theNetFlow.com

Mass update of Active Directory using PowerShell

thumbnail for post 657

PowerShell is a very handy scripting language if you need to play around with Microsoft technologies. It’s gotten me out of more than one difficult situation. The thing that comes up most at the minute for me is updating AD or Active Directory en masse.

Say you update your phone system or you merge with another company and have to update phone numbers in your AD address book without having to do it manually. PowerShell to the rescue.

First you need to create a .csv file with all the names and new phone numbers that you want the users to be updated to. It should look something like this:

user,phonenumber
Dan O'Neill,+353 1 234 5678
Brad Pitt,+353 1 123 4567
Frank Bruno,+353 1 235 6789

This will be read by the PowerShell script. Reading in files in PowerShell is simple to understand. All you really need to know is that it reads files line by line and sometimes there are even cmdlets that will look after the import for you. In this case we can use Import-CSV.

$userlist = "C:\temp\import.csv"
$UserDetails=Import-CSV $userlist

Nice and easy – then we need to iterate through this list and actually do what we’re looking to do – Update a large list of users in AD with PowerShell – in this example, update everyones phone number.

So, as we’ve imported the csv file we’re then able to iterate through it line by line. As we move through it, we assign the value to a variable. Like so:

foreach($UD in $UserDetails) {
	$user = $UD.user
	$phnumber = $UD.phonenumber

The next stage is the first time we connect with AD and it’s quite an important part of the script. We want to check that the user in the file is an actual user in AD. In this case, I’ve been given names – so I check this against the CN in AD. However, you could check against any unique field in AD like username(SAMaccountname) or something like that. The following line assigns TRUE or FALSE to our variable $UserN:

$UserN=[ADSI]::Exists("LDAP://ad.domain.com/cn=$user,ou=Users,dc=ad,dc=domain,dc=com")

Then comes the actual interesting bit. We check whether that has come back with false…

if($UserN -ne $FALSE){

…and if it hasn’t then we apply the changes that we need to.

$UserN=[ADSI]"LDAP://ad.domain.com/cn=$user,ou=Users,dc=ad,dc=domain,dc=com"
$UserN.Put("telephoneNumber",$phnumber)
$UserN.SetInfo()
write-host $user "has been modified"

Very simple and straight forward. And since we want to be able to tell afterwards which users worked and which didn’t, the other part of that if…else loop looks like this:

}
else{
        write-host $user "object does not exist" -foregroundcolor red -backgroundcolor yellow
}

This prints out to your console in nice red font and yellow background which users failed to update.

In full the script looks like this:

$userlist = "C:\temp\import.csv"
$UserDetails=Import-CSV $userlist
foreach($UD in $UserDetails) {
	$user = $UD.user
	$phnumber = $UD.phonenumber
        $UserN=[ADSI]::Exists("LDAP://ad.domain.com/cn=$user,ou=Users,dc=ad,dc=domain,dc=com")
        if($UserN -ne $FALSE){
		$UserN=[ADSI]"LDAP://ad.domain.com/cn=$user,ou=Users,dc=ad,dc=domain,dc=com"
		$UserN.Put("telephoneNumber",$phnumber)
	   	$UserN.SetInfo()
		write-host $user "has been modified"
	}
        else{
            	write-host $user "object does not exist" -foregroundcolor red -backgroundcolor yellow
        }
}
Advertisment

About Dan O'Neill

As well as principle writer here on theNetFlow.com, I am also the founder and lead developer over at 26Squared. Having worked around the IT industry and the web for almost 10 years, I use this site as mostly my personal vehicle for sharing what I can. I also blog here.

Join the Conversation!

6 Comments

Robert WilsonOctober 18, 2010 at 9:14 am

thanks for the post

Dan O'NeillOctober 20, 2010 at 5:08 pm

@Robert

No problem – If it helped you in any particular way, sure let me know.

Randy MooreNovember 11, 2010 at 3:14 pm

But what if you want to update more than just one field, for instance, name, number, office and email – how do you put all of those things on the PUT line?

Dan O'NeillNovember 11, 2010 at 3:25 pm

Hi Randy,

You can have multiple .Put() statements. The information doesn’t get written until the .setInfo() statement.

As long as you setup the CSV file correctly you can read all of the information, assign it to a couple more variables and then have multiple .Put() statements followed by one .setInfo() statement.

Thanks,
Dan

Steve GillerJanuary 17, 2012 at 1:30 pm

Checking you have a user is great – but is there any way of checking you don’t have two users with the same name?
Using this scenario would be ideal for me, as long as I could trap the three Richard Jones that we have on our system!
I can’t do it by a truly unique attribute at present, as the system that generates the data does not hold any data other than names that could be matched to AD.

Ti-Sheng LuJanuary 24, 2012 at 11:04 pm

Great post. On your example, you mentioned that we could use the “exists” to search for sAMAccountName instead of CN, could you show an example of that?

Leave your Comment

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>