Updating AD attributes programmatically

Pete B.

2/14/23, 11:42 AM

My apologies, as I am an engineer not a sys admin, but am working with someone who is managing AD.

Current situation: We have an AD attribute that contains a longish parse-able string that contains several data elements. We'd like to break those elements into a separate attributes. For example if we have:

serverInfo: name=nameOne|xx=xx|group=group1|id=123|privilege=9;name=nameTwo|xx=yy|.....

Id like to find the name of nameOne, and extract the group, id, and privilege into separate attributes, so for this user you would have:

serverInfo: name=nameOne|xx=xx|group=group1|id=123|privilege=9;name=nameTwo|xx=yy|.....
group: group1
id: 123
privilege: 9

Given that the number of users is sufficiently large, it will need to be done programmatically.

My question is How would you go about this?

I expect answers would be "I'd right a batch file" or "I'd use xyz tool" or something like that. I am not looking for a specific solution just how one would begin to tackle this.

0 + 0

windows

active-directory

user-management

user-accounts

LeeM

2/15/23, 11:07 AM

without knowing what scripting or programming languages are available as options, it's hard to advise. I wouldn't use pure batch because parsing strings is horrible and it's not designed for manipulating objects. Use something where you can split the string by the `|` delimiter. Then for each item from the split, use a regex to create a hashtable or similar (e.g. PSCustomObject) by extracting the property id before the `=` and assign the property value from after the `=`.

Score:2

Server

Ryan Bolger

2/14/23, 4:16 PM

There are a number of ways you could accomplish this goal, but the most common would likely be a PowerShell script utilizing the ActiveDirectory module to:

Query the attribute from the object(s) that contain it
Parse the data
Set new values for the separate attributes associated with the parsed data

This also assumes the new attributes you're trying to set already exist in your AD schema.

The user running the script would also need the appropriate permissions (or a set of credentials with permissions) within AD to read the source attribute and modify the destination attributes.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Updating AD attributes programmatically

TH: การอัปเดตแอตทริบิวต์ AD โดยทางโปรแกรม

RO: Actualizarea atributelor AD în mod programatic

RU: Программное обновление атрибутов AD

VI: Cập nhật thuộc tính AD theo chương trình

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.