Active Directory Bulk, Many Users, Several Attruibutes, Set-ADUser

I thought I could do this but I am getting errors.
I want to take each user and update several Attributes on the same line as the user in the CSV file.
I have a CSV file that looks like this:

SAMAccountName streetAddress   l     State  POSTALCODE  physicalDeliveryOfficeName

Jack.Ripper    1999 Walnut SE   Bubblegum    KY  22222       NASS - DC 5855

Lizzie.Borden  2777 Walnut SE   BadAxe       HI   234567     NASS - DC 6407B

Then I run this to see what some attributes look like for Jack and Lizzie:

PS C:\windows\system32> Import-Csv -Path "C:\FolderX\Two.csv" |           
foreach {           
 Get-ADUser -Filter "SamAccountName -like '*$($_.sAMAccountName)*'" -Properties * | select samaccountname, displayname, name, cn, mail, givenname, initials, sn, extensionAttribute8, VVVVTTTTTTAbbreviation, Department, Description,  distinguishedname, VVVVofficeid, personguid,streetAddress,state,l,postalCode,physicalDeliveryOfficeName          
}

Then I get this:

samaccountname             : Jack.Ripper2
displayname                : Ripper, Jack - SSSS-ST, Marion, KY
name                       : Jack.Ripper
cn                         : Jack.Ripper
mail                       : Jack.Ripper2@VVVV.KKK
givenname                  : Jack
initials                   :
sn                         : Ripper
extensionAttribute8        : Affiliate
VVVVTTTTTTAbbreviation     : SSSS-ST
Department                 : LMAC-SSSS - SSSS-ST
Description                : Delete 03/03/2021 - CRQ3927201 - Account Restricted on 02.08.2021 
distinguishedname          : CN=Jack.Ripper,OU=Deprovision,OU=Users,OU=LMAC,OU=PLACES,DC=VVVV,DC=net
VVVVofficeid               : 108760
personguid                 : 586B81F9-F4F0-423C-897A-332746F9922D
streetAddress              : 1999 Walnut SE
state                      : KY
l                          : Bubblegum
postalCode                 : 22222
physicalDeliveryOfficeName : KYMAR

samaccountname             : Lizzie.Borden
displayname                : Borden, Lizzie - LMAC-FSA, Roxboro, NC
name                       : Lizzie.Borden
cn                         : Lizzie.Borden
mail                       : Lizzie.Borden@VVVV.KKK
givenname                  : Lizzie
initials                   :
sn                         : Borden
extensionAttribute8        : Affiliate
VVVVTTTTTTAbbreviation     : LMAC-FSA
Department                 : LMAC-FSA
Description                : Delete 03/03/2021 - CRQ3927189 - **Account disabled by GGNR 02/06/2021**LMAC-FSA
distinguishedname          : CN=Lizzie.Borden,OU=Deprovision,OU=Users,OU=LMAC,OU=PLACES,DC=VVVV,DC=net
VVVVofficeid               : 64359
personguid                 : A1D1E2B1-629F-41A5-A0AB-7BB614B0323C
streetAddress              : 2777 Walnut SE
state                      : HI
l                          : BadAxe
postalCode                 : 234567
physicalDeliveryOfficeName : NCROX

Then I run the script:

PS C:\windows\system32>
$Allusers = Import-csv C:\FolderX\Two.csv
Foreach ($user in $AllUsers) {
$Userinfo=Get-ADUser -Identity $user.sAMAccountName -Properties streetAddress,state,l,postalCode,physicalDeliveryOfficeName
    Set-ADUser -Identity $user.sAMAccountName -streetAddress $streetAddress -l $l -postalCode $postalCode -physicalDeliveryOfficeName $physicalDeliveryOfficeName}
Get-ADUser -Identity $user.sAMAccountName -Properties SamAccountName,streetAddress,state,l,postalCode,physicalDeliveryOfficeName | ft streetAddress,state,l,postalCode,physicalDeliveryOfficeName

Then it shows this error"

Set-ADUser : A parameter cannot be found that matches parameter name
'physicalDeliveryOfficeName'.
At line:4 char:107
+ ... ess -l $l -postalCode $postalCode -physicalDeliveryOfficeName $physic ...
+                                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Set-ADUser], ParameterBind
   ingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory
   .Management.Commands.SetADUser
Set-ADUser : A parameter cannot be found that matches parameter name
'physicalDeliveryOfficeName'.
At line:4 char:107
+ ... ess -l $l -postalCode $postalCode -physicalDeliveryOfficeName $physic ...
+                                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Set-ADUser], ParameterBind
   ingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory
   .Management.Commands.SetADUser


streetAddress state l       postalCode physicalDeliveryOfficeName

------------- ----- -       ---------- --------------------------

2777 Walnut SE    HI    BadAxe   234567         NCROX  

 PS C:\windows\system32>

And nothing is updated. I tried updating only one attribute at a time but that doesn’t work either.
Where am I going wrong?
This Attribute: physicalDeliveryOfficeName - This is the real name of the attribute. And it seems to be alright and show up along with other attributes. Why won’t it work in the script to Set-ADUser?
Thanks in advance.

Not all AD attributes have corresponding parameters for the cmdlet Set-ADuser. You have to provide those changes in a different way.

#Example 4 shows how to do that. The syntax depends on if the attribute is already set or not.

Regardless of that - you may read up about splatting in Powershell. That will make your code a little easier to read.

1 Like

Olaf, I will have to go study.

When I run this at the console:

Set-ADUser Jack.Ripper -Office "##OFFICE##"

It works fine. I looked at the GUI; Office has a value of “##OFFICE##”

But then, I run this script below, it appears that absolutely nothing is updated.
After the script runs , on the console, a list is produced. Each attribute in the script is listed, which makes me think that a good update worked.
Is this list supposed to mean that a change was made?
I ran this late Friday at work. If a change was made, maybe the servers have to synchronize before it shows up.
Here’s the CSV file:

SAMAccountName streetAddress   l     State  POSTALCODE  physicalDeliveryOfficeName

Jack.Ripper    1492 Walnut Street   Columbus    aa  99999       NASS - DC 5855a

Lizzie.Borden  1776 Walnut Street   Ol George       BB   77777     NASS - DC 6407Bb
 
PS C:\windows\system32> Import-Csv -path C:\folder\BulkJustTwo.csv
Foreach ($user in $AllUsers) {
$Userinfo=Get-ADUser $user.sAMAccountName -Properties streetAddress,state,l,postalCode,Physical-Delivery-Office-Name
    Set-ADUser -Identity $user.sAMAccountName -streetAddress $streetAddress -l $l -postalCode $postalCode -physicalDeliveryOfficeName $Physical-Delivery-Office-Name}
Get-ADUser -Identity Jack.Ripper -Properties SamAccountName,streetAddress,state,l,postalCode,physicalDeliveryOfficeName | ft sAMAccountName, streetAddress,state,l,postalCode,Physical-Delivery-Office-Name  
sAMAccountName             : Jack.Ripper
streetAddress              : 1492 Walnut Street
l                          : Columbus
st                         : aa
postalCode                 : 99999
physicalDeliveryOfficeName : AAA - DC 5855a
 
sAMAccountName             : Lizzie.Borden
streetAddress              : 1776 Walnut Street
l                          : Ol George
st                         : BB
postalCode                 : 77777
physicalDeliveryOfficeName : AAA - DC 6407Bb
 
 
 
 
sAMAccountName streetAddress               state l     postalCode Physical-Delivery-Office
                                                                  -Name                  
-------------- -------------               ----- -     ---------- ------------------------
Jack.Ripper   1951 Ocean DriveMI    Ionia 48846      {}

Then I immediately run this to see if the attributes were changed. It appears there was no change.

 PS C:\windows\system32> Get-ADUser Jack.Ripper -properties * | select samaccountname, displayname, name, cn, mail, givenname, initials, sn, extensionAttribute8, ORGAgencyAbbreviation, Department, Description, state, distinguishedname, ORGofficeid, personguid, streetAddress, l, postalcode, physicalDeliveryOfficeName, WhenChanged             
 
 
samaccountname             : Jack.Ripper
displayname                : Ripper, Jack - LLL-OOOO, Ionia, MI
name                       : Jack.Ripper
cn                         : Jack.Ripper
mail                       : Jack.Ripper@ORG.gov
givenname                  : Jack
initials                   :
sn                         : Ripper
extensionAttribute8        : Employee
ORGAgencyAbbreviation     :
Department                 : LLL-OOOO
Description                : Any Description
state                      : MI
distinguishedname          : CN=Jack.Ripper,OU=Deprovision,OU=Users,OU=LLL,OU=Agencies,DC=ORG,DC=
ORGofficeid               :
personguid                 : F7812345-1663-437F-A747-4E12345678C0
streetAddress              : 431 SWARTZ COURT, SUITE 300
l                          : Ionia
postalcode                 : 48846
physicalDeliveryOfficeName : MIION
WhenChanged                : 3/5/2021 1:13:35 PM
 
 
 
 
PS C:\windows\system32>

Did you actually read my answer? And did you actually read the help I linked?

So you CAN NOT use the following

Set-ADUser -Identity sAMAccountName -physicalDeliveryOfficeName $physicalDeliveryOfficeName

Because the cmdlet Set-ADUser does not provide a parameter for the attribute physicalDeliveryOfficeName.

Instead you have to provide the change in a different way. Depending on the attribute you want to treat you have to use either -Add or -Clear or -Replace or -Remove. You should carefully read the help again, especially for this patricular parameters.

So to set the desired attribute inicially you can use something like this:

Set-ADUser -Identity sAMAccountName -Add @{physicalDeliveryOfficeName = 'BestPhysicalDeliveryOfficeOfTheWorld'}

If there are already values in your AD in the attribute physicalDeliveryOfficeName you will have to use this

Set-ADUser -Identity sAMAccountName -Replace @{physicalDeliveryOfficeName = 'BestPhysicalDeliveryOfficeOfTheWorld'}

And just to mention it. If the attribute is a multivalued string for example you can use the -Add parameter more than once and you’d add a new string everytime you use it. So you should think carefully and test before you use it in production. :wink:

Regardless of all that. Please read the help I linked for Splatting. It’s a great way to make you code easier to read and to understand and to maintain. For example:

$Allusers = Import-csv C:\FolderX\Two.csv
Foreach ($user in $AllUsers) {
    $SetADuserParams = @{
        Identity      = $user.sAMAccountName
        streetAddress = $streetAddress
        l             = $l
        postalCode    = $postalCode
        Replace       = @{physicalDeliveryOfficeName = $physicalDeliveryOfficeName }
    }
    Set-ADUser @SetADuserParams
}

You don’t have to read an AD object before you change it. It slows down your code very much if you use a meaningless Get-ADUser inside the loop.

Olaf, yes I read your first reply.
And I looked at the help.
I will go back and study some more.

“If you aren’t willing to read PowerShell’s help files, you won’t be effective with PowerShell. You won’t learn how to use it, you won’t learn how to administer products like Windows with it, and you might as well stick with the GUI.”

                - Don Jones, Learn PowerShell In A Month Of Lunches, p. 20