Categories
Coding

Set-ADUser extensionAttribute in PowerShell

To set an extension attribute for a user in Active Directory using PowerShell, you can use the Set-ADUser cmdlet. Extension attributes in Active Directory are custom attributes that you can use to store additional information about users. They are often referred to as extensionAttribute1, extensionAttribute2, …, extensionAttribute15.

Before you proceed, make sure you have the appropriate permissions to modify Active Directory objects and that the Active Directory module for PowerShell is installed and imported in your session.

Setting an Extension Attribute

Here is an example of how to set an extension attribute for a user:

Set-ADUser -Identity "username" -Add @{extensionAttribute1="Value"}

In this command:

  • Replace "username" with the username (or another identifying property like the Distinguished Name) of the user.
  • extensionAttribute1 is the name of the attribute you want to set. Change the number as needed.
  • Replace "Value" with the value you want to set for the extension attribute.

Example

Suppose you want to set extensionAttribute1 to “EmployeeType” and extensionAttribute2 to “FullTime” for a user with the username “john.doe”:

Set-ADUser -Identity "john.doe" -Add @{extensionAttribute1="EmployeeType"; extensionAttribute2="FullTime"}

Updating an Existing Extension Attribute

If the extension attribute already has a value and you want to update it, you can use the -Replace parameter:

Set-ADUser -Identity "john.doe" -Replace @{extensionAttribute1="NewValue"}

Notes

  • Importing the Active Directory Module: If you haven’t already, import the Active Directory module into your PowerShell session:
    Import-Module ActiveDirectory
  • Execution Policy: Ensure your PowerShell execution policy allows you to run these scripts. Some environments may have restrictions on running custom PowerShell scripts.
  • User Privileges: You need to have sufficient privileges in your Active Directory to modify user attributes.
  • Extension Attribute Availability: The availability of extension attributes depends on your Active Directory schema. Usually, these attributes are available by default, but if they’re not, your AD schema might need to be extended, which should be done by an experienced administrator.

This method provides a straightforward way to add or update custom data for user accounts in Active Directory, leveraging the flexibility of extension attributes for various organizational needs.

Leave a Reply

Your email address will not be published. Required fields are marked *