TechOnTip Weblog

Run book for Technocrats

Updating Multi Valued Active Directory Attributes

Posted by Brajesh Panda on February 12, 2014

Example: DepartmentNumber

  • If DepartmentNumber is empty it doesn’t show up with Active Directory Module
    • Get-ADUser <SamAccountName> –properties *
    • Get-ADObjet <DN> -Properties *
  • But Quest Module shows it, does not matter if it is empty or has a value
    • Get-QADUser <SamAccountName> -IncludeAllProperties

Update the DepartmentNumber

DepartmentNumber is a multivalued attribute so value cannot be just set; we need to use a method

  • Add method with Set
    • Get-ADUser <SamAccountName> -Properties * | Set-ADObject -Add @{departmentNumber = ‘058’}
    • Get-ADUser <SamAccountName> -Properties * | Set-ADUser -Add @{departmentNumber = ‘059’}
  • Remove method with Set
    • Get-ADUser <SamAccountName> -Properties * | Set-ADUser -Remove @{departmentNumber = ‘059’}
    • Get-ADUser <SamAccountName> -Properties * | Set-ADUser -Remove @{departmentNumber = ‘058’}
  • Replace with Set
  • Clear with Set

Note: op_substraction ( -=) and put method are not supported with active directory module

  • Using Set-QADUser –ObjectAttributes
    • Set-QADUser  -Identity <Identity> -ObjectAttributes @{AttributeName=@{Action=@(‘value1’,’value2’…)}}
      • AttributeName – The LDAP name of the attribute.
      • Action         – The action you want to perform on the attribute value(s). The values
        @(‘value1’,’value2’…) – An array of values.
        • Append  – Adds one or more values to the attribute while preserving any existing entries.
          Clear      – Removes all values and set the attribute value to null.
          Delete    – Removes one or more values from the attribute while preserving any other existing entries.
          Update   – Removes any existing values and then writes one or more new values to the attribute.

