I have a script that works well with all other attributes. I don't understand how to make this happen. I am a novice to scripting. I have an import that works well until I add msDS-cloudExtensionAttribute1
. I also need to add a couple of more. Thanks for a look over.
#Import active directory module for running AD cmdlets
Import-Module ActiveDirectory
#Store the data from ADUsers.csv in the $ADUsers variable
$Users = Import-csv C:\Test\TESTUSER3a.csv
#Loop through each row containing user details in the CSV file
foreach ($User in $Users)
{
# Read user data from each field in each row
# the username is used more often, so to prevent typing, save that in a variable
$Username = $User.SamAccountName
}
# Check to see if the user already exists in AD
if (Get-ADUser -F {SamAccountName -eq $Username}) {
#If user does exist, give a warning
Write-Warning "A user account with username $Username already exist in Active Directory."
}
else {
# User does not exist then proceed to create the new user account
# create a hashtable for splatting the parameters
$userProps = @{
SamAccountName = $User.SamAccountName
Path = $User.path
GivenName = $User.GivenName
Surname = $User.Surname
Initials = $User.Initials
Name = $User.Name
DisplayName = $User.DisplayName
UserPrincipalName = $user.UserPrincipalName
Department = $User.Department
Description = $User.Description
Office = $User.Office
OfficePhone = $User.OfficePhone
EmailAddress = $User.EmailAddress
StreetAddress = $User.StreetAddress
POBox = $User.POBox
City = $User.City
State = $User.State
PostalCode = $User.PostalCode
Title = $User.Title
Company = $User.Company
msDS-cloudExtensionAttribute1 = $User.msDS-cloudExtensionattribute1
# AccountPassword = (ConvertTo-SecureString $User.password -AsPlainText -Force)
Enabled = $false
ChangePasswordAtLogon = $false
} #end userprops
}
New-ADUser @userProps
Write-Host "The user account $User is created." -ForegroundColor Cyan
#end else
CodePudding user response:
You hashtable key and property name msDS-cloudExtensionattribute1
contains -
, which is syntactically interpreted as the -
operator (subtraction), and therefore breaks an expression such as $User.msDS-cloudExtensionattribute1
To make PowerShell recognize msDS-cloudExtensionattribute1
as a whole key / name:
as a hashtable key:
Enclose the (literal) property name in
'...'
:@{ 'msDS-cloudExtensionattribute1' = 'foo' }
as a property name:
Enclose the property name in
'...'
(works in both PowerShell editions):$User.'msDS-cloudExtensionattribute1'
In PowerShell (Core) 7 only, you may alternatively enclose the name in
{...}
analogous to how variable names can be specified unambiguously:# PS 7 only $User.{msDS-cloudExtensionattribute1}
Note that PowerShell more generally allows you to specify property (member) names indirectly, via variables and explicit expressions using (...)
, the grouping operator.
Thus, the following would work too:
# Using a variable:
$propName = 'msDS-cloudExtensionattribute1'
$User.$propName
# Using an explicit expression (contrived example):
$User.( 'msDS' '-' 'cloudExtensionattribute1' )
Separately, your attempt at using splatting with New-AdUser
cannot work as such, because there is no parameter named -msDS-cloudExtensionattribute1
(which wouldn't be a valid parameter name).
Instead, extended attributes must be passed via a (nested) hashtable passed to the -OtherAttributes
parameter.
Thus, you need something like the following:
$userProps = @{
SamAccountName = $User.SamAccountName
# ...
OtherAttributes = @{ 'msDS-cloudExtensionAttribute1' = $User.'msDS-cloudExtensionattribute1' }
# ...
}
CodePudding user response:
If you look at the New-Aduser command, it has lengthy list of parameters, including all the common attributes for creating an account. But there are many user attributes, including msDS-cloudExtensionAttribute1
that are not parameters to this command.
What you're doing with your hashtable is substituting its contents for the individual parameters in the command:
New-Aduser -SamAccountName $User.SamAccountName -Path $User.path `
-GivenName $User.GivenName -Surname $User.Surname ...
Since the msDS-cloudExtensionAttribute1
attribute is not in the default New-Aduser
parameter list, it needs to be added using the -Otherattributes
parameter. This is its own hashtable of attribute name and value pairs. You can include multiple attributes separated by semicolons. You still need the quotes around the attribute name because of the dash: -Otherattributes = @{'msDS-cloudExtensionAttribute1'="testing"}
In a hashtable of parameters, it should look like the below:
$userProps = @{
SamAccountName = "TestTest2"
Path = "OU=TEST,DC=example,DC=net"
GivenName = "Test"
Surname = "test2"
Name = "TestTest2"
AccountPassword = (ConvertTo-SecureString $pass -AsPlainText -Force)
Enabled = $false
ChangePasswordAtLogon = $true
Otherattributes = @{'msDS-cloudExtensionAttribute1'="testing"}
}
New-ADUser @userProps
(Just as a note, it's always good to simplify things when troubleshooting by just using text input and the minimal number of parameters to create the account.)