Solved

Need to batch update an Active Directory field for every user

Posted on 2009-05-11
4
1,555 Views
Last Modified: 2012-05-06
...using a value that's already in another field.  See attached screen shot.  We have a number of accounts that were created with nothing in the "User Logon Name" field.  The value we want in there can be found in the "User Logon Name (pre-Windows  2000)" field.  We want this same value in both.  Is there some script I could modify/run to take the "Pre-Windows 2000" value of each account and put the same value in the regular "User logon field" field?
ad.jpg
0
Comment
Question by:mgudites1
  • 2
4 Comments
 
LVL 27

Accepted Solution

by:
bluntTony earned 500 total points
Comment Utility
You basically want to update the attribute userPrinicipalName with the following format UPN:

@

The below VBscript searches your entire domain, looks for users where userPrincipalName is empty. If it is, then it updates with the above format value. As this is a potentially damaging script (they all are!), then you can do a dry run without changing, save as a vbs and run it via cscript...

cscript updateusers.vbs

This is will output all of the users it has found and advises the UPN which will be created for the user. To make the changes permanent, run it with a switch as follows

cscript updateusers.vbs /change:yes

...this will make the changes permanently.

Also bear in mind that this assumes that the UPN is the same as the current domain (i.e. you haven't created your own UPN suffixes)
strReal = WScript.Arguments.Named("change")
 

Set objRoot = GetObject("LDAP://RootDSE")

strBase = "<LDAP://" & objRoot.get("defaultNamingContext") & ">;"

strFilter = "(&(objectclass=user)(objectCategory=person));" 

strAttrs  = "distinguishedName;"

strScope  = "subtree"
 

Set objConn = CreateObject("ADODB.Connection")

Set oAdInfo = CreateObject("ADSystemInfo")
 

objConn.Provider = "ADsDSOObject"

objConn.Open "Active Directory Provider"

Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)
 

If objRS.RecordCount > 0 Then

	objRS.MoveFirst

	While Not objRS.EOF

		Set objUser = GetObject("LDAP://" & Replace(objRS.Fields("distinguishedName").Value,"/","\/"))

			strUPN = objUser.userPrincipalName 

			If IsEmpty(strUPN) Then

				WScript.Echo "Changing UPN for " & objUser.distinguishedName & " to : " & objUser.sAMAccountName & "@" & oAdInfo.DomainDNSName

				If UCase(strReal) = "YES" Then

					objUser.userPrincipalName = objUser.sAMAccountName & "@" & oAdInfo.DomainDNSName

					objUser.Setinfo

				End If

			End If	

		objRS.MoveNext

	Wend

End If

Open in new window

0
 
LVL 1

Author Comment

by:mgudites1
Comment Utility
Excellent -- I will try this out.  Thanks!
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
Another way is to use admodify.net
http://www.codeplex.com/admodify
In the account tab you would use
%'samaccountname'% and then select your suffix (see screenshot)
One thing I really like about admodify is the ability to "undo changes"
Thanks
Mike

admodifyUPN.jpg
0
 
LVL 27

Expert Comment

by:bluntTony
Comment Utility
Nice :0)
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now