetest.csv” | Format-Table –AutoSize

 

userid JobTitle  Cost Center HireDate      
—— ——–  ———– ——–      
usera  JobTitleA 1001001     1 January 2011
userb  JobTitleB 1001002     1 February 2011
userc  JobTitleC 1001003     1 March 2011  
userd  JobTitleD 1001004     1 April 2011  

The task is to use the userids to add the data into extensionAttribute3, extensionAttribute4, and extensionAttribute5

Using the Microsoft cmdlets – read the csv file and for each object (row) use Set-ADuser to set the appropriate values.

The results can be displayed using Get-ADuser – note we need the Properties parameter

If required we can clear those attributes using the –Clear parameter on Set-ADUser

Import-Csv -Path "C:\Scripts\AD Examples\Users\bulkchangetest.csv" |            
foreach {            
  Set-ADUser -Identity $($_.userid) -Replace @{extensionAttribute3 = $($_.JobTitle); extensionAttribute4 = $($_."Cost Center"); extensionAttribute5  = $($_.HireDate)}            
}            
            
Import-Csv -Path "C:\Scripts\AD Examples\Users\bulkchangetest.csv" |            
foreach {            
 Get-ADUser -Identity $($_.userid) -Properties * | select samaccountname, extensionAttribute3, extensionAttribute4, extensionAttribute5            
}            
            
Import-Csv -Path "C:\Scripts\AD Examples\Users\bulkchangetest.csv" |            
foreach {            
 Set-ADUser -Identity $($_.userid) -Clear extensionAttribute3, extensionAttribute4, extensionAttribute5            
}

The Quest cmdlets are similar

Import-Csv -Path "C:\Scripts\AD Examples\Users\bulkchangetest.csv" |            
foreach {            
  Set-QADUser -Identity $($_.userid) -ObjectAttributes @{extensionAttribute3 = $($_.JobTitle); `
    extensionAttribute4 = $($_."Cost Center"); extensionAttribute5  = $($_.HireDate)}            
}            
            
Import-Csv -Path "C:\Scripts\AD Examples\Users\bulkchangetest.csv" |            
foreach {            
 Get-QADUser -Identity $($_.userid) -IncludeAllProperties | 
select samaccountname, extensionAttribute3, extensionAttribute4, extensionAttribute5            
}            
            
Import-Csv -Path "C:\Scripts\AD Examples\Users\bulkchangetest.csv" |            
foreach {            
 Set-QADUser -Identity $($_.userid) -ObjectAttributes @{extensionAttribute3 = ""; `
extensionAttribute4 = ""; extensionAttribute5  = ""}            
}

Use  -ObjectAttributes instead of –Replace.  We don’t have a –Clear parameter so need to set the values to empty

Scripting involves  a bit more work

Import-Csv -Path "C:\Scripts\AD Examples\Users\bulkchangetest.csv" |            
foreach {            
 $data = $_            
 $root = [ADSI]""            
 $search = [adsisearcher]$root            
 $search.Filter = "(&(objectclass=user)(objectcategory=user)(samaccountname=$($data.userid)))"             
 $search.SizeLimit = 3000            
 $search.FindOne() | foreach {            
             
 $user = $_.GetDirectoryEntry()            
 $user.extensionAttribute3 = $($data.JobTitle)            
 $user.extensionAttribute4 = $($data."Cost Center")            
 $user.extensionAttribute5 = $($data.HireDate)            
 $user.SetInfo()            
}            
              
}            
            
Import-Csv -Path "C:\Scripts\AD Examples\Users\bulkchangetest.csv" |            
foreach {            
 $data = $_            
 $root = [ADSI]""            
 $search = [adsisearcher]$root            
 $search.Filter = "(&(objectclass=user)(objectcategory=user)(samaccountname=$($data.userid)))"             
 $search.SizeLimit = 3000            
 $search.FindOne() | foreach {            
  $user = $_.GetDirectoryEntry()            
  $user | select  @{N="samaccountname"; E={$_.samaccountname}},            
  @{N="extensionAttribute3"; E={$_.extensionAttribute3}},            
  @{N="extensionAttribute4"; E={$_.extensionAttribute4}},            
  @{N="extensionAttribute5"; E={$_.extensionAttribute5}}            
 }            
}            
            
            
Import-Csv -Path "C:\Scripts\AD Examples\Users\bulkchangetest.csv" |            
foreach {            
 $data = $_            
 $root = [ADSI]""            
 $search = [adsisearcher]$root            
 $search.Filter = "(&(objectclass=user)(objectcategory=user)(samaccountname=$($data.userid)))"             
 $search.SizeLimit = 3000            
 $search.FindOne() | foreach {            
             
 $user = $_.GetDirectoryEntry()            
 $user.extensionAttribute3 = " "            
 $user.extensionAttribute4 = " "            
 $user.extensionAttribute5 = " "            
 $user.SetInfo()            
}            
}

Use [adsisearcher] to find the acccount – get a directory entry and set the values. The display is similar except we select the attributes. Clearing the attributes involves setting it to a blank string

Finally the provider

Import-Csv -Path "C:\Scripts\AD Examples\Users\bulkchangetest.csv" |            
foreach {            
 $data = $_            
 Get-ChildItem -Filter "(&(objectclass=user)(objectcategory=user)(samaccountname=$($data.userid)))"  `
 -Path Ad:\"DC=Manticore,DC=org" -Recurse |             
 foreach {             
 Set-ItemProperty -Path Ad:\"$($_.DistinguishedName)" -Name extensionAttribute3 -Value $($data.JobTitle)            
 Set-ItemProperty -Path Ad:\"$($_.DistinguishedName)" -Name extensionAttribute4 -Value $($data."Cost Center")            
 Set-ItemProperty -Path Ad:\"$($_.DistinguishedName)" -Name extensionAttribute5 -Value $($data.HireDate)            
}             
}            
            
            
Import-Csv -Path "C:\Scripts\AD Examples\Users\bulkchangetest.csv" |            
foreach {            
 $data = $_            
 Get-ChildItem -Filter "(&(objectclass=user)(objectcategory=user)(samaccountname=$($data.userid)))"  `
 -Path Ad:\"DC=Manticore,DC=org" -Recurse |             
 foreach {             
  New-Object -TypeName PSObject -Property @{            
  samaccountname = Get-ItemProperty -Path Ad:\"$($_.DistinguishedName)" -Name samaccountname | 
select -ExpandProperty samaccountname            
  extensionAttribute3 = Get-ItemProperty -Path Ad:\"$($_.DistinguishedName)" -Name extensionAttribute3 | 
select -ExpandProperty extensionAttribute3            
  extensionAttribute4 = Get-ItemProperty -Path Ad:\"$($_.DistinguishedName)" -Name extensionAttribute4 | 
select -ExpandProperty extensionAttribute4            
  extensionAttribute5 = Get-ItemProperty -Path Ad:\"$($_.DistinguishedName)" -Name extensionAttribute5 | 
select -ExpandProperty extensionAttribute5            
 }            
}             
}              
            
Import-Csv -Path "C:\Scripts\AD Examples\Users\bulkchangetest.csv" |            
foreach {            
 $data = $_            
 Get-ChildItem -Filter "(&(objectclass=user)(objectcategory=user)(samaccountname=$($data.userid)))"  `
 -Path Ad:\"DC=Manticore,DC=org" -Recurse |             
 foreach {             
 Set-ItemProperty -Path Ad:\"$($_.DistinguishedName)" -Name extensionAttribute3 -Value " "            
 Set-ItemProperty -Path Ad:\"$($_.DistinguishedName)" -Name extensionAttribute4 -Value " "            
 Set-ItemProperty -Path Ad:\"$($_.DistinguishedName)" -Name extensionAttribute5 -Value " "            
}             
}

We can search for the user with an LDAP filter as we did with the script – then use Set-ItemProperty to set the values. Displaying the values is the same except we use Get-Itemproperty and the final clear is the same as the original set except we set the values to a blank string

Advertisements
This entry was posted in PowerShell and Active Directory. Bookmark the permalink.

3 Responses to Updating AD users in bulk

  1. Alan says:

    Hello

    I am attempting to modify some standard AD account fields with the script below semi based on your post above. Please help me fill in the missing pieces to get it working correctly

    # Import AD Module

    Import-Module ActiveDirectory

    # Import CSV into variable $userscsv

    $userscsv = import-csv D:\areile\Desktop\adtest.csv

    # Loop through CSV and update users if the exist in CVS file

    foreach ($user in $userscsv) {

    #Search in specified OU and Update existing attributes
    Get-ADUser -Filter “samaccountname -eq ‘$($user.samaccountname)'” -SearchBase “DC=subdomain,DC=company,DC=com” %
    % { Set-ADUser $_ -Replace @{Division = $($_.Division); Office = $($_.”Office”); City = $($_.City)}

    }

    CSV File Example
    SamAccountName Division Office City
    George Accounting Main Office New York

    Do I need to use a -Replace for previously populated fields? Is it better to use a –Clear parameter and start fresh?

    Thank you in advance

  2. Alan says:

    THANKS!!!! Great information!!! Saved me hours and hours of frustration.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s