Solved

Need to batch update an Active Directory field for every user

Posted on 2009-05-11
4
1,559 Views
Last Modified: 2012-05-06
...using a value that's already in another field.  See attached screen shot.  We have a number of accounts that were created with nothing in the "User Logon Name" field.  The value we want in there can be found in the "User Logon Name (pre-Windows  2000)" field.  We want this same value in both.  Is there some script I could modify/run to take the "Pre-Windows 2000" value of each account and put the same value in the regular "User logon field" field?
ad.jpg
0
Comment
Question by:mgudites1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 27

Accepted Solution

by:
bluntTony earned 500 total points
ID: 24354096
You basically want to update the attribute userPrinicipalName with the following format UPN:

@

The below VBscript searches your entire domain, looks for users where userPrincipalName is empty. If it is, then it updates with the above format value. As this is a potentially damaging script (they all are!), then you can do a dry run without changing, save as a vbs and run it via cscript...

cscript updateusers.vbs

This is will output all of the users it has found and advises the UPN which will be created for the user. To make the changes permanent, run it with a switch as follows

cscript updateusers.vbs /change:yes

...this will make the changes permanently.

Also bear in mind that this assumes that the UPN is the same as the current domain (i.e. you haven't created your own UPN suffixes)
strReal = WScript.Arguments.Named("change")
 
Set objRoot = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRoot.get("defaultNamingContext") & ">;"
strFilter = "(&(objectclass=user)(objectCategory=person));" 
strAttrs  = "distinguishedName;"
strScope  = "subtree"
 
Set objConn = CreateObject("ADODB.Connection")
Set oAdInfo = CreateObject("ADSystemInfo")
 
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)
 
If objRS.RecordCount > 0 Then
	objRS.MoveFirst
	While Not objRS.EOF
		Set objUser = GetObject("LDAP://" & Replace(objRS.Fields("distinguishedName").Value,"/","\/"))
			strUPN = objUser.userPrincipalName 
			If IsEmpty(strUPN) Then
				WScript.Echo "Changing UPN for " & objUser.distinguishedName & " to : " & objUser.sAMAccountName & "@" & oAdInfo.DomainDNSName
				If UCase(strReal) = "YES" Then
					objUser.userPrincipalName = objUser.sAMAccountName & "@" & oAdInfo.DomainDNSName
					objUser.Setinfo
				End If
			End If	
		objRS.MoveNext
	Wend
End If

Open in new window

0
 
LVL 1

Author Comment

by:mgudites1
ID: 24354135
Excellent -- I will try this out.  Thanks!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24356133
Another way is to use admodify.net
http://www.codeplex.com/admodify
In the account tab you would use
%'samaccountname'% and then select your suffix (see screenshot)
One thing I really like about admodify is the ability to "undo changes"
Thanks
Mike

admodifyUPN.jpg
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24362273
Nice :0)
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question