Home > Enterprise >  Import Users with properties, to include msDS-cloudextensionattribute1
Import Users with properties, to include msDS-cloudextensionattribute1

Time:09-27

I have a script that works well with all other attributes. I don't understand how to make this happen. I am a novice to scripting. I have an import that works well until I add msDS-cloudExtensionAttribute1. I also need to add a couple of more. Thanks for a look over.

#Import active directory module for running AD cmdlets
Import-Module ActiveDirectory

#Store the data from ADUsers.csv in the $ADUsers variable
$Users = Import-csv C:\Test\TESTUSER3a.csv


#Loop through each row containing user details in the CSV file 

foreach ($User in $Users)



 {
    # Read user data from each field in each row
    # the username is used more often, so to prevent typing, save that in a variable
   $Username       = $User.SamAccountName
   
   }
  

    # Check to see if the user already exists in AD
    if (Get-ADUser -F {SamAccountName -eq $Username}) {
         #If user does exist, give a warning
         Write-Warning "A user account with username $Username already exist in Active Directory."
    }
    else {
        # User does not exist then proceed to create the new user account

        # create a hashtable for splatting the parameters
       

        $userProps = @{
            SamAccountName             = $User.SamAccountName                   
            Path                       = $User.path      
            GivenName                  = $User.GivenName 
            Surname                    = $User.Surname
            Initials                   = $User.Initials
            Name                       = $User.Name
            DisplayName                = $User.DisplayName
            UserPrincipalName          = $user.UserPrincipalName 
            Department                 = $User.Department
            Description                = $User.Description
            Office                     = $User.Office
            OfficePhone                = $User.OfficePhone
            EmailAddress               = $User.EmailAddress
            StreetAddress              = $User.StreetAddress
            POBox                      = $User.POBox
            City                       = $User.City
            State                      = $User.State
            PostalCode                 = $User.PostalCode
            Title                      = $User.Title
            Company                    = $User.Company
            msDS-cloudExtensionAttribute1 = $User.msDS-cloudExtensionattribute1
            # AccountPassword            = (ConvertTo-SecureString $User.password -AsPlainText -Force) 
            Enabled                    = $false
            ChangePasswordAtLogon      = $false
        }   #end userprops   
}
         New-ADUser @userProps
         Write-Host "The user account $User is created." -ForegroundColor Cyan
   

     #end else

CodePudding user response:

You hashtable key and property name msDS-cloudExtensionattribute1 contains -, which is syntactically interpreted as the - operator (subtraction), and therefore breaks an expression such as $User.msDS-cloudExtensionattribute1

To make PowerShell recognize msDS-cloudExtensionattribute1 as a whole key / name:

  • as a hashtable key:

    • Enclose the (literal) property name in '...':

      @{ 'msDS-cloudExtensionattribute1' = 'foo' }

  • as a property name:

    • Enclose the property name in '...' (works in both PowerShell editions):

      $User.'msDS-cloudExtensionattribute1'

    • In PowerShell (Core) 7 only, you may alternatively enclose the name in {...} analogous to how variable names can be specified unambiguously:

      # PS 7  only
$User.{msDS-cloudExtensionattribute1}

Note that PowerShell more generally allows you to specify property (member) names indirectly, via variables and explicit expressions using (...), the grouping operator.

Thus, the following would work too:

# Using a variable:
$propName = 'msDS-cloudExtensionattribute1'
$User.$propName

# Using an explicit expression (contrived example):
$User.( 'msDS'   '-'   'cloudExtensionattribute1' )

Separately, your attempt at using splatting with New-AdUser cannot work as such, because there is no parameter named -msDS-cloudExtensionattribute1 (which wouldn't be a valid parameter name).

Instead, extended attributes must be passed via a (nested) hashtable passed to the -OtherAttributes parameter.

Thus, you need something like the following:

$userProps = @{
  SamAccountName             = $User.SamAccountName                   
  # ... 
  OtherAttributes = @{ 'msDS-cloudExtensionAttribute1' = $User.'msDS-cloudExtensionattribute1' }
  # ...
}

CodePudding user response:

If you look at the New-Aduser command, it has lengthy list of parameters, including all the common attributes for creating an account. But there are many user attributes, including msDS-cloudExtensionAttribute1 that are not parameters to this command.

What you're doing with your hashtable is substituting its contents for the individual parameters in the command:

New-Aduser -SamAccountName $User.SamAccountName -Path $User.path `
-GivenName $User.GivenName -Surname $User.Surname ...

Since the msDS-cloudExtensionAttribute1 attribute is not in the default New-Aduser parameter list, it needs to be added using the -Otherattributes parameter. This is its own hashtable of attribute name and value pairs. You can include multiple attributes separated by semicolons. You still need the quotes around the attribute name because of the dash: -Otherattributes = @{'msDS-cloudExtensionAttribute1'="testing"}

In a hashtable of parameters, it should look like the below:

$userProps = @{
    SamAccountName         = "TestTest2"               
    Path                   = "OU=TEST,DC=example,DC=net"  
    GivenName              = "Test"
    Surname                = "test2"
    Name                   = "TestTest2"
    AccountPassword        = (ConvertTo-SecureString $pass -AsPlainText -Force) 
    Enabled                = $false
    ChangePasswordAtLogon  = $true
    Otherattributes        = @{'msDS-cloudExtensionAttribute1'="testing"}
}
New-ADUser @userProps

(Just as a note, it's always good to simplify things when troubleshooting by just using text input and the minimal number of parameters to create the account.)

Page link:https//www.codepudding.com/Enterprise/557083.html

Prev:Array in a foreach loop
Next:New dynamic group AzureAD powershell
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding