Author Posts

May 2, 2014 at 5:18 am

Hi All,

In the Active Directory 'Notes' field on the 'Telephones' tab, we have a bit of information on each user. I want to add to that information with some new info imported from a csv file ('Name' column and 'new_data' column), whilst keeping the existing information in place. (Most likely just two more lines under the existing data).

We originally put the info in using something along the lines of Get-ADUser -f * | Foreach {Set-ADUser -Identity $_.name -Add @{info='Account created by Joe Bloggs ref ticket number 123456'}}

I've tried appending using the same format with additional values using commas, but get stuck with the error 'Set-ADUser: Multiple values were specified for an attribute that can only have one value.'

Can anyone help?

Cheers

TG

May 2, 2014 at 5:44 am

I assume this is a single-valued LDAP attribute. If so, you should use the -Replace parameter to Set-ADUser, instead of -Add. You'll need to read the original value and use it to create a string with new data appended beforehand.

May 2, 2014 at 5:59 am

hi,

Maybe something like this:


Get-ADUser -Filter * -Properties * | foreach { Set-ADUser -Identity $_.samaccountname -Replace @{info="$($_.info) somenewinfo"} }

You need to add the properties parameter to the Get-ADUser cmdlet to get access to the info attribute, changed the Identity parameter to use the sAMAccountname attribute, used the Replace parameter and added the $($_.info) to get access to the content of the info attribute.

Cheers

Tore

May 2, 2014 at 6:50 am

Thanks Gentlemen!

Tore – that worked great (the only thing I did was change your "-Properties *" to "-Properties info" to minimise the amount of data going into the pipeline.

At the risk of pushing my luck – does anyone know how to make this new info appear beneath the existing info, rather than as a continuation of the original line?

Cheers.

TG

May 2, 2014 at 6:53 am

Sure, just embed a newline into the string. You can try either "`r`n" or just "`n"; I'm not sure which one will look better in the AD GUI tools, or if there will be any difference at all.

May 2, 2014 at 7:00 am

BELTER!

Works perfectly.

I absolutely LOVE you guys!

šŸ˜€

September 8, 2014 at 9:27 am

How about if you are trying to add a multiple-value attribute such as MemberOf? I'd like to have each group on a separate line, but they are added one after the other on a single line with only a space between each group.

$users= Get-ADUser -SearchBase "OU=Disabled Accounts,DC=test,DC=int" -Filter * -Properties memberof,info
foreach ($user in $users) {
# Disable the account    
Disable-ADAccount -identity $user.SAMAccountName

# Copy group memberships to Notes field and remove group memberships
if ($user.memberof -ne $null) {
 $date=get-date
 $oldinfo=$user.info
 $membership= $user.MemberOf # @{Name='memberof';Expression={[string]::join(ā€œ`r`nā€, ($user.memberof))}}
 $newinfo="Memberships:`r`n$($membership)`r`n`r`nUser disabled:`r`n$date"
 $user.SamAccountName | Set-ADUSer -Replace @{info="$($oldinfo)`r`n`r`n$($newinfo)"}
 #foreach ($membership) {$user.memberof | remove-adgroupmember -Members $user.SAMAccountName -Confirm:$false}
 }
}

The code above results in the following Notes: field:

[blockquote]Memberships:
CN=District Office Staff,OU=District Office,OU=District,DC=test,DC=int CN=All Technology-Media Services,OU=Email Groups,OU=District,DC=test,DC=int

User disabled:
09/08/2014 10:24:34[/blockquote]

For readability, and peace of mind at this point, I would really like it to look like:

[blockquote]Memberships:
CN=District Office Staff,OU=District Office,OU=District,DC=test,DC=int
CN=All Technology-Media Services,OU=Email Groups,OU=District,DC=test,DC=int

User disabled:
09/08/2014 10:24:34[/blockquote]

Thanks for any help.

September 8, 2014 at 9:31 am

It looks like all you're missing is a join on the MemberOf array:

$membership= $user.MemberOf -join "`r`n"

September 8, 2014 at 9:36 am

Awesome, thank you. That worked perfectly.