How to add/update user attributes values for Active Directory users

Ahmed Qureshi 85 Reputation points
2023-07-26T07:29:29.4766667+00:00

I have a CSV file to import/update users data using powershell script. Here is the script:

Import-Module ActiveDirectory

$users = Import-Csv -Path "C:\Share\UsersWithOtherAttrib.csv"

foreach ($user in $users) {
    $userSAM = $user.sAMAccountName
    $gidNumber = $user.gidNumber	
    $sn = $user.sn
    $Uid = $user.uid	
    $HomeDirectory = $user.homeDirectory
    $PhysicalDeliveryOfficeName = $user.physicalDeliveryOfficeName
    $o = $user.o
    $l = $user.l
    $EmailAddress = $user.mail
    $UidNumber = $user.uidNumber
    $PostalAddress = $user.postalAddress
    $St = $user.st
    $HomePostalAddress = $user.homePostalAddress
    $TelephoneNumber = $user.telephoneNumber
    $Mobile = $user.mobile
    $Secretary = $user.secretary
    
    Set-ADUser -Identity $userSAM -Add @{
        gidNumber=$gidNumber
        sn=$sn
        uid=$Uid
        homeDirectory=$HomeDirectory
        physicalDeliveryOfficeName=$PhysicalDeliveryOfficeName
        o=$o
        l=$l
        mail=$EmailAddress
        uidNumber=$UidNumber
        postalAddress=$PostalAddress
        st=$St
        homePostalAddress=$HomePostalAddress
        telephoneNumber=$TelephoneNumber
        mobile=$Mobile
        secretary=$Secretary
    }
}


But it is giving me following error continuously despite of making sure that there is nothing null or inappropriate in CSV file:

Set-ADUser : Cannot validate argument on parameter 'Add'. The argument is null or an element of the argument collection contains a 
null value.
At line:23 char:40
+     Set-ADUser -Identity $userSAM -Add @{
+                                        ~~
    + CategoryInfo          : InvalidData: (:) [Set-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.SetADUse

Can any one please help?

TIA

PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,811 questions
0 comments No comments
{count} vote

2 answers

Sort by: Most helpful
  1. Limitless Technology 44,531 Reputation points
    2023-07-26T15:15:11.2766667+00:00

    Hello there,

    To add or update user attribute values for Active Directory users, you can use PowerShell along with the Set-ADUser cmdlet. Before running the script, ensure that you have the necessary permissions to modify user attributes in the Active Directory.

    Here's an example PowerShell script that demonstrates how to add or update user attribute values:

    Import the Active Directory module

    Import-Module ActiveDirectory

    Replace these values with your domain-specific information

    $Username = "JohnDoe" # The username of the user you want to update

    $AttributeName = "extensionAttribute1" # The name of the attribute you want to add/update

    $AttributeValue = "New Value" # The value you want to set for the attribute

    Get the user object from Active Directory

    $user = Get-ADUser -Identity $Username

    Check if the user exists

    if ($user) {

    # Check if the attribute already has a value
    
    if ($user.$AttributeName) {
    
        # If the attribute already has a value, update it
    
        Set-ADUser -Identity $Username -Add @{ $AttributeName = $AttributeValue }
    
        Write-Host "Attribute '$AttributeName' updated for user '$Username' with value: '$AttributeValue'"
    
    } else {
    
        # If the attribute doesn't have a value, add it
    
        Set-ADUser -Identity $Username -Replace @{ $AttributeName = $AttributeValue }
    
        Write-Host "Attribute '$AttributeName' added for user '$Username' with value: '$AttributeValue'"
    
    }
    

    } else {

    Write-Host "User '$Username' not found in Active Directory."
    

    }

    Replace the placeholders (JohnDoe, extensionAttribute1, New Value, etc.) with your actual values. The script checks if the specified attribute exists for the user. If it does, it updates the value; otherwise, it adds the attribute with the given value.

    Save this script with a .ps1 extension and run it with administrative privileges on a machine that has the Active Directory PowerShell module installed. The script should modify the specified user's attribute values accordingly.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–

    1 person found this answer helpful.
    0 comments No comments

  2. Rich Matheisen 47,596 Reputation points
    2023-07-26T18:53:26.67+00:00

    Try splitting the attribute to be added into two groups: those that have parameter names in the Set-ADUser cmdlet and, those that are not present parameter set (i.e., the ones that need to use the LDAP property names). If there's a problem with a value in the parameter names used by Set-ADUser there will be a diagnostic naming that parameter.

    If the problem is associated with the values being added by the LDAP names you can start by removing them from the script one-by-one until you identify what the problem is.

    $users = Import-Csv -Path "C:\Share\UsersWithOtherAttrib.csv"
    
    foreach ($user in $users) {
        # properties that are part of Set-ADUser parameters
        $props = @{
            SamAccountName = $user.sAMAccountName
            Surname = $user.sn
            HomeDirectory = $user.homeDirectory
            Office = $user.physicalDeliveryOfficeName
            Organization = $user.o
            City = $user.l
            EmailAddress = $user.mail
            StreetAddress = $user.postalAddress
            State = $user.st
            OfficePhone = $user.telephoneNumber
            Mobile = $user.mobile
        }
        # properties that use LDAP nomenclature
        $adds = @{
            gidNumber = $user.gidNumber	
            Uid = $user.uid	
            UidNumber = $user.uidNumber
            HomePostalAddress = $user.homePostalAddress
            Secretary = $user.secretary
        }
        Set-ADUser -Identity $user.sAMAccountName -Add $adds @props
    }
    
    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.