Export and update a specific custome attribute using vbs

Posted on 2009-05-06
Medium Priority
Last Modified: 2012-05-06
Export and update a specific custom attribute from AD user using vbs

Im looking for a vbscript that will export a specific (#1\#2\#3&) customer attribute of users loaded from a txt\csv file.
Also, a script that will modify that custom attribute.

The scripts dont have to be depended and can be completely separate.
Anything like that?
Question by:johnnyjonathan
  • 4
  • 4

Expert Comment

ID: 24314559
Hi johnnyjonathan,

I recently wrote a script that modifies two custom attributes on multiple users accounts in AD, so I think I can help you out with this one:

First, let the file be CSV and call it "input.csv".
Second, your input file should have UserID as a first parameter, and the value of the attribute it wants to change to as a second parameter.
Also to confirm the attribute you want to read and write to is "#1\#2\#3$" without qoutes of course?

Let me know.
LVL 27

Expert Comment

ID: 24314736
You could just use AdFind from Joeware.com. It's a very good utility which does exactly this. You can export user attributes to a CSV, edit, then import them back into AD again.
It' basically a better alternative to the built in CSVDE (which will export but not edit). Have a look here: http://www.joeware.net/freetools/tools/admod/index.htm

Author Comment

ID: 24324459
Hubasan, the attribute i want to write could be anything, what i ment in #1\#2\#3 is the custome attribute's numbers.
so if you have something like that it could be grate.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.


Expert Comment

ID: 24325131
Hi johnyjonathan,

Ok here is the script below that will READ and read only at this time, any custom attribute from ALL users in your Active Directory and log it to a CSV log file in the same directory where the script is executed from.

Format of the log is this:
Users Real Name,User ID,Custom attribute value

It will log ONLY those users that have that attribute populated. Please change the variable sCAttribName to what ever the name of your custom attribute is. My example was "comment" attribute that we have populated on all of our users PC.

Once you try this there is only a small modification that we can do so that it can take a CSV input file with the information that you want to put to this attribute of yours, but try this first.

Let me know how it goes.
On Error Resume Next
'Define constants
Const For_Reading = 1
Const For_Writing = 2
Const For_Appending = 8
Const cTitle = "Read and Log custom Attribute value"
'Put your custom attribute name in quotes here:
sCAttribName = "comment"
'Create Shell, Network and FileSystem Objects
Set oWS = CreateObject("wscript.shell")
Set oNet = CreateObject("wscript.network")
Set oFS = CreateObject("scripting.FileSystemObject")
'Connect to RootDSE and get the domain ADsPath
Set oRootDSE = GetObject("LDAP://rootDSE")
sADsPath = "LDAP://" & oRootDSE.Get("defaultNamingContext")
Set oDomain = GetObject(sADsPath)
'Create ADODB connection to look for and map to user container
Set oConnection = CreateObject("ADODB.Connection")
oConnection.Open "Provider=ADsDSOObject;"
Set oCommand = CreateObject("ADODB.Command")
oCommand.ActiveConnection = oConnection
'Setup a logfile
sScriptName = WScript.ScriptName
sScriptPath = WScript.ScriptFullName
sLog = Replace(sScriptName, ".vbs",".log")
sLogFile = Replace(sScriptPath, sScriptName, sLog)
Set oLogFile = oFS.CreateTextFile(sLogFile,True)
'Write starting point of the log
ologfile.WriteLine "User Name,User's ID," & sCAttribName & " value"
'Search ALL Active Directory Users
oCommand.CommandText = _
"SELECT ADsPath,Name,sAMAccountName FROM '" & sADsPath & "' WHERE " _
  	& "objectCategory='User'"
Set oRecordSet = oCommand.Execute
Do Until oRecordSet.EOF
	sUserADPath = Empty
	sUser = Empty
	sCAttribValue = Empty
	sUser = oRecordSet.Fields("Name").Value
	sUserID = oRecordSet.Fields("sAMAccountName").Value
	sUserADPath = oRecordSet.Fields("AdsPath").Value
	Set oUser = GetObject(sUserADPath)	
	sCAttribValue = oUser.Get(sCAttribName)
	If IsEmpty(sCAttribValue) Then
		oLogFile.WriteLine sUser & "," & sUserID & "," & sCAttribValue
	End If
'Close the log file
'Display the message when the script is done executing.
oWS.Popup "Script Execution Finished!" & vbCrLf &_
"Please check the log file: " & vbCrLf & sLogFile, ,cTitle, vbInformation
Function CurrentDateTime()
	CurrentDateTime = FormatDateTime(now, vbLongDate) & " @ " & FormatDateTime(now, vbLongTime)
End Function

Open in new window


Expert Comment

ID: 24325144
Small correction:

Users PC's above should read "Users AD Accounts"

Author Comment

ID: 24349425


Thank you but I think we didn't understand each other correctly, the export I need, is not of a particular attribute inside a Custom Attribute.

But all the users (from a CSV\TXT list not all AD) that have anything written inside
Custom Attribute say #10.

Then, another script to input something different in the same attribute. so if a user had the word "desktop" on his Custom Attribute #10, the export file would list it, and the 2nd script would change the content of Custom Attribute #10 to "laptop" for example

Accepted Solution

johnnyjonathan earned 0 total points
ID: 24349678
Found the solution @
 and modified it a bit as the attached script

If LCase(Right(Wscript.FullName, 11)) = "wscript.exe" Then
    strPath = Wscript.ScriptFullName
    strCommand = "%comspec% /c cscript  """ & strPath & """"
    Set objShell = CreateObject("Wscript.Shell")
    objShell.Run(strCommand), 1, True
End If
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("defaultNamingContext")
Set objOU = GetObject("LDAP://OU=Test," & strDomain) 
For Each objUser In objOU
    If objUser.Class = "user" Then
		sFile = "custom_attribute_export.txt"
 		Set oFSO = CreateObject("Scripting.FileSystemObject")
		Set fFile = oFSO.CreateTextFile(sFile)
    	fFile.WriteLine (objUser.DisplayName & " - extensionAttribute10: " & objUser.extensionAttribute10)
    	'objUser.extensionAttribute10 = "test"
    End If

Open in new window


Author Comment

ID: 24353165
any option to change the source of the script i added from an OU to a csv\txt file?

Expert Comment

ID: 24355357
Hi johnnyjonathan,

I'm sorry for misunderstanding earlier. I was under the impression you are looking to export the custom attribute value from all users in your AD and then import the changes only for some of them imported from CSV file.
In any case, since you have already found the solution and have already asked for the question to be closed, there will be no points awarded for any expert to help you with this.
If you still need help with this issue, please either re-open this question or open another question and leave it open until you are certain you have a FULL solution to the question you are asking.

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
Seizing the Operation Master Roles in Windows Server 2016 in case of FSMO holder failure.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question