I try to add value X to a Active Directory Member Y that has already some values in extensionAttribute10. How do I add a specific string into that? Also I want to scan the extensionAttribute and remove a specific entry.

Testparameters:
$ThisUser = "Testaccount01"
@{extensionAttribute10=Computer01, Computer02}
$adding = "Computer03"
$delete = "Computer01"

CodePudding user response：

$ThisUser = "Test"
$delete = "Computer2"
$add = "Computer3"
$user = Get-ADUser -Identity $ThisUser -Properties extensionAttribute10
$newAttribute = [string[]]($user.extensionAttribute10 -split '[,\s] ' | ?{$_ -ne $delete})   $add
Set-ADUser $thisUser -Replace @{extensionAttribute10=$newAttribute}

CodePudding user response：

assuming the target is a user account:

#Replace existing value with a new one
set-aduser -identity [userSamAccountName] -replace @{extensionAttribute10=$value}

#Add new value to 
set-aduser -identity [userSamAccountName] -add @{extensionAttribute10=$value}

If your target is a different object type, e.g. a computer use the related cmdlets, the syntax is equal....

As response to your comment: Sure the code does work but you need to consider the datatype of the target attribute, which is not an array its a single value. So if you need to store mutliple values there you need to transform the array into a delimited string, e.g.:

$value = @('comp1','comp2')
$valueString = $value -join ","
set-aduser -identity [userSamAccountName] -add @{extensionAttribute10=$valueString}

But be aware that this attribute as a size limit.

Ok based on your code sample, you cast the output as string array ([string[]]) but as outlined earlier you need a string and not an array:

your code

$newAttribute = [string[]]($user.extensionAttribute10 -split '[,\s] ' | ?{$_ -ne $delete})   $add

replace with:

$valueArray = $user.extensionAttribute10 -split ',' | ?{$_ -ne $delete}
$valueArray  = $add
$valueString = $valueArray -join ","

set-aduser -identity [userSamAccountName] -replace @{extensionAttribute10=$valueString}