Powershell Command to export information in Active Directory User Properties

Question

Powershell Command to export information in Active Directory User Properties

Mike Petonak 1

We have a system that imports the users manager into an attribute called ExtentionAttribute2 field in the users properties field. What we are looking to do is locate a command that can be ran in powershell that will take the data found in the above field and place it into the manager field under organization tab. I was wondering if you can provide a command that will allow us to run it on an entire object in active directory which contains several sites at our business.

Thank you,
Mike

3 answers

Your answer

Answer 1

Rich Matheisen 47,886

It might be as simple as this:

Get-MailUser -ResultSize Unlimited |  
    if ($_.ExtensionAttribute2){  
        $mgr = $_.ExtensionAttribute2  
        $_ | Set-User -Manager $mgr  
    }

You don't say how the manager is represented in ExtensionAttribute2, though. If the value isn't acceptable for use in the Set-User cmdlet you might have to locate the manger's user (or contact) object in the AD and use, say, its distinguishedName instead of the value found in ExtensionAttribute2.

Mike Petonak 1 Reputation point

2022-11-14T21:12:23.917+00:00

The Value for ExtensionAttribute2 field is just text with the members manager coming in from a system we use called workday. This field is updated whenever the HR platform makes changes to the person's manager field.

Often the manager changes in this attribute field without us knowning. HR has asked if we can simply run a script weekly that would check this Attribute extensionAttribute2 and if the manager is different from what is in the Organization Tab Manager field make the change automatically to what is in the Value field for extensionAttribute2 String Attribute.
Rich Matheisen 47,886 Reputation points

2022-11-14T22:41:11.913+00:00

I understand the value is just text. What I don't know is if it's a distinguishedName, a SMTP address, a displayName, Given Name and Surname, sAMAccountName, etc. The value that goes into the "manager" property is a distinguishedName.

I don't know how large your organization is, but you might want to verify that the manager property isn't already set correctly before changing the user object to avoid setting up a lot of AD replication.

Seems like it would be better if whatever software they're using just updated the manager property directly.

Answer 2

Mike Petonak 1

Wouldnt it be Get-ADuser since the changes would be made from Active Director User accounts?

Rich Matheisen 47,886 Reputation points

2022-11-10T20:25:48.283+00:00

If that's the set of users you need to address, sure. I predate the existence of the ActiveDirectory module (and PowerShell, and I spent 17 years as an Exchange support guy, manager, and administrator) so unless someone's specific, I default to Exchange (where ExtensionAttributes were introduced). :-)

Answer 3

Flávio Cavalcanti 1

You can use something like this for get the propertie value and save in a enviroment variable:

$temp_ea2value=Get-ADUser -Identity [User Name Pattern] -Properties ExtensionAttribute2 | Select-Object -ExpandProperty ExtensionAttribute2

And then set it using :

Set-ADUser -Identity [User Name Pattern] -Department $temp_ea2value

Share via

Powershell Command to export information in Active Directory User Properties

3 answers

Your answer