Mit dem Powershellscript ADModify Benutzerattribute en masse ändern

During a move mailbox scenario in a mid-large international company we had to exclude certain users from moving. So we had to "mark" all users, which were Blackberry mobile users and all VIP-users.
To do this I decided to set a special value in extentionattribute 15. i.e. all Blackberry users got a "BES" and all VIPs a "VIP" as value. The list with all SamAccountNames if the users I got from a colleague - and I wrote the script below to perform my work. After doing that, I was able to make move requests in Exchange Management Console filtering by the attributes value.

Let's explain the script:

Parameters

IsTestMode: declares if script runs in test-mode or modify-mode
attribute: attribute which has to be modified
newvalue: value which is set to the given attribute
outputfilename: log will be written to this file
inputfilename: file which contains the alias names of users
who will be checked

RUN

In this example you modify the attribute extensionattribute15 and set the new value BES.

ADModify.ps1 -IsTestMode $true -attribute "extensionattribute15" -newvalue = "BES"

Code

#############################################################
# ADModify.ps1
# Sets a value to an attribute of users listed in a file
# example: ADModify.ps1 -IsTestMode $true -attribute "extensionattribute15" -newvalue = "BES"  
#############################################################
# Scripted by: Hans Willi Kremer, NETsec GmbH & Co. KG, http://www.netsec.de, http://tools4Exchange.com
# Tags: ADModify, modify attribute in bulk, Active Directory attribute modification, bulk modification, support tools, Exchange migration, Exchange move mailbox
###########################################################
Param(
         [string]$IsTestMode = $true,      # declare test-mode or modify-mode
   [string]$attribute = "extensionattribute10",  # attribute which has to be modified  
   [string]$newvalue = "BES",       # value which is set to the given attribute  
   [string]$outputfilename ="C:\yyy_output.txt",   # log will be written to this file  
   [string]$inputfilename ="C:\xxx_input.txt"   # file which contains the alias names of users who will be checked  
)
# to check before running script
$IsPresent = ": Correct value already present"    # displayed in log if the value of users attribute is already set  
$ErrorWriting = "Error writing: "       # displayed in log if script runs into error state  
$IsTestModeString = "IsTestMode: "       # displayed in log if script runs in test mode  
$ValueChangedString = ": changed  to: "      # displayed in log if value of users attribute is modified  
$date = get-date
Write-Output ($date.ToString() + " " + $IsTestModeString  + " " +  $IsTestMode) | out-file $outputfilename -append   
Write-Output ($date.ToString() + " " + "Starting script") | out-file $outputfilename -append   

$boxes = Get-Content $inputfilename       # read all users from inputfile
Foreach ($element in $boxes )
  {
    $date = get-date
    $mailbox = Get-Mailbox $element -ResultSize unlimited  # get user's dn in Active Directory   
    $ldap = "LDAP://" + $mailbox.distinguishedname       
    $de = New-Object DirectoryServices.DirectoryEntry $ldap # bind to user's object  
 
    if ($de.Properties["$attribute"].Value -eq $newvalue) # if new value is already present  
       {
        Write-Output ($date.ToString() + " " + $element + " " + $attribute + " with value " + " " + $newvalue + " " + $IsPresent) | out-file $outputfilename -append   
       }
      else             # if new value is not present
      {
        try
        {
           $de.Properties["$attribute"].Value = $newvalue  
           if ($IsTestMode -eq $false) 
           {
            $de.commitchanges()
           }
        }
        catch
        {
           Write-Output ($date.ToString()  + " " + $element  + " " + $ErrorWriting) | out-file $outputfilename -append   
        }
        finally
        {
           Write-Output ($date.ToString() + " " +   $element  + " " +   $attribute + " " + $ValueChangedString  + " " +  $newvalue) | out-file $outputfilename -append   
        }    
      } #end if
         
  } # end Foreach element
  Write-Output ($date.ToString() + " " + "Finished script") | out-file $outputfilename -append   

Hans Willi

P.S. Das Script kann auch auf meinem Blog http://www.tools4exchange.com heruntergeladen werden

[Edit Biber/Beaver] Codetags nachgezogen /Codedays afterdrawn [/Edit]

Please also mark the comments that contributed to the solution of the article

Content-Key: 157472

Url: https://administrator.de/contentid/157472

Printed on: April 19, 2024 at 20:04 o'clock

3 Comments

Latest comment

Can you not German?

Gruß, Arch Stanton

Only a BIT

Aber im Ernst - mein Englisch ist nicht toll, dennoch muss ich diese "Tipps" sowieso darin verfassen, und mir fehlt die Zeit das auch noch zu übersetzen.
Wenn Du dies tun magst, dann . . .
hawi

Moin HAWIKA,

danke für deinen Powershell-Schnipsel.

Ich habe den Code in Codetags gesetzt, da ohne andere Ansage die Sequenz "# text" [Raute-Leerzeichen-text] zu einer Durchnummerierung dieser Zeilen führt.
Da eine #-Raute in der PowerShell/in the Kraftmuschel etwas anderes bedeutet, war das Copy&Paste deines Originalscripts nicht Eins-zu-Eins angekommen.
Die Skriptzeilen 2-4 (unter anderem) waren etwas sinnentstellt.

Grüße
Biber

German Tip Exchange Server Microsoft

Hotly discussed

Check of ZFW Firewallgleixnerd - 3 Comments

How to set up and configure a Linux GRE tunnelAlexWisha - 3 Comments

WIREGUARD VPN ON UDM PRO BEHIND FRITZBOX - HANDSHAKE DID NOT COMPLETEjstricker - 3 Comments

End of Support dates for Office 2016, 2019 Apps und Productivity ServersDani - 1 Comment