Active Directory Custom Attributes to Displayname

Welcome Forums General PowerShell Q&A Active Directory Custom Attributes to Displayname

This topic contains 3 replies, has 4 voices, and was last updated by

10 months ago.

  • Author
  • #104497

    Topics: 1
    Replies: 0
    Points: 0
    Rank: Member

    I have a group in AD "SS_PROXY", we need a custom attribute "mcdFormattedName" to be copied to displayname.
    Please help! Currently using the below script. We can copy non extended attributes like sAMAccountName but if we change this to the custom attribute it clears displayname instead.

    Get-ADGroupMember -Identity SS_PROXY |
    where {$_.objectclass -eq "user"} |
    foreach {Set-ADUser -Identity $($_.distinguishedName) -Displayname $($_.sAMAccountName)}

  • #104498

    Topics: 2
    Replies: 915
    Points: 1,533
    Helping Hand
    Rank: Community Hero

    This is because your code is directly overwriting it.
    For non-existent data points, adding them should be expected to be successful.

    If you are trying to add additional information to a data point, you need to first read what is in the data field, capture it, then append the additional data to that capture and then write it back.

    Yet, you need to show more of your code and the results of what is said happening, otherwise it's left to assumption. You can even create a screen capture (.gif/.jpg) and post here as per the forums guidelines. It's kind of difficult to imagine that what you state should be happening. Unless you target a data point, it should not be impacted.

    Also, before making change to critical data points, it should be tested, to determine what is planned to happen will happen.
    You'd do this with conditional statements, like -whatif when using your commands or try/catch, etc., in your code as validation steps.

  • #104510

    Topics: 0
    Replies: 6
    Points: 33
    Rank: Member

    Hi Chris
    I think the issue might be due to the type of object being returned by Get-ADGroupMember . According to the Microsoft documentation this is an ADPrincipal object which doesn't have access to all of the same properties as say, Get-ADUser which returns an ADUser object.

  • #104543

    Topics: 23
    Replies: 139
    Points: 260
    Helping Hand
    Rank: Contributor

    the reason it works for samaccountname vs an extension attribute is get-adgroupmember only returns 6 properties, one of which is samaccountname.
    the object does not contain any of the other ad attributes, so we need to pass the object to get-aduser first, and specify what property we need.

    Get-ADGroupMember -Identity SS_PROXY |
    where {$_.objectclass -eq "user"} |
    get-aduser -prop extensionattribute1|Set-ADUser -Displayname $($_.extensionattribute1)

The topic ‘Active Directory Custom Attributes to Displayname’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort