Author Posts

October 9, 2017 at 10:24 am

I already post a topic with a similar case but I have to do differently (Link to the topic :

In the Active Directory, we can find different attributs like Name, DisplayName, SAMAccountName, and one is interesting for me, the FullName atttribut who set the text you see when you open the Users And Computers Active Directory at the "Name" Column.

I want to add a suffix "_OUT" in a specific OU.
I found that to modify this attribut, I have to use Rename-ADObject function but I don't know how can I do.

I want to get all the users in the SearchBase "OU=TEST, DC=TEST, DC=local" and add if is not already added the suffix "_OUT".

I think I have to combine the function Get-ADUser with Rename-ADObject.

Maybe to make this easier, we can modify in a first step the SAMAccountName and after that, make a condition if the SAMAccountName has "_out", then modify the FullName attribut with a "_OUT" suffix too.

Someone can give me a track.

Thank you

October 9, 2017 at 1:53 pm

In terms of finding, you can probably use Get-ADUser with -filter to find names that are -notlike “*_OUT”, I think, and you can obviously specify a search base, so that should let you at least get the accounts you want.

Rename-ADObject is only for displayName – just want to ensure that's what you mean to change. Otherwise you would use Set-ADUser.

Once you get the users you want to change, you will need to use ForEach-Object to go through them one at a time. Pipe the user to the Set- or Rename- cmdlet, and you can use $_ within ForEach-Object to refer to the original Name property (if that's what you're changing), like “$($_.Name)_OUT” or whatever, so specify the new name.

October 9, 2017 at 2:25 pm

Hi, Thank you for your answer.

I tried this :

Get-ADUser -Filter {DisplayName -notlike "*_OUT*"} -SearchBase "OU=Test, DC=Test, DC=local" -Properties DisplayName | ForEach-Object { Rename-ADObject -Identity $_.DisplayName -NewName “$($_.DisplayName)_OUT” }

But I have a problem who say Object Not Found:
Rename-ADObject : Cannot find an object with identity: 'Jack, Spirow' under: 'DC=maquette,DC=local'.
At line:10 char:148
+ ... rEach-Object { Rename-ADObject -Identity $_.DisplayName -NewName “$($_.DisplayNa ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Jack, Spirow:ADObject) [Rename-ADObject], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.RenameADObject

I think I make a mistake with the end of the command.
Can you help me ?

October 9, 2017 at 2:40 pm

Ok I found my Attribut, it's the CN.

I have this script :
I have an error :
Rename-ADObject : An attempt was made to add an object to the directory with a name that is already
in use
At line:33 char:5
+ Rename-ADObject -NewName $($user.Name)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (CN=Jack\, Spiro...quette,DC=local:ADUser) [Rename-ADObje
ct], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8305,Microsoft.ActiveDirectory.Management.Command

#Désactiver la protection d'execution de script pour cet onglet PowerShell
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser -Force

#Import du module AD
Import-Module ActiveDirectory

#Get-ADUser -Filter * -SearchBase "OU=OUPingCastle, DC=MAQUETTE, DC=local" | Select-Object Name, DisplayName | Export-csv C:\Users\hulk\Desktop\testeur.csv
#Get-ADUser -Filter {DisplayName -notlike "*_OUT*"} -SearchBase "OU=OUPingCastle, DC=MAQUETTE, DC=local" -Properties DisplayName | ForEach-Object { Rename-ADObject -Identity $_.DisplayName -NewName “$($_.DisplayName)_OUT” }

Get-ADUser -Filter {Name -notlike "*_OUT*"} -SearchBase "OU=OUPingCastle, DC=MAQUETTE, DC=local" -Properties Name | 
Select-Object SAMAccountName, Name |
Export-csv C:\Users\hulk\Desktop\testeur2.csv

$MonFichier = Import-Csv C:\Users\hulk\Desktop\testeur2.csv

foreach ($attribut in $MonFichier){
if ($attribut.Name -notmatch "_OUT"){
$attribut.Name = $attribut.Name +"_OUT"}
elseif($attribut.Name -match "_OUT"){

$MonFichier| Export-csv C:\Users\hulk\Desktop\testeur2_Modif.csv

$MonFichierModif = Import-Csv C:\Users\hulk\Desktop\testeur2_Modif.csv

#foreach ($user in $MonFichierModif) {
    #Get-ADUser -Filter * -Properties Name -SearchBase "OU=TEST, DC=TEST, DC=local" |
   # Set-ADUSer -Name $($user.Name)
   # }
   foreach ($user in $MonFichierModif) {
    Get-ADUser -Filter * -Properties Name -SearchBase "OU=TEST, DC=TEST, DC=local" |
    Rename-ADObject  -NewName $($user.Name)

Someone can help me ?

October 9, 2017 at 5:09 pm

There's a lot of unnecessary exporting/importing there. This is untested.

Get-ADUser -Filter {Name -notlike "*_OUT*"} -SearchBase "OU=OUPingCastle, DC=MAQUETTE, DC=local" -Properties Name |
   %{ Rename-ADObject $_.DistinguishedName -NewName ($_.Name + '_OUT') }

Now, more ideally, you'll have the rename command in a try/catch statement with logging, and of course, be sure to use -whatif the first time so you have a better idea of what will happen.

October 10, 2017 at 10:09 am


It finally works. Thank you. By the way, I'm in another one problem with a script for deleting Description attribut if it contains "TOTO"
I try to use that but I have a problem :

 get-ADUser -Filter {Description like "TOTO"} -properties Description -SearchBase "OU=OUPingCastle, DC=MAQUETTE, DC=local" | Remove-ADObject Description

I think I have a syntax error but I don't know where.

October 10, 2017 at 10:35 am


This indeed is a syntax error.
I see you used {Description like "TOTO"}, whilst it should be {Description -like "TOTO"}.
You forgot the "-" before like.

Also is it supposed to delete the attribute if it CONTAINS "TOTO", or if it EQUALS "TOTO".
For instance:
TOTO 123
123 TOTO
Are they all supposed to come up in the search result or only the last one?

If they should all come up in the search result, I would suggest using {Description -like "*TOTO*"}.

The finished script would look like this then:

 get-ADUser -Filter {Description -like "*TOTO*"} -properties Description -SearchBase "OU=OUPingCastle, DC=MAQUETTE, DC=local" | Remove-ADObject Description

October 12, 2017 at 8:02 am

I tried your script and I think I have a problem with the pipe of the function Remove-ADObject.
As you can see in the error below :
Remove-ADObject : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
At line:14 char:136
+ ... E, DC=local" | Remove-ADObject Description
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (CN=Franck DLMA. ...quette,DC=local:PSObject) [Remove-ADObject], ParameterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,Microsoft.ActiveDirectory.Management.Commands.RemoveADObject

October 12, 2017 at 8:21 am

Hi there Marti,

Forgive me, I had only looked into the part of the get-ADUser.

I would suggest using "Set-Aduser" and then use the "-clear Description".

I have setup a simple test for myself, wherein the get-ADUser, differences from your version ofcourse.

$Users = get-ADUser -Filter {Name -like "*ramon*"} -properties Description
ForEach ($User in $Users) { 
    $UserName = $
    $UserCurrentDescription = $User.description
    Write-Host "The description of the user account '$UserName' currently is:" -NoNewline
    Write-Host "$UserCurrentDescription" -ForegroundColor Cyan

    Set-ADUser -Identity $User -Clear description
    $User = get-ADUser $User -properties Description
    $UserNewDescription = $User.description

    Write-Host "The description of the user account '$UserName' is now:" -NoNewline
    Write-Host "$UserNewDescription" -ForegroundColor Cyan

In your case this would look the following:

$Users = get-ADUser -Filter {Description -like "*TOTO*"} -properties Description -SearchBase "OU=OUPingCastle, DC=MAQUETTE, DC=local"
ForEach ($User in $Users) { 
    $UserName = $
    $UserCurrentDescription = $User.description
    Write-Host "The description of the user account '$UserName' currently is:" -NoNewline
    Write-Host "$UserCurrentDescription" -ForegroundColor Cyan

    Set-ADUser -Identity $User -Clear description
    $User = get-ADUser $User -properties Description
    $UserNewDescription = $User.description

    Write-Host "The description of the user account '$UserName' is now:" -NoNewline
    Write-Host "$UserNewDescription" -ForegroundColor Cyan

Kind regards,
Ramon Schouten

October 12, 2017 at 9:19 am


Thank you for your help, it works.

I modified a little your script for my scope of research but your script is perfect.