Powershell – Modify attributes in AD via PowerShell (no Quest)


Say I have users and their physicalDeliveryOfficeName attribute, called Office in AD is set to New York, and others say Chicago.

I want to setup a script that will loop through all users.

If physicalDeliveryOfficeName = Chicago  
Set address properties   
Street: 8888 Chicago Lane  
City: Chicago  
State: IL  
Zip: 60066  
Country: United States

else if physicalDeliveryOfficeName = New York  
Set address properties  
Street: 9999 New York Lane
City: New York
State: NY
Zip: 11111
Country: United States

I can't seem to find out where to start.. any pointers?

Best Solution

Assuming you have PowerShell v2.0, you can use the built-in Active Directory module, in particular, the Get-ADUser command followed by Set-ADUser, something like:

Get-ADUser -Filter {Office -eq "Chicago"} | Set-ADUser -StreetAddress "8888 Chicago Lane City" -City "Chicago" -State "IL" -PostalCode "60066" -Country "US"

The full list of available attributes and some examples are available by following the links above or via the Get-Help cmdlet.

If you're not on PowerShell v2.0 and can't upgrade for some reason, you can use the .NET System.DirectoryServices namespace and associated classes, where you should be able to follow reasonably closely the MSDN examples, e.g. this for updating and this example for searching. Additionally, Stackoverflow has numerous examples, though this one looks particularly promising on a quick review.

Also, I missed the Microsoft example of searching using PowerShell and System.DirectoryServices.