Author Posts

October 21, 2015 at 9:07 am

we have 25K users I would like to do this on the pipe line rather then storing all 25K users in a variable. Write-host was just so I can see what was being done on a small test group using the -ResultSetSize 100 and $cnt is so I can see how many records where updated.

Im not an ad guy so I don't know what overhead there would be changing an attribute on 25K users.

$users = Get-ADUser -SearchBase "OU=_Employees,OU=Somthing,DC=Somthing,DC=Somthing" -Filter * 
$Attributes = Import-Csv -Path C:\temp\ADDS.csv | Select Name,Location
$cnt = 0
Foreach($user in $users){
    if(!($user.EmployeeSiteId -eq "")){
        $Attribute = $Attributes | ?{$_.Name -eq $user.EmployeeSiteId}
        if(!($Attribute -eq $null)){
            try{
                Write-host "Setting User $($user.SamAccountName) Property Location to Equal $($Attribute.Location) Based off User Site Id $($user.EmployeeSiteId)"
                Set-ADUser -Identity $user.DistinguishedName  -Replace @{Location ="$($Attribute.Location)"} -ErrorAction Stop
            $cnt++
            }
            Catch {write-Host "You do not have access to modify User $($user.SamAccountName)" }
        }
    }
}

October 21, 2015 at 9:46 am

Hey Mark Try this..

do{
$users = Get-ADUser -SearchBase "OU=_Employees,OU=Somthing,DC=Somthing,DC=Somthing" -Filter * -ResultSetSize 1000 -properties Location  | ?{_.Location -eq $null}
$Attributes = Import-Csv -Path C:\temp\ADDS.csv | Select Name,Location
$cnt = 0
Foreach($user in $users){
    if(!($user.EmployeeSiteId -eq "")){
        $Attribute = $Attributes | ?{$_.Name -eq $user.EmployeeSiteId}
        if(!($Attribute -eq $null)){
            try{
                Write-host "Setting User $($user.SamAccountName) Property Location to Equal $($Attribute.Location) Based off User Site Id $($user.EmployeeSiteId)"
                Set-ADUser -Identity $user.DistinguishedName  -Replace @{Location ="$($Attribute.Location)"} -ErrorAction Stop
            $cnt++
            }
            Catch {write-Host "You do not have access to modify User $($user.SamAccountName)" }
        }
    }
}
Start-Sleep -Seconds (15*60)
}While ($Users)

October 21, 2015 at 10:09 am

Hey Mark, the answer is, it depends. There are a myriad of factors that play into this question. Resources of the Domain Controller, WAN Link Speeds, Replication intervals, Replication topology, Site Links, enablement of "intersite change notification" etc. It is not a simple answer.

What I can do is give you a warning since you are talking about not using the variable to store your AD objects and just piping it down the line instead. You should check out this technet wiki article. It will explain where you may run into issues with that direction.

http://social.technet.microsoft.com/wiki/contents/articles/32418.active-directory-troubleshooting-server-has-returned-the-following-error-invalid-enumeration-context.aspx

October 21, 2015 at 10:13 am

Thanks Curtis I just spoke to my AD guy and he said there was no issues running it against the 25K users.

By the way great write up