Active Directory Custom Attributes to Displayname

This topic contains 3 replies, has 4 voices, and was last updated by  David Schmidtberger 2 days, 20 hours ago.

  • Author
    Posts
  • #104497

    Chris Davis
    Participant

    I have a group in AD "SS_PROXY", we need a custom attribute "mcdFormattedName" to be copied to displayname.
    Please help! Currently using the below script. We can copy non extended attributes like sAMAccountName but if we change this to the custom attribute it clears displayname instead.

    Get-ADGroupMember -Identity SS_PROXY |
    where {$_.objectclass -eq "user"} |
    foreach {Set-ADUser -Identity $($_.distinguishedName) -Displayname $($_.sAMAccountName)}

  • #104498

    postanote
    Participant

    This is because your code is directly overwriting it.
    For non-existent data points, adding them should be expected to be successful.

    If you are trying to add additional information to a data point, you need to first read what is in the data field, capture it, then append the additional data to that capture and then write it back.

    Yet, you need to show more of your code and the results of what is said happening, otherwise it's left to assumption. You can even create a screen capture (.gif/.jpg) and post here as per the forums guidelines. It's kind of difficult to imagine that what you state should be happening. Unless you target a data point, it should not be impacted.

    Also, before making change to critical data points, it should be tested, to determine what is planned to happen will happen.
    You'd do this with conditional statements, like -whatif when using your commands or try/catch, etc., in your code as validation steps.

  • #104510

    Stuart Squibb
    Participant

    Hi Chris
    I think the issue might be due to the type of object being returned by Get-ADGroupMember . According to the Microsoft documentation this is an ADPrincipal object which doesn't have access to all of the same properties as say, Get-ADUser which returns an ADUser object.

  • #104543

    David Schmidtberger
    Participant

    the reason it works for samaccountname vs an extension attribute is get-adgroupmember only returns 6 properties, one of which is samaccountname.
    the object does not contain any of the other ad attributes, so we need to pass the object to get-aduser first, and specify what property we need.

    Get-ADGroupMember -Identity SS_PROXY |
    where {$_.objectclass -eq "user"} |
    get-aduser -prop extensionattribute1|Set-ADUser -Displayname $($_.extensionattribute1)
    

You must be logged in to reply to this topic.