Bobcares

Set-ADUser Modify Active Directory Users with PowerShell

by | Apr 30, 2021

The Set-ADUser cmdlet allows to modify properties of users (attributes) in Active Directory with PowerShell.

As a part of our Server Management Services, we assist customers with several Powershell queries.

Let us today discuss how to use the Set-ADUser cmdlet to modify user properties in AD.

Set-ADUser  Modify Active Directory Users with PowerShell

The Set-ADUser cmdlet is part of the Active Directory module for Windows PowerShell

The Get-ADUser cmdlet has about 50 options related to AD attributes (City, Company, Department, Description, EmailAddress, MobilePhone, Organization, UserPrincipalName, etc.). We can display the list of available attributes using the following command:

Get-Help Set-ADUser -Parameter *|ft

Set-ADUser Modify Active Directory Users with PowerShell
The name of a user we want to change AD attributes for is specified in the mandatory Identity option (we can specify it as an sAMAccountName, SID, Distinguished Name or objectGUID).

For example, let us get the value of the Title attribute of a user using the Get-ADUser cmdlet:

Get-ADUser -Identity C.Bob -Properties title|select-object name,title

Then change its job title in AD:

Set-ADuser C.Bob –title “Junior Engineer”

We can change the values of multiple attributes at once. For example, let us set a new email address and a list of computers a user is allowed to log on to:

Set-ADUser C.Bob –EmailAddress C.Bob@bobcares.com –LogonWorkstations 'munx32f2r13,munx32f2r15'

The following command will disable a user account in the domain:

Set-ADUser C.Bob -Enabled $False

We can change a user photo in AD:

Set-ADUser C.Bob -Replace @{thumbnailPhoto=([byte[]](Get-Content "C:\scripts\ad\c.bob.jpg" -Encoding byte))}

We can edit values of other user attributes (including extensionAttribute and custom attributes) in AD using these Set-ADUser options:

  • Add – adds an attribute value
  • Replace – replaces an attribute value
  • Clear – clears an attribute value
  • Remove — removes one of the attribute values

For example, to change a user phone number, we may use this command:

Set-ADUser C.Bob -MobilePhone $NewNumber

Or

Set-ADUser C.Bob -replace @{'MobilePhone' = $($Number) }

To add a new value to the extensionAttribute5:

Set-ADUser C.Bob -Add @{extensionAttribute5 = "Test1"}

To clear an attribute value:

Set-ADUser C.Bob -Clear "extensionAttribute5"

We can change values of multiple attributes at a time:

Set-ADUser C.Bob -Replace @{title="Senior Engineer";company="XYZ"}

Also, using these options, we can change multi-valued attributes. For example, let us add multiple ProxyAddresses (email aliases) to a user:

Set-ADUser C.Bob -add @{ProxyAddresses="smtp:C.Bob@bobcares.com, ,SMTP:chris.bob@bobcares.com " -split ","}

 

How to Bulk Modify Active Directory Users Attributes with Set-ADUser in Powershell

We can change the attributes of multiple users at once. For example, the following command will change the value of UserAccountControl attribute and force all users from the specified OU to change their passwords at the next logon:

Get-ADUser -Filter * -SearchBase "OU=Users,OU=DE,DC=bobcares,DC=loc" | Set-ADUser -ChangePasswordAtLogon $true

We can bulk update the AD user attributes with the values from a CSV file. For example, we have a CSV file with the list of accounts, titles and phone numbers (the file format is: SamAccountName, Title, MobilePhone).

To update user attributes using the values from the CSV file, run the following PowerShell command:

Import-Csv "C:\scripts\ad\update_ad_users.csv" | foreach {Set-ADUser -Identity $_.SamAccountName –Title $_.Title -MobilePhone $_.MobilePhone}

How to Show User’s Logged on Computer Name in ADUC

Let us try to add information about a computer a user has logged on to the user properties in Active Directory.

To do it, it is enough to add the following PowerShell script to the logon GPO scripts to be run when a user logs on to the computer (User Configuration -> Policies -> Windows Settings -> Scripts -> Logon):

Set-ADUser -identity $env:UserName –Description $env:computername

The script assumes that the PowerShell module for Active Directory is installed on users’ computers. If we do not want to install RSAT on all computers, we can use the AD PowerShell module without installation by copying its files to all computers using GPO or a logon script.

This will allow us to find the name of the computer that the user logged on to.

In this example, we save the name of the current computer to the standard Description attribute. We can use another attribute, say one of ExtensionAttributes.
 

Common error

While trying to update user properties using Set-ADUser, we received the following error:

Set-ADUser : replace
At C:\ADUpdate.ps1:30 char:1
+ Set-ADUser -Identity $_.name -Department $_.department -title $_.titl ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (BobUser:ADUser) [Set-ADUser], ADInvalidOperationException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser

We can use the Set-ADUser command as given below:

Set-ADUser -Identity $_.name -Department $_.department -title $_.title -Office $_.office -StreetAddress $_.streetAddress -State $_.state -PostalCode $_.postalCode -MobilePhone $_.mobile -OfficePhone $_.telephoneNumber -City $_.city

The error occurs because command used is incorrect.

So, use the below command instead:

Set-ADUser -Identity $_.name -Department $department -title $title -Office $office -StreetAddress $streetAddress -State $state -PostalCode $postalCode -MobilePhone $mobile -OfficePhone $telephoneNumber -City $city

[Need any further assistance with Powershell? – We’re available 24*7]
 

Conclusion

In short, the Set-ADUser cmdlet is part of the Active Directory module for Windows PowerShell. Today we discussed how our support engineers use the Set-ADUser cmdlet to modify user properties in AD.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF