Working with Non-Default Active Directory Properties through PowerShell

Posted by Brajesh Panda on October 14, 2013

Active Directory PowerShell Module’s GET cmdlets or Quest Active Directory PowerShell module’s GET cmdlets do not retrieve all properties of an AD Object.

Same thing, if you want to edit those non-default properties their SET cmdlets do not come with all parameters.

Here are the tricks how to work with them 😉

How to retrieve all those non-default attributes/properties?

Default AD Module = Get-ADUser <SamAccountName> -properties * | Format-List

Quest AD Module = Get-QADUser <SamAccountName> -IncludeAllProperties | Format-List

How to retrieve specific non-default attribute/property?

Default AD Module = Get-ADUser <SamAccountName> -properties * |select msExchVersion

Quest AD Module = Get-QADUser <SamAccountName> -IncludeAllProperties |select msExchVersion

How to edit specific non-default attribute/property?

Default AD Module;

The Instance parameter provides a way to update a user object by applying the changes made to a copy of the object. When you set the Instance parameter to a copy of an Active Directory user object that has been modified, the Set-ADUser cmdlet makes the same changes to the original user object. To get a copy of the object to modify, use the Get-ADUser object. The Identity parameter is not allowed when you use the Instance parameter

# Retrieve Default + Other specific attributes to variable to a variable

$User = Get-ADUser <SamAccountName> -properties msExchVersion

# Change the value of specific attribute in the variable

$User.msExchversion = "NewValue"

# Update the actual object using the modified variable

Set-ADUser <SamAccountName> -instance $User

Quest AD Module

Use ObjectAttributes parameter

Set-QADUser <SamAccountName> -objectattributes @{msExchVersion=’Newvalue’}


