Powershell script assistance


We have extended our schema to include additional attributes, but this schema has not been updated in all the forests. Is there a powershell script that I can use to check if an attribute is present in schema. I have been asked to report the values of attribute1 for all user objects in all the forests. In some forests this attribute1 is not even there.

For instance:  I want to check if  attribute1 is present in schema.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Check out this link to see if that helps.

Let us know if you have more questions.
Parity123Author Commented:
I looked at the link.  I wanted something like passing an attribute as parameter to the script and returns True if it exists.
Jason CrawfordTransport NinjaCommented:
Are the other forests in separate AD sites?  If so you can just force intersite replication either by ADSS:


Or by repadmin:

repadmin /syncall <DC you're pushing changes from> /APedq

Open in new window

Instead of looking for a specific attribute, do you know if the schema version changed?  If so you could just run this to find the version:

Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion

Open in new window

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Parity123Author Commented:
Schema version has not changed. We have custom attributes missing in some forests. If there is a way to pass the attribute to check, would be nice
Jason CrawfordTransport NinjaCommented:
It would be really helpful if you could tell me which specific attribute you're looking for, or at a minimum a specific class.
Parity123Author Commented:
It is a custom attribute, let us call it myattribute1. I want to check for myattribute1 in all the forests with a script.
Jason CrawfordTransport NinjaCommented:
That leaves a lot of questions, but something like this might work:

Param (

$schema = ([DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetCurrentSchema()).FindClass('user').optionalproperties

if ($schema.name -contains $Attribute) {
    Write-Host $Attribute 'exists' -ForegroundColor Green
else {
    Write-Host $Attribute 'does not exist' -ForegroundColor Red

Open in new window

Here's what it looks like when run on a 2012 R2 DC:

Note the $schema variable has been limited to the 'user' class so unless your custom attribute also happens to be in the same class it won't work as-is.  All you'd have to do is replace user with the correct class and it would run fine.

I borrowed very heavily from The Scripting Guy:


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.