DCSIMG
Modifying multivalued Active Directory attributes - Shay Levy

Shay Levy

If you repeat it, PowerShell it!

Modifying multivalued Active Directory attributes

Updating an attribute value in Active directory is usually not a big deal. Most of the attributes are single valued and you can easily modify them. However, dealing with multi valued attributes is another game.

With Quest AD cmdlets you don’t have to pull your hair out, there is special syntax for working with multi valued attributes and you use it via the ObjectAttributes parameter. The syntax is as follows (nested hashtable):

Set-QADUser  -Identity <Identity> -ObjectAttributes @{AttributeName=@{KeyName=@(‘value1’,’value2’…)}}

AttributeName – The LDAP name of the attribute.
KeyName         - The action you want to perform on the attribute value(s). The values
@(‘value1’,’value2’…) – An array of values.


There are four key names we can use to modify multi value attributes:

Append  - Adds one or more values to the attribute while preserving any existing entries.
Clear      - Removes all values and set the attribute value to null.
Delete    - Removes one or more values from the attribute while preserving any other existing entries.
Update   - Removes any existing values and then writes one or more new values to the attribute.

 

Lets take the otherTelephone attribute as an example and get its content.

PS > Get-QADUser -Identity shay -IncludedProperties otherTelephone | Format-List otherTelephone
otherTelephone :
There are no values so let’s add two phone numbers. The ‘Append‘ key name is suitable for that action.

PS > Set-QADUser  -Identity shay -ObjectAttributes @{otherTelephone=@{Append=@(‘111-111-1111’,’222-222-2222’)}}
PS > Get-QADUser -Identity shay -IncludedProperties otherTelephone | Format-List otherTelephone

otherTelephone : {111-111-1111, 222-222-2222}


Sometimes we will want to replace all values with new ones:

PS > Set-QADUser –Identity shay -ObjectAttributes @{otherTelephone=@{Update=@(‘333-333-3333’,’444-444-4444’)}}
PS > Get-QADUser –Identity shay -IncludedProperties otherTelephone | Format-List otherTelephone

otherTelephone : {333-333-3333, 444-444-4444}

 

Now let’s remove one of the numbers:

PS > Set-QADUser –Identity shay -ObjectAttributes @{otherTelephone=@{Delete=@(‘333-333-3333’)}}
PS > Get-QADUser –Identity shay -IncludedProperties otherTelephone | Format-List otherTelephone

otherTelephone : 444-444-444

 

Finally, to clear all values (set the attribute to null) use the Clear key without any values:

PS > Set-QADUser –Identity shay -ObjectAttributes @{otherTelephone=@{Clear=@()}}
PS > Get-QADUser –Identity shay -IncludedProperties otherTelephone | Format-List otherTelephone

otherTelephone :

 

The same technique can be used against any multi valued attribute, such as ProxyAddresses (modifying email addresses). How do you know which attributes are multivalued?  You can get a list by searching the schema:

PS >  Get-QADObject –SizeLimit 0 -LdapFilter "(isSingleValued=FALSE)" –SearchRoot (Get-QADRootDSE).SchemaNamingContext -Type attributeSchema -IncludedProperties LDAPDisplayName | Format-Table LDAPDisplayName

Posted: Feb 04 2010, 12:47 PM by ScriptFanatic | with 2 comment(s)
תגים:, , ,

Comments

Modifying multivalued Active Directory attributes – Shay Levy | Drakz Free Online Service said:

Pingback from  Modifying multivalued Active Directory attributes &#8211; Shay Levy | Drakz Free Online Service

# February 7, 2010 8:24 AM

Modifying multivalued Active Directory attributes - Shay Levy Search said:

Pingback from  Modifying multivalued Active Directory attributes - Shay Levy Search

# February 7, 2010 8:31 AM
Leave a Comment

(required) 

(required) 

(optional)

(required) 


Enter the numbers above: