Share via

Set and Get AD-Computer extensionattribute in powershell

otip 21 Reputation points
2021-11-29T13:06:36.317+00:00

Hi,

I found how to set an extension attribute for a computer
First it must be cleared
Set-ADcomputer –Identity computername -Clear "extensionAttribute15"

Then I can fill it
Set-ADcomputer -Identity computername -Add @{extensionAttribute15 = "anystring"}

It becomes tricky when I then try to extract
$value = Get-ADcomputer -identity KRKL0590 -Properties extensionAttribute15 | Select-Object extensionAttribute15

$value
@{extensionAttribute15=12/06/2021 00:00:00} (my script actually pushed a date in me extensionAtribute15)

$value.extensionAttribute15
gives nothing.

It looks like a hash but I can't manipulate it like it, it would seem.
I don't find how to extract only the value of extensionAttribute15.

Any help appreciated.

Thank you.

Windows for business Windows Client for IT Pros Directory services Active Directory
Windows for business Windows Server User experience PowerShell

8 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rich Matheisen 47,901 Reputation points
    2021-12-01T22:29:58.383+00:00

    See if this is close to your requirements:

    $WHATIF = $true

 $currentday = (Get-Date).ToUniversalTime().Date
 $validedate = (Get-Date).adddays(7).ToUniversalTime().Date

 Get-ADComputer -ldapfilter '(managedby=*)' -properties name, managedby, extensionAttribute15 |
     ForEach-Object{
         $ExpiryDate = $_ | Select-Object -expand extensionAttribute15
         $dn = $_.distinguishedname     # needed in "Catch" block
         if(-not $ExpiryDate){
             Write-Host "Null not allowed. Correcting to within 7 days. Maximum accepted value." -ForegroundColor DarkRed
             Set-ADcomputer -Identity $_.distinguishedName -Clear "extensionAttribute15" -WhatIf:$WHATIF
             Set-ADcomputer -Identity $_.distinguishedName -Add @{extensionAttribute15 = $validedate.ToString("MM/dd/yyyy")} -WhatIf:$WHATIF
         } 
         else {
             Try{
                 $ExpiryDate = [datetime]$ExpiryDate
                 if ($ExpiryDate -gt $validedate){
                     Write-Host "Date is more than 7 days. Correcting to within 7 days. Maximum accepted value." -ForegroundColor Red
                     Set-ADcomputer -Identity $_.distinguishedName -Clear "extensionAttribute15" -WhatIf:$WHATIF
                     Set-ADcomputer -Identity $_.distinguishedName -Add @{extensionAttribute15 = $validedate.Date.ToString("MM/dd/yyyy")} -WhatIf:$WHATIF
                 }
                 elseif($ExpiryDate -le $currentday ) {
                     write-host "Emptying Managed by field for $($_.name)" -ForegroundColor Yellow
                     #some code
                 }
                 else{ 
                     write-host "Date is inferior to 7 days we don't take action for $($_.name)" -ForegroundColor Green
                 }
             }
             Catch{
                 Write-Host "Invalid expiry date found in extentionAttribute15. Correcting to +7 days from today."
                 Set-ADcomputer -Identity $dn -Clear "extensionAttribute15" -WhatIf:$WHATIF
                 Set-ADcomputer -Identity $dn -Add @{extensionAttribute15 = $validedate.ToString("MM/dd/yyyy")} -WhatIf:$WHATIF
             }
         }
     }   #end foreach
    0 comments
  2. otip 21 Reputation points
    2021-12-02T09:38:08.023+00:00

    Hi Rich,

    apart from ( typo on line 9 it looks great. Thank you again.

    I have added some detailed information in all write-host to show the expirydate value and computer name so I can then search for my test computer.

    however when testing the cases :

    • Extensionattribute15 is empty => gets in the right test
    • Extensionattribute15 is having a valid date (within the 7 days) => gets in the right test
    • Extensionattribute15 is having a far date (further than 7 days) => get in the right test
    • Extensionattribute15 is having a past date => gets in the right test
    • Extensionattribute15 is having a "blablabla" value => gets in the right test BUT $_ is lost in the process !! The first set with $DN works but the second one with $_.Distinguedname fails saying it receives a null value (I could confirm that, hence my trick with $DN.

    Do you know why $_.Distinguedname works find in the try but not in the catch section?

    The code is now this :

    cls
#activate simulation mode
$WHATIF = $true
$maxtime = 7

#Get current day and maximum period for beeing an admin $maxtime day  
$currentday = (Get-Date).ToUniversalTime().Date
$validedate = (Get-Date).adddays($maxtime).ToUniversalTime().Date

$DC = Get-ADDomainController -Discover

[string] $DCName = $DC.Hostname

write-host $DCName

#Get the list of PCs worlwide with a content in ManagedBy field        
Get-ADComputer -ldapfilter "(&(managedby=*)(name=NCYL3604))" -Server $DCName -properties name, managedby, extensionAttribute15 |
     ForEach-Object{
         $DN= $_.distinguishedName
         $ExpiryDate = $_ | Select-Object -expand extensionAttribute15
         if(-not $ExpiryDate){
             #Expiry date is empty
             Write-Host "Value of expiryDate is : $($ExpiryDate) for $($_.distinguishedName). Null not allowed. Correcting to within $($maxtime) days. Maximum accepted value." -ForegroundColor DarkRed
             Set-ADcomputer -Identity $_.distinguishedName -Clear "extensionAttribute15" -WhatIf:$WHATIF
             Set-ADcomputer -Identity $_.distinguishedName -Add @{extensionAttribute15 = $validedate.ToString("MM/dd/yyyy")} -WhatIf:$WHATIF
         } 
         else {
             Try{
                 #Expiry date is a date
                 $ExpiryDate = [datetime]$ExpiryDate
                 if ($ExpiryDate -gt $validedate){
                     #Expiry date is futher than next $($maxtime) days
                     Write-Host "Value of expiryDate is : $($ExpiryDate) for $($_.distinguishedName). Date is more than $($maxtime) days => Correcting to within $($maxtime) days." -ForegroundColor Red
                     Set-ADcomputer -Identity $_.distinguishedName -Clear "extensionAttribute15" -WhatIf:$WHATIF
                     Set-ADcomputer -Identity $_.distinguishedName -Add @{extensionAttribute15 = $validedate.Date.ToString("MM/dd/yyyy")} -WhatIf:$WHATIF
                 }
                 elseif($ExpiryDate -le $currentday ) {
                     #Expiry date is past
                     write-host "Value of expiryDate is : $($ExpiryDate) for $($_.distinguishedName). Date is in the past => Emptying Managed by field for $($_.name)" -ForegroundColor Yellow
                     #some code
                 }
                 else{ 
                     #Expiry date is withing the $maxtime days period
                     write-host "Value of expiryDate is : $($ExpiryDate) for $($_.distinguishedName). Date is inferior to $($maxtime) days => No action for $($_.name)" -ForegroundColor Green
                 }
             }
             Catch{
                 #Expiry date is a not a date
                 Write-Host "Value of expiryDate is : $($ExpiryDate) for $($_.distinguishedName). Invalid expiry date found in extentionAttribute15. Correcting to +$($maxtime) days from today."
                 write-host $DN
                 Set-ADcomputer -Identity $DN -Clear "extensionAttribute15" -WhatIf:$WHATIF
                 Set-ADcomputer -Identity $_.distinguishedName -Add @{extensionAttribute15 = $validedate.ToString("MM/dd/yyyy")} -WhatIf:$WHATIF
             }
         }
     }   #end foreach
  3. otip 21 Reputation points
    2021-12-02T16:30:54.45+00:00

    Yes I left line 52 it for demonstration.
    Thank you for the explanation.

    So final version is here ! (I use my $DN everywhere it's easier I fill).
    Also I added a possibility to have NEVER in the extensionattribute15 to be able to handle the exceptions (there are always exception to the so called strict rules :/ ).
    I will probably had some logging lines.
    On v2 I might want to think if using Switch could simplify this code.
    But still, I'm happy with it so far. Thanks again.

    cls
#activate simulation mode
$WHATIF = $true
$maxtime = 7

#Get current day and maximum period for beeing an admin $maxtime day  
$currentday = (Get-Date).ToUniversalTime().Date
$validedate = (Get-Date).adddays($maxtime).ToUniversalTime().Date

$DC = Get-ADDomainController -Discover

[string] $DCName = $DC.Hostname

write-host $DCName

#Get the list of PCs worldwide with a content in ManagedBy field        
Get-ADComputer -ldapfilter "(&(managedby=*)(name=NCYL3604))" -Server $DCName -properties name, managedby, extensionAttribute15 |
Get-ADComputer -ldapfilter "(managedby=*)" -Server $DCName -properties name, managedby, extensionAttribute15 |
     ForEach-Object{
         $DN= $_.distinguishedName
         $ExpiryDate = $_ | Select-Object -expand extensionAttribute15
         if(-not $ExpiryDate){
             #Expiry date is empty => correcting to 7 days
             Write-Host "Value of expiryDate is : $($ExpiryDate) (empty) for $($DN). Null not allowed. Correcting to within $($maxtime) days. Maximum accepted value." -ForegroundColor DarkRed -BackgroundColor Yellow
             Set-ADcomputer -Identity $DN -Clear "extensionAttribute15" -WhatIf:$WHATIF
             Set-ADcomputer -Identity $DN -Add @{extensionAttribute15 = $validedate.ToString("MM/dd/yyyy")} -WhatIf:$WHATIF
         } elseif($ExpiryDate -eq "NEVER"){
             #Expiry date is NEVER => No action
             write-host "Value of expiryDate is : $($ExpiryDate) for $($DN). Date is NEVER => No action for $($_.name)" -ForegroundColor Green
         } else {
             Try{
                 #Expiry date is a date
                 $ExpiryDate = [datetime]$ExpiryDate
                 if ($ExpiryDate -gt $validedate){
                     #Expiry date is further than next $($maxtime) days => correcting to 7 days
                     Write-Host "Value of expiryDate is : $($ExpiryDate) for $($DN). Date is more than $($maxtime) days => Correcting to within $($maxtime) days." -ForegroundColor Red
                     Set-ADcomputer -Identity $DN -Clear "extensionAttribute15" -WhatIf:$WHATIF
                     Set-ADcomputer -Identity $DN -Add @{extensionAttribute15 = $validedate.Date.ToString("MM/dd/yyyy")} -WhatIf:$WHATIF
                 }
                 elseif($ExpiryDate -le $currentday ) {
                     #Expiry date is in the past => Clearing Managedby and extensionAttribute15
                     write-host "Value of expiryDate is : $($ExpiryDate) for $($DN). Date is in the past => Emptying Managed by field for $($_.name)" -ForegroundColor Yellow
                     Set-ADcomputer -Identity $DN -Clear "extensionAttribute15" -WhatIf:$WHATIF
                     Set-ADcomputer -Identity $DN -Clear "managedby" -WhatIf:$WHATIF
                 }
                 else{ 
                     #Expiry date is within the $maxtime days period => No action
                     write-host "Value of expiryDate is : $($ExpiryDate) for $($DN). Date is inferior to $($maxtime) days => No action for $($_.name)" -ForegroundColor Green
                 }
             }
             Catch{
                 #Expiry date is a not a date => correcting to 7 days
                 Write-Host "Value of expiryDate is : $($ExpiryDate) for $($DN). Invalid expiry date found in extentionAttribute15. Correcting to +$($maxtime) days from today." -ForegroundColor red -BackgroundColor Yellow
                 Set-ADcomputer -Identity $DN -Clear "extensionAttribute15" -WhatIf:$WHATIF
                 Set-ADcomputer -Identity $DN -Add @{extensionAttribute15 = $validedate.ToString("MM/dd/yyyy")} -WhatIf:$WHATIF
             }
         }
     }   #end foreach
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.