Export and update a specific custome attribute using vbs

Posted on 2009-05-06
Last Modified: 2012-05-06
Export and update a specific custom attribute from AD user using vbs

Im looking for a vbscript that will export a specific (#1\#2\#3&) customer attribute of users loaded from a txt\csv file.
Also, a script that will modify that custom attribute.

The scripts dont have to be depended and can be completely separate.
Anything like that?
Question by:johnnyjonathan
  • 4
  • 4

Expert Comment

Comment Utility
Hi johnnyjonathan,

I recently wrote a script that modifies two custom attributes on multiple users accounts in AD, so I think I can help you out with this one:

First, let the file be CSV and call it "input.csv".
Second, your input file should have UserID as a first parameter, and the value of the attribute it wants to change to as a second parameter.
Also to confirm the attribute you want to read and write to is "#1\#2\#3$" without qoutes of course?

Let me know.
LVL 27

Expert Comment

Comment Utility
You could just use AdFind from It's a very good utility which does exactly this. You can export user attributes to a CSV, edit, then import them back into AD again.
It' basically a better alternative to the built in CSVDE (which will export but not edit). Have a look here:

Author Comment

Comment Utility
Hubasan, the attribute i want to write could be anything, what i ment in #1\#2\#3 is the custome attribute's numbers.
so if you have something like that it could be grate.

Expert Comment

Comment Utility
Hi johnyjonathan,

Ok here is the script below that will READ and read only at this time, any custom attribute from ALL users in your Active Directory and log it to a CSV log file in the same directory where the script is executed from.

Format of the log is this:
Users Real Name,User ID,Custom attribute value

It will log ONLY those users that have that attribute populated. Please change the variable sCAttribName to what ever the name of your custom attribute is. My example was "comment" attribute that we have populated on all of our users PC.

Once you try this there is only a small modification that we can do so that it can take a CSV input file with the information that you want to put to this attribute of yours, but try this first.

Let me know how it goes.
On Error Resume Next

'Define constants

Const For_Reading = 1

Const For_Writing = 2

Const For_Appending = 8

Const cTitle = "Read and Log custom Attribute value"

'Put your custom attribute name in quotes here:

sCAttribName = "comment"

'Create Shell, Network and FileSystem Objects

Set oWS = CreateObject("")

Set oNet = CreateObject("")

Set oFS = CreateObject("scripting.FileSystemObject")

'Connect to RootDSE and get the domain ADsPath

Set oRootDSE = GetObject("LDAP://rootDSE")

sADsPath = "LDAP://" & oRootDSE.Get("defaultNamingContext")

Set oDomain = GetObject(sADsPath)

'Create ADODB connection to look for and map to user container

Set oConnection = CreateObject("ADODB.Connection")

oConnection.Open "Provider=ADsDSOObject;"


Set oCommand = CreateObject("ADODB.Command")

oCommand.ActiveConnection = oConnection

'Setup a logfile

sScriptName = WScript.ScriptName

sScriptPath = WScript.ScriptFullName

sLog = Replace(sScriptName, ".vbs",".log")

sLogFile = Replace(sScriptPath, sScriptName, sLog)

Set oLogFile = oFS.CreateTextFile(sLogFile,True)

'Write starting point of the log

ologfile.WriteLine "User Name,User's ID," & sCAttribName & " value"

'Search ALL Active Directory Users

oCommand.CommandText = _

"SELECT ADsPath,Name,sAMAccountName FROM '" & sADsPath & "' WHERE " _

  	& "objectCategory='User'"

Set oRecordSet = oCommand.Execute


Do Until oRecordSet.EOF

	sUserADPath = Empty

	sUser = Empty

	sCAttribValue = Empty

	sUser = oRecordSet.Fields("Name").Value

	sUserID = oRecordSet.Fields("sAMAccountName").Value

	sUserADPath = oRecordSet.Fields("AdsPath").Value

	Set oUser = GetObject(sUserADPath)	

	sCAttribValue = oUser.Get(sCAttribName)


	If IsEmpty(sCAttribValue) Then



		oLogFile.WriteLine sUser & "," & sUserID & "," & sCAttribValue

	End If




'Close the log file


'Display the message when the script is done executing.

oWS.Popup "Script Execution Finished!" & vbCrLf &_

"Please check the log file: " & vbCrLf & sLogFile, ,cTitle, vbInformation

Function CurrentDateTime()

	CurrentDateTime = FormatDateTime(now, vbLongDate) & " @ " & FormatDateTime(now, vbLongTime)

End Function

Open in new window

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.


Expert Comment

Comment Utility
Small correction:

Users PC's above should read "Users AD Accounts"

Author Comment

Comment Utility


Thank you but I think we didn't understand each other correctly, the export I need, is not of a particular attribute inside a Custom Attribute.

But all the users (from a CSV\TXT list not all AD) that have anything written inside
Custom Attribute say #10.

Then, another script to input something different in the same attribute. so if a user had the word "desktop" on his Custom Attribute #10, the export file would list it, and the 2nd script would change the content of Custom Attribute #10 to "laptop" for example

Accepted Solution

johnnyjonathan earned 0 total points
Comment Utility
Found the solution @
 and modified it a bit as the attached script

If LCase(Right(Wscript.FullName, 11)) = "wscript.exe" Then

    strPath = Wscript.ScriptFullName

    strCommand = "%comspec% /c cscript  """ & strPath & """"

    Set objShell = CreateObject("Wscript.Shell")

    objShell.Run(strCommand), 1, True


End If


Set objRootDSE = GetObject("LDAP://RootDSE")

strDomain = objRootDSE.Get("defaultNamingContext")

Set objOU = GetObject("LDAP://OU=Test," & strDomain) 


For Each objUser In objOU

    If objUser.Class = "user" Then


		sFile = "custom_attribute_export.txt"

 		Set oFSO = CreateObject("Scripting.FileSystemObject")

		Set fFile = oFSO.CreateTextFile(sFile)

    	fFile.WriteLine (objUser.DisplayName & " - extensionAttribute10: " & objUser.extensionAttribute10)


    	'objUser.extensionAttribute10 = "test"





    End If


Open in new window


Author Comment

Comment Utility
any option to change the source of the script i added from an OU to a csv\txt file?

Expert Comment

Comment Utility
Hi johnnyjonathan,

I'm sorry for misunderstanding earlier. I was under the impression you are looking to export the custom attribute value from all users in your AD and then import the changes only for some of them imported from CSV file.
In any case, since you have already found the solution and have already asked for the question to be closed, there will be no points awarded for any expert to help you with this.
If you still need help with this issue, please either re-open this question or open another question and leave it open until you are certain you have a FULL solution to the question you are asking.

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now