?
Solved

Need to batch update an Active Directory field for every user

Posted on 2009-05-11
4
Medium Priority
?
1,561 Views
Last Modified: 2012-05-06
...using a value that's already in another field.  See attached screen shot.  We have a number of accounts that were created with nothing in the "User Logon Name" field.  The value we want in there can be found in the "User Logon Name (pre-Windows  2000)" field.  We want this same value in both.  Is there some script I could modify/run to take the "Pre-Windows 2000" value of each account and put the same value in the regular "User logon field" field?
ad.jpg
0
Comment
Question by:mgudites1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 27

Accepted Solution

by:
bluntTony earned 2000 total points
ID: 24354096
You basically want to update the attribute userPrinicipalName with the following format UPN:

@

The below VBscript searches your entire domain, looks for users where userPrincipalName is empty. If it is, then it updates with the above format value. As this is a potentially damaging script (they all are!), then you can do a dry run without changing, save as a vbs and run it via cscript...

cscript updateusers.vbs

This is will output all of the users it has found and advises the UPN which will be created for the user. To make the changes permanent, run it with a switch as follows

cscript updateusers.vbs /change:yes

...this will make the changes permanently.

Also bear in mind that this assumes that the UPN is the same as the current domain (i.e. you haven't created your own UPN suffixes)
strReal = WScript.Arguments.Named("change")
 
Set objRoot = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRoot.get("defaultNamingContext") & ">;"
strFilter = "(&(objectclass=user)(objectCategory=person));" 
strAttrs  = "distinguishedName;"
strScope  = "subtree"
 
Set objConn = CreateObject("ADODB.Connection")
Set oAdInfo = CreateObject("ADSystemInfo")
 
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)
 
If objRS.RecordCount > 0 Then
	objRS.MoveFirst
	While Not objRS.EOF
		Set objUser = GetObject("LDAP://" & Replace(objRS.Fields("distinguishedName").Value,"/","\/"))
			strUPN = objUser.userPrincipalName 
			If IsEmpty(strUPN) Then
				WScript.Echo "Changing UPN for " & objUser.distinguishedName & " to : " & objUser.sAMAccountName & "@" & oAdInfo.DomainDNSName
				If UCase(strReal) = "YES" Then
					objUser.userPrincipalName = objUser.sAMAccountName & "@" & oAdInfo.DomainDNSName
					objUser.Setinfo
				End If
			End If	
		objRS.MoveNext
	Wend
End If

Open in new window

0
 
LVL 1

Author Comment

by:mgudites1
ID: 24354135
Excellent -- I will try this out.  Thanks!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24356133
Another way is to use admodify.net
http://www.codeplex.com/admodify
In the account tab you would use
%'samaccountname'% and then select your suffix (see screenshot)
One thing I really like about admodify is the ability to "undo changes"
Thanks
Mike

admodifyUPN.jpg
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24362273
Nice :0)
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month10 days, 16 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question