Adding/Editing Active Directory attributes - New Request

Posted on 2014-01-23
Last Modified: 2014-01-24
I have a new request very similar to the request that was resolved a week or so ago.
I work for a school district and we're well on our way to becoming a Google district.  I need to alter the email attribute in AD for our staff members from the long version of our email address ( to the shorter version (
I've actually exported the email addresses that have the longer version and have imported that list into Excel.  I just did a 'find & replace' for the to just .us and have saved that file as a .CSV file.
I have no problem importing that file into powershell, I believe my problem is with the syntax.
To test the command, I have created a test.csv that contains only my name and email.
The data in the file is actually the display name (Lastname, Firstname), column name=Name and my email (, column name=Email.
I've tried a couple of different commands after I import the file ($Stfdata = Import.csv .\test.csv)
Then I tried a 'foreach' to iterate through the file (granted, in the test.csv file there is only one name)
foreach($user in $Stfdata) | % {set-aduser -identity $_.distinguishedname -email ($_.samaccountname + "")}  but I get an error that there's a "missing statement body in foreach loop"
I've also tried foreach($user in $Stfdata){Set-ADUser $_.sAMAccountName -EmailAddress $user.Email} but get the error "Set-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try
 the command again."
I've also tried foreach($user in $Stfdata){Set-ADUser $User.Name -EmailAddress $user.Email} but get the error "Set-ADUser : Cannot find an object with identity: 'LastName, FirstName' under: 'DC=district,DC=us'"

I think I'm on the right track but I could be completely wrong.  I need help with the syntax so it will iterate through my .csv file and replace the AD Mail attribute with the format found in the .csv file.
Question by:skbarnard
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 40

Expert Comment

ID: 39805242
From the help for the Set-ADUser cmdlet, for the identity you have to supply either the "distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name".

Since your .CSV doesn't contain any of those items you will have to look them up, by trying to match the first name and last name from the file to AD, then retrieving the info.  It would be much easier if your file already contained this info (i.e. had the samaccountname instead of the first and last name).
Is it possible for you to regenerate the file with this info easily?  If so then the code would be
$Stfdata = Import.csv .\test.csv
foreach($user in $Stfdata)
{ Set-ADUser $user.sAMAccountName -EmailAddress $user.Email }

Open in new window

How many users are we talking about here?  Depending on your OU structure, etc., it might be trivial to run a query using Get-ADUser to retrieve the samaccountname for the accounts you need, and not much more difficult to generate a new email address dynamically and then set it.

Author Comment

ID: 39806803
I have 2,766 users.  Some of these can be removed as they are not user mailboxes but mailboxes that address work orders or changing passwords or other "utility" type mailboxes.
I can find them in AD by doing a LDAP 'custom search' using
The list of users produced has the sAMAccount name but I don't know of anyway to export that list.  Is there a function where I can export that list so I can import into a .csv file?
LVL 40

Expert Comment

ID: 39807597
There's a number of ways to output the samaccountname, but I'm thinking that if you just do that, it would be pretty difficult to then merge with another document (like a .CSV) and have all the rows match up.

The "custom search" that you listed above could also be done in PowerShell as
Get-ADUser -LDAPFilter "(mail=*"

Open in new window

To create a .CSV from that we could do
$adsi = ([ADSISearcher]"(&(objectCategory=person)(objectClass=user)(mail=*")
$adsi.FindAll() | % {write-output "$($_.Properties.samaccountname),$($_.Properties.mail)"} | Out-File c:\users.csv -Encoding ascii

Open in new window

or a little simpler
Get-ADUser -LDAPFilter "(mail=*" -Properties mail | select samaccountname,mail | Export-Csv c:\users.csv -notype

Open in new window

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!


Author Comment

ID: 39807848
We're making progress.  Thanks for the "simple" version, that worked like a charm to get all the users with the version of the email address.
I imported that output into Excel, then changed the email address to  Then I copied the file to the c:\windows\system32 directory and ran the import-csv command to import that file - no problem there either.
Then I issued the foreach command
foreach($user in $Stfdata){Set-ADUser $_.sAMAccountName -EmailAddress $user.Email}
and received the attached error as it iterated through the $Stfdata file
This could still be a syntax error - did I forget something?
LVL 40

Accepted Solution

footech earned 500 total points
ID: 39807933
Yes, if you look at the code I posted in post http:#a39805242, you will see I changed "$_.sAMAccountName" to "$user.sAMAccountName".

$_ is used to reference the current object in the pipeline when using the ForEach-Object cmdlet (among other commands).  When using the foreach statement, the current object is the variable you specified ($user in this case).

Author Closing Comment

ID: 39807995
Fantastic -- I knew it was just a syntax thing - you are the best!!
Even though I marked this as the solution - each of the posts from footech aided me in my solution.
Thanks a bunch!

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video discusses moving either the default database or any database to a new volume.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question