Solved

Adding/Editing Active Directory attributes - New Request

Posted on 2014-01-23
6
470 Views
Last Modified: 2014-01-24
I have a new request very similar to the request that was resolved a week or so ago.
I work for a school district and we're well on our way to becoming a Google district.  I need to alter the email attribute in AD for our staff members from the long version of our email address (someone@district.k12.ca.us) to the shorter version (someone@district.us)
I've actually exported the email addresses that have the longer version and have imported that list into Excel.  I just did a 'find & replace' for the k12.ca.us to just .us and have saved that file as a .CSV file.
I have no problem importing that file into powershell, I believe my problem is with the syntax.
To test the command, I have created a test.csv that contains only my name and email.
The data in the file is actually the display name (Lastname, Firstname), column name=Name and my email (me@district.us), column name=Email.
I've tried a couple of different commands after I import the file ($Stfdata = Import.csv .\test.csv)
Then I tried a 'foreach' to iterate through the file (granted, in the test.csv file there is only one name)
foreach($user in $Stfdata) | % {set-aduser -identity $_.distinguishedname -email ($_.samaccountname + "@District.us")}  but I get an error that there's a "missing statement body in foreach loop"
I've also tried foreach($user in $Stfdata){Set-ADUser $_.sAMAccountName -EmailAddress $user.Email} but get the error "Set-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try
 the command again."
I've also tried foreach($user in $Stfdata){Set-ADUser $User.Name -EmailAddress $user.Email} but get the error "Set-ADUser : Cannot find an object with identity: 'LastName, FirstName' under: 'DC=district,DC=us'"

I think I'm on the right track but I could be completely wrong.  I need help with the syntax so it will iterate through my .csv file and replace the AD Mail attribute with the format found in the .csv file.
0
Comment
Question by:skbarnard
  • 3
  • 3
6 Comments
 
LVL 39

Expert Comment

by:footech
ID: 39805242
From the help for the Set-ADUser cmdlet, for the identity you have to supply either the "distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name".

Since your .CSV doesn't contain any of those items you will have to look them up, by trying to match the first name and last name from the file to AD, then retrieving the info.  It would be much easier if your file already contained this info (i.e. had the samaccountname instead of the first and last name).
Is it possible for you to regenerate the file with this info easily?  If so then the code would be
$Stfdata = Import.csv .\test.csv
foreach($user in $Stfdata)
{ Set-ADUser $user.sAMAccountName -EmailAddress $user.Email }

Open in new window

How many users are we talking about here?  Depending on your OU structure, etc., it might be trivial to run a query using Get-ADUser to retrieve the samaccountname for the accounts you need, and not much more difficult to generate a new email address dynamically and then set it.
0
 

Author Comment

by:skbarnard
ID: 39806803
I have 2,766 users.  Some of these can be removed as they are not user mailboxes but mailboxes that address work orders or changing passwords or other "utility" type mailboxes.
I can find them in AD by doing a LDAP 'custom search' using
(&(objectCategory=person)(objectClass=user)(|(mail=*@district.k12.ca.us)))
The list of users produced has the sAMAccount name but I don't know of anyway to export that list.  Is there a function where I can export that list so I can import into a .csv file?
0
 
LVL 39

Expert Comment

by:footech
ID: 39807597
There's a number of ways to output the samaccountname, but I'm thinking that if you just do that, it would be pretty difficult to then merge with another document (like a .CSV) and have all the rows match up.

The "custom search" that you listed above could also be done in PowerShell as
Get-ADUser -LDAPFilter "(mail=*@district.k12.ca.us)"
#or
([ADSISearcher]"(&(objectCategory=person)(objectClass=user)(|(mail=*@district.k12.ca.us)))").FindAll()

Open in new window

To create a .CSV from that we could do
$adsi = ([ADSISearcher]"(&(objectCategory=person)(objectClass=user)(mail=*@district.k12.ca.us))")
$adsi.PropertiesToLoad.Add("samaccountname")
$adsi.PropertiesToLoad.Add("mail")
$adsi.FindAll() | % {write-output "$($_.Properties.samaccountname),$($_.Properties.mail)"} | Out-File c:\users.csv -Encoding ascii

Open in new window

or a little simpler
Get-ADUser -LDAPFilter "(mail=*@district.k12.ca.us)" -Properties mail | select samaccountname,mail | Export-Csv c:\users.csv -notype

Open in new window

0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:skbarnard
ID: 39807848
We're making progress.  Thanks for the "simple" version, that worked like a charm to get all the users with the @district.k12.ca.us version of the email address.
I imported that output into Excel, then changed the email address to @district.us.  Then I copied the file to the c:\windows\system32 directory and ran the import-csv command to import that file - no problem there either.
Then I issued the foreach command
foreach($user in $Stfdata){Set-ADUser $_.sAMAccountName -EmailAddress $user.Email}
and received the attached error as it iterated through the $Stfdata file
This could still be a syntax error - did I forget something?
ForeachError.pdf
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 39807933
Yes, if you look at the code I posted in post http:#a39805242, you will see I changed "$_.sAMAccountName" to "$user.sAMAccountName".

$_ is used to reference the current object in the pipeline when using the ForEach-Object cmdlet (among other commands).  When using the foreach statement, the current object is the variable you specified ($user in this case).
0
 

Author Closing Comment

by:skbarnard
ID: 39807995
Fantastic -- I knew it was just a syntax thing - you are the best!!
Even though I marked this as the solution - each of the posts from footech aided me in my solution.
Thanks a bunch!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Bounce Back Message From Specific Domain 13 40
Powershell 3 23
Exchange 2010/2013 Admin audits 1 19
Help with PS script 7 15
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now