• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 513
  • Last Modified:

Adding/Editing Active Directory attributes - New Request

I have a new request very similar to the request that was resolved a week or so ago.
I work for a school district and we're well on our way to becoming a Google district.  I need to alter the email attribute in AD for our staff members from the long version of our email address (someone@district.k12.ca.us) to the shorter version (someone@district.us)
I've actually exported the email addresses that have the longer version and have imported that list into Excel.  I just did a 'find & replace' for the k12.ca.us to just .us and have saved that file as a .CSV file.
I have no problem importing that file into powershell, I believe my problem is with the syntax.
To test the command, I have created a test.csv that contains only my name and email.
The data in the file is actually the display name (Lastname, Firstname), column name=Name and my email (me@district.us), column name=Email.
I've tried a couple of different commands after I import the file ($Stfdata = Import.csv .\test.csv)
Then I tried a 'foreach' to iterate through the file (granted, in the test.csv file there is only one name)
foreach($user in $Stfdata) | % {set-aduser -identity $_.distinguishedname -email ($_.samaccountname + "@District.us")}  but I get an error that there's a "missing statement body in foreach loop"
I've also tried foreach($user in $Stfdata){Set-ADUser $_.sAMAccountName -EmailAddress $user.Email} but get the error "Set-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try
 the command again."
I've also tried foreach($user in $Stfdata){Set-ADUser $User.Name -EmailAddress $user.Email} but get the error "Set-ADUser : Cannot find an object with identity: 'LastName, FirstName' under: 'DC=district,DC=us'"

I think I'm on the right track but I could be completely wrong.  I need help with the syntax so it will iterate through my .csv file and replace the AD Mail attribute with the format found in the .csv file.
  • 3
  • 3
1 Solution
From the help for the Set-ADUser cmdlet, for the identity you have to supply either the "distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name".

Since your .CSV doesn't contain any of those items you will have to look them up, by trying to match the first name and last name from the file to AD, then retrieving the info.  It would be much easier if your file already contained this info (i.e. had the samaccountname instead of the first and last name).
Is it possible for you to regenerate the file with this info easily?  If so then the code would be
$Stfdata = Import.csv .\test.csv
foreach($user in $Stfdata)
{ Set-ADUser $user.sAMAccountName -EmailAddress $user.Email }

Open in new window

How many users are we talking about here?  Depending on your OU structure, etc., it might be trivial to run a query using Get-ADUser to retrieve the samaccountname for the accounts you need, and not much more difficult to generate a new email address dynamically and then set it.
skbarnardAuthor Commented:
I have 2,766 users.  Some of these can be removed as they are not user mailboxes but mailboxes that address work orders or changing passwords or other "utility" type mailboxes.
I can find them in AD by doing a LDAP 'custom search' using
The list of users produced has the sAMAccount name but I don't know of anyway to export that list.  Is there a function where I can export that list so I can import into a .csv file?
There's a number of ways to output the samaccountname, but I'm thinking that if you just do that, it would be pretty difficult to then merge with another document (like a .CSV) and have all the rows match up.

The "custom search" that you listed above could also be done in PowerShell as
Get-ADUser -LDAPFilter "(mail=*@district.k12.ca.us)"

Open in new window

To create a .CSV from that we could do
$adsi = ([ADSISearcher]"(&(objectCategory=person)(objectClass=user)(mail=*@district.k12.ca.us))")
$adsi.FindAll() | % {write-output "$($_.Properties.samaccountname),$($_.Properties.mail)"} | Out-File c:\users.csv -Encoding ascii

Open in new window

or a little simpler
Get-ADUser -LDAPFilter "(mail=*@district.k12.ca.us)" -Properties mail | select samaccountname,mail | Export-Csv c:\users.csv -notype

Open in new window

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

skbarnardAuthor Commented:
We're making progress.  Thanks for the "simple" version, that worked like a charm to get all the users with the @district.k12.ca.us version of the email address.
I imported that output into Excel, then changed the email address to @district.us.  Then I copied the file to the c:\windows\system32 directory and ran the import-csv command to import that file - no problem there either.
Then I issued the foreach command
foreach($user in $Stfdata){Set-ADUser $_.sAMAccountName -EmailAddress $user.Email}
and received the attached error as it iterated through the $Stfdata file
This could still be a syntax error - did I forget something?
Yes, if you look at the code I posted in post http:#a39805242, you will see I changed "$_.sAMAccountName" to "$user.sAMAccountName".

$_ is used to reference the current object in the pipeline when using the ForEach-Object cmdlet (among other commands).  When using the foreach statement, the current object is the variable you specified ($user in this case).
skbarnardAuthor Commented:
Fantastic -- I knew it was just a syntax thing - you are the best!!
Even though I marked this as the solution - each of the posts from footech aided me in my solution.
Thanks a bunch!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now