Solved

Vbscript to update AD attributes

Posted on 2013-01-15
38
703 Views
Last Modified: 2013-01-28
Hi Experts,

I need some help with Vbscript to update below attributes in AD

samaccountname,Company,extensionattribute4,extensionattribute1,extensionattribute5,extensionattribute3,office

I have information in CSV file as input

Logging would be of help to check old and new value and if failed or succeded

thanks
KC
0
Comment
Question by:chandru_sol
  • 20
  • 12
  • 4
  • +1
38 Comments
 
LVL 18

Expert Comment

by:suriyaehnop
ID: 38781155
It is possible I propose you to the powershell cmdlet instead
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 38781187
you can also use CSVDE -i command since you are using a CSV fie.

http://technet.microsoft.com/en-us/library/cc732101(v=ws.10).aspx
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38781194
Hi suriyaehnop,

I am happy with powershell code. Less number of lines

Logging would help a lot to know if update succeeded or not and old value and new value

Thanks
KC
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38781201
I have Quest Active directory role installed too if that will help


Thanks
KC
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 38781205
Sorry  CSVDE will not meet you needs.
You will need to use PS or VBS.

Sorry for the false reply.
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38781244
No problem yo_bee. Thanks
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 38782481
If suriyaehnop does not post or you request that I do, I will post a script suggestion and you can let me know if it works for you?
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38782812
I will be happy if you could help too. We share knowledge in community :-)

-KC
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 38785625
Here you go.

import-module activedirectory
#samaccountname,Company,extensionattribute4,extensionattribute1,extensionattribute5,extensionattribute3,office
$csv = import-csv "FileName.csv" -Delimiter ','
ForEach ($line in $csv)
{
$user = Get-ADUser $line.samaccountname -Properties Company,extensionattribute4,extensionattribute1,extensionattribute5,extensionattribute3,physicalDeliveryOfficeName
$user.company = $line.Company 
$user.extensionattribute4 = $line.extensionattribute4
$user.extensionattribute5 = $line.extensionattribute5
$user.extensionattribute3 = $line.extensionattribute3
$user.extensionattribute1 = $line.extensionattribute1
$user.physicalDeliveryOfficeName = $line.office
Set-ADUser -instance $user

Open in new window

0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38785779
yo_bee,

I will try this and let you know. Any help on logging?
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38787381
Script works only for single domain. Is there a way to search users in all domains and apply changes and log changes


Thanks
KC
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 38788363
That is a good question.
Are the child domains or differnt domains in a forset that are trusted?
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38790190
All are child domains in a forest
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38790193
will there be problem for updating to trusted domains?
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 38790203
Not sure i have not ever had to.
I would say probably not if your are member of the domain admin.

You may need to handle each instance separately.
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38790297
So how to handle child domains in forest. Can single script search for a user in forest and update which is not the case now
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 38790306
Like i said, i have not dealt with this before. You may need to run this on each DC of the child domain.
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38790345
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 21

Expert Comment

by:yo_bee
ID: 38790353
Think it might. I will see how I can incorporate it into the script tomorrow.
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 38790434
I have a question.
Can you get the Distinguished Name (DN) rather than the samAccount?
You might not have to worry about the Child Domain part because the DN points it to there.
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38790526
I just get samaccountname

If not we need to run that list and find DN for all names and run script. is that possible to get DN for all samaccountname in all domains?
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38805643
Any update on this script

Thanks
KC
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 38805681
I do not have a multi-domain forest.

If you run a standard Powershell Script against a user in each Domain what do you get?

import-module activedirectory
#samaccountname,Company,extensionattribute4,extensionattribute1,extensionattribute5,extensionattribute3,office
$csv = import-csv "<FILEPATH>\TestUpdate.csv" -Delimiter ','


ForEach ($line in $csv)
{


Get-ADUser $line.samaccountname | Select DistinguishedName

}

Open in new window

0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38807958
Only get DN for user in current domain where i run script from for all other user who is part of other domain it doesn't work


Thanks
KC
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 38808166
So I do not think it will work unless you have the DN rather than the samAccount.
Can you run it against each child domain individually?
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38808385
Yes that is possible. Let me check

I am sure there should be a way. Do you mind if i ask other experts to look into this?

Thanks
KC
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 38809483
Not at all
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38809959
Thanks! Any other expert who can help on this script?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38820845
Try this..
$Inputfile = "c:\users.csv"
import-csv -Path $Inputfile | foreach {
$UserGC = Get-QADUser -SamAccountName  $_.User -SearchRoot ""DC=parent,DC=com"" -UseGlobalCatalog
If ($userGC -ne $null)
{Connect-QADService $UserGC.Domain.Dnsname | Out-Null
  $User = Get-QADUser -IncludeAllProperties $UserGC.SamAccountName

#Writing Company
 if ($_.Company -eq $User.Company)
  {Write-host "No need to update Company for "$User.SamAccountName} Else{
   Try{set-qaduser $user.SamAccountName -Company $_.Company -ea Stop | out-null
     Write-Host "Successfully Updated Company of "$User.SamAccountName}
   Catch [system.exception] 
	{Write-Host "Not able to Update Company of $($User.SamAccountName) Error : $($_.Exception.Message)" -B Yellow -F Red}}

#Writing Office
 if ($_.Office -eq $User.Office)
  {Write-host "No need to update Office for "$User.SamAccountName} Else{
   Try{set-qaduser $user.SamAccountName -Office $_.Office -ea Stop | out-null
     Write-Host "Successfully Updated Office of "$User.SamAccountName}
   Catch [system.exception] 
	{Write-Host "Not able to Update Office of $($User.SamAccountName) Error : $($_.Exception.Message)" -B Yellow -F Red}}

#Writing extensionattribute1
 if ($_.extensionattribute1 -eq $User.extensionattribute1)
  {Write-host "No need to update extensionattribute1 for "$User.SamAccountName}Else{
   Try{set-qaduser $user.SamAccountName -objectattributes @{"extensionattribute1"=$_.extensionattribute1} -ea Stop | out-null
     Write-Host "Successfully Updated extensionattribute1 of "$User.SamAccountName}
   Catch [system.exception]
	{Write-Host "Not able to Update extensionattribute1 of $($User.SamAccountName) Error : $($_.Exception.Message)" -B Yellow -F Red}}

#Writing extensionattribute3
 if ($_.extensionattribute3 -eq $User.extensionattribute3)
  {Write-host "No need to update extensionattribute3 for "$User.SamAccountName}Else{
   Try{set-qaduser $user.SamAccountName -objectattributes @{"extensionattribute3"=$_.extensionattribute3} -ea Stop | out-null
     Write-Host "Successfully Updated extensionattribute3 of "$User.SamAccountName}
   Catch [system.exception]
	{Write-Host "Not able to Update extensionattribute3 of $($User.SamAccountName) Error : $($_.Exception.Message)" -B Yellow -F Red}}
			
#Writing extensionattribute4
 if ($_.extensionattribute4 -eq $User.extensionattribute4)
  {Write-host "No need to update extensionattribute4 for "$User.SamAccountName}Else{
   Try{set-qaduser $user.SamAccountName -objectattributes @{"extensionattribute4"=$_.extensionattribute4} -ea Stop | out-null
     Write-Host "Successfully Updated extensionattribute4 of "$User.SamAccountName}
   Catch [system.exception]
	{Write-Host "Not able to Update extensionattribute4 of $($User.SamAccountName) Error : $($_.Exception.Message)" -B Yellow -F Red}}

#Writing extensionattribute5
 if ($_.extensionattribute5 -eq $User.extensionattribute5)
  {Write-host "No need to update extensionattribute5 for "$User.SamAccountName}Else{
   Try{set-qaduser $user.SamAccountName -objectattributes @{"extensionattribute5"=$_.extensionattribute5} -ea Stop | out-null
     Write-Host "Successfully Updated extensionattribute5 of "$User.SamAccountName}
   Catch [system.exception]
	{Write-Host "Not able to Update extensionattribute5 of $($User.SamAccountName) Error : $($_.Exception.Message)" -B Yellow -F Red}}

#Writing SamAccountName
 if ($_.SamAccountName -eq $User.SamAccountName)
  {Write-host "No need to update SamAccountName for "$User.SamAccountName} Else{
   Try{set-qaduser $user.SamAccountName -SamAccountName $_.SamAccountName -ea Stop | out-null
     Write-Host "Successfully Updated SamAccountName of "$User.SamAccountName}
   Catch [system.exception]
	{Write-Host "Not able to Update SamAccountName of $($User.SamAccountName) Error : $($_.Exception.Message)" -B Yellow -F Red}}
}Else {Write-Host "Not able to find User "$_.SamAccountName -B Yellow -F Red}
}

Open in new window

CSV Format
User,SamAccountName,Company,extensionattribute4,extensionattribute1,extensionattribute5,extensionattribute3,office
User2,User13,EE,EA4,EA1,EA5,EA3,Ohio
User3,User14,EE,EA4,EA1,EA5,EA3,Ohio

Open in new window

0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38821455
Just 2 additions

1. How to update manager attribute? Manager attribute is also samaccountname
2. How to make sure logs are cleared and emailed

Thanks
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38821566
Logs are created and emailed. Thanks
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 38825907
Try..
$Inputfile = "c:\users.csv"
$Lofile = "C:\Temp\log.txt"
import-csv -Path $Inputfile | foreach {

$UserGC = Get-QADUser -SamAccountName  $_.User -SearchRoot ""DC=parent,DC=com"" -UseGlobalCatalog
$Manager = get-qaduser $_.manager

If ($userGC -ne $null)
{Connect-QADService $UserGC.Domain.Dnsname | Out-Null
  $User = Get-QADUser -IncludeAllProperties $UserGC.SamAccountName

#Writing Company
 if ($_.Company -eq $User.Company)
  { Add-Content $Logfile "No need to update Company for $($User.SamAccountName)"} Else{
   Try{set-qaduser $user.SamAccountName -Company $_.Company -ea Stop | out-null
      Add-Content $Logfile "Successfully Updated Company of $($User.SamAccountName)"}
   Catch [system.exception] 
	{ Add-Content $Logfile "Not able to Update Company of $($User.SamAccountName) Error : $($_.Exception.Message)"}}

#Writing Office
 if ($_.Office -eq $User.Office)
  { Add-Content $Logfile "No need to update Office for $($User.SamAccountName)"} Else{
   Try{set-qaduser $user.SamAccountName -Office $_.Office -ea Stop | out-null
      Add-Content $Logfile "Successfully Updated Office of $($User.SamAccountName)"}
   Catch [system.exception] 
	{ Add-Content $Logfile "Not able to Update Office of $($User.SamAccountName) Error : $($_.Exception.Message)"}}

#Writing extensionattribute1
 if ($_.extensionattribute1 -eq $User.extensionattribute1)
  { Add-Content $Logfile "No need to update extensionattribute1 for $($User.SamAccountName)"}Else{
   Try{set-qaduser $user.SamAccountName -objectattributes @{"extensionattribute1"=$_.extensionattribute1} -ea Stop | out-null
      Add-Content $Logfile "Successfully Updated extensionattribute1 of $($User.SamAccountName)"}
   Catch [system.exception]
	{ Add-Content $Logfile "Not able to Update extensionattribute1 of $($User.SamAccountName) Error : $($_.Exception.Message)"}}

#Writing extensionattribute3
 if ($_.extensionattribute3 -eq $User.extensionattribute3)
  { Add-Content $Logfile "No need to update extensionattribute3 for $($User.SamAccountName)"}Else{
   Try{set-qaduser $user.SamAccountName -objectattributes @{"extensionattribute3"=$_.extensionattribute3} -ea Stop | out-null
      Add-Content $Logfile "Successfully Updated extensionattribute3 of $($User.SamAccountName)"}
   Catch [system.exception]
	{ Add-Content $Logfile "Not able to Update extensionattribute3 of $($User.SamAccountName) Error : $($_.Exception.Message)"}}
			
#Writing extensionattribute4
 if ($_.extensionattribute4 -eq $User.extensionattribute4)
  { Add-Content $Logfile "No need to update extensionattribute4 for $($User.SamAccountName)"}Else{
   Try{set-qaduser $user.SamAccountName -objectattributes @{"extensionattribute4"=$_.extensionattribute4} -ea Stop | out-null
      Add-Content $Logfile "Successfully Updated extensionattribute4 of $($User.SamAccountName)"}
   Catch [system.exception]
	{ Add-Content $Logfile "Not able to Update extensionattribute4 of $($User.SamAccountName) Error : $($_.Exception.Message)"}}

#Writing extensionattribute5
 if ($_.extensionattribute5 -eq $User.extensionattribute5)
  { Add-Content $Logfile "No need to update extensionattribute5 for $($User.SamAccountName)"}Else{
   Try{set-qaduser $user.SamAccountName -objectattributes @{"extensionattribute5"=$_.extensionattribute5} -ea Stop | out-null
      Add-Content $Logfile "Successfully Updated extensionattribute5 of $($User.SamAccountName)"}
   Catch [system.exception]
	{ Add-Content $Logfile "Not able to Update extensionattribute5 of $($User.SamAccountName) Error : $($_.Exception.Message)"}}

#Writing SamAccountName
 if ($_.SamAccountName -eq $User.SamAccountName)
  { Add-Content $Logfile "No need to update SamAccountName for $($User.SamAccountName)"} Else{
   Try{set-qaduser $user.SamAccountName -SamAccountName $_.SamAccountName -ea Stop | out-null
      Add-Content $Logfile "Successfully Updated SamAccountName of $($User.SamAccountName)"}
   Catch [system.exception]
	{ Add-Content $Logfile "Not able to Update SamAccountName of $($User.SamAccountName) Error : $($_.Exception.Message)"}}

#Writing Manager
if ($UserGC.Manager -eq $Manager.dn)
  { Add-Content $Logfile "No need to update Manager for $($User.SamAccountName)"} Else{
   Try{set-qaduser $user.SamAccountName -Manager $Manager -ea Stop | out-null
      Add-Content $Logfile "Successfully Updated Manager of $($User.SamAccountName)"}
   Catch [system.exception]
	{ Add-Content $Logfile "Not able to Update Manager of $($User.SamAccountName) Error : $($_.Exception.Message)"}}

}Else { Add-Content $Logfile "Not able to find User "$_.SamAccountName}
}
Send-MailMessage -Subject "Script Report" -From from@domain.com -To to@domain.com -Attachments $Logfile -SmtpServer smtp.domain.com

Open in new window

0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38829886
Thanks Subsun!! it worked and i made few changes i would like to share to optimise time taken

$Manager = get-qaduser $_.manager
to
$Manager = Get-QADuser -SamAccountName $_.manager -SearchRoot "DC=iconcr,DC=com" -UseGlobalCatalog

$User = Get-QADUser -IncludeAllProperties $UserGC.SamAccountName
to
  $User = Get-QADUser -DontUseDefaultIncludedProperties -IncludedProperties extensionattribute1,extensionattribute3,extensionattribute4,extensionattribute5,manager $UserGC.SamAccountName

Thanks
0
 
LVL 12

Author Closing Comment

by:chandru_sol
ID: 38829892
Thanks Subsun! I will start reading powershell and start helping users on this community :-)
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38829897
It should be good..
0
 
LVL 12

Author Comment

by:chandru_sol
ID: 38829899
Forgot to mention after changes for single user it takes 0.5 seconds and without changes it takes 1.2 minutes :-)
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38829909
Great!!..it makes lot of difference when you do bulk modification..
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now