ADModify – modify user attributes in bulk

22 Dec

Modify attributes of users who are listed in a file – use this powershell script

usage scenario: During a move mailbox scenario in a mid-large international company we had to exclude certain users from moving. So we had to "mark" all users, which were Blackberry mobile users and all VIP-users.

To do this I decided to set a special value in extentionattribute 15. i.e. all Blackberry users got a “BES” and all VIPs a “VIP” as value. The list with all SamAccountNames if the users I got from a colleague – and I wrote the script below to perform my work. After doing that, I was able to make move requests in Exchange Management Console filtering by the attributes value.

Let’s explain the script: 

Parameters

IsTestMode:     declares if script runs in test-mode or modify-mode
attribute:          attribute which has to be modified
newvalue:         value which is set to the given attribute
outputfilename: log will be written to this file
inputfilename:   file which contains the alias names of users
                       who will be checked

RUN

In this example you modify the attribute extensionattribute15 and set the new value BES.

ADModify.ps1 -IsTestMode $true -attribute “extensionattribute15” -newvalue = “BES

Download the script
ADModify.ps1

Code

#############################################################
# ADModify.ps1
# Sets a value to an attribute of users listed in a file
# example: ADModify.ps1 -IsTestMode $true -attribute “extensionattribute15” -newvalue = “BES”
#############################################################
# Scripted by: Hans Willi Kremer, NETsec GmbH & Co. KG, http://www.netsec.de, http://tools4Exchange.com
# Tags: ADModify, modify attribute in bulk, Active Directory attribute modification, bulk modification, support tools, Exchange migration, Exchange move mailbox
###########################################################
Param(
         [string]$IsTestMode = $true,      # declare test-mode or modify-mode
   [string]$attribute = “extensionattribute10”,  # attribute which has to be modified
   [string]$newvalue = “BES”,       # value which is set to the given attribute
   [string]$outputfilename =”C:\yyy_output.txt”,   # log will be written to this file
   [string]$inputfilename =”C:\xxx_input.txt”   # file which contains the alias names of users who will be checked
)
# to check before running script
$IsPresent = “: Correct value already present”    # displayed in log if the value of users attribute is already set
$ErrorWriting = “Error writing: ”       # displayed in log if script runs into error state
$IsTestModeString = “IsTestMode: ”       # displayed in log if script runs in test mode
$ValueChangedString = “: changed  to: ”      # displayed in log if value of users attribute is modified
$date = get-date
Write-Output ($date.ToString() + ” ” + $IsTestModeString  + ” ” +  $IsTestMode) | out-file $outputfilename -append
Write-Output ($date.ToString() + ” ” + “Starting script”) | out-file $outputfilename -append

$boxes = Get-Content $inputfilename       # read all users from inputfile
Foreach ($element in $boxes )
  {
    $date = get-date
    $mailbox = Get-Mailbox $element -ResultSize unlimited  # get user’s dn in Active Directory
    $ldap = “LDAP://” + $mailbox.distinguishedname     
    $de = New-Object DirectoryServices.DirectoryEntry $ldap # bind to user’s object
 
    if ($de.Properties[“$attribute”].Value -eq $newvalue) # if new value is already present
       {
        Write-Output ($date.ToString() + ” ” + $element + ” ” + $attribute + ” with value ” + ” ” + $newvalue + ” ” + $IsPresent) | out-file $outputfilename -append
       }
      else             # if new value is not present
      {
        try
        {
           $de.Properties[“$attribute”].Value = $newvalue
           if ($IsTestMode -eq $false)
           {
            $de.commitchanges()
           }
        }
        catch
        {
           Write-Output ($date.ToString()  + ” ” + $element  + ” ” + $ErrorWriting) | out-file $outputfilename -append
        }
        finally
        {
           Write-Output ($date.ToString() + ” ” +   $element  + ” ” +   $attribute + ” ” + $ValueChangedString  + ” ” +  $newvalue) | out-file $outputfilename -append
        }   
      } #end if
        
  } # end Foreach element
  Write-Output ($date.ToString() + ” ” + “Finished script”) | out-file $outputfilename -append
 

Leave a Reply

Your email address will not be published. Required fields are marked *