PowerShell for Windows Admins

Mar 4 2017   5:59AM GMT

Modifying AD users in bulk

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Tags:
Active Directory
Powershell

Modifying AD users in bulk involves either setting one or more properties to the same value for a set of users or reading in the values you need from a data source of some kind.

We prepared some test data in the last post so lets see how we use it.

$users = Import-Csv -Path .\users.csv
foreach ($user in $users){
 Get-ADUser -Identity $user.Id |
 Set-ADUser -Division $user.Division -EmployeeNumber $user.EmployeeNumber
}

The simplest way is to read in the data and store as a collection of objects. Use foreach to iterate through the set of user information. Get-ADUser gets the appropriate AD account which is piped to Set-ADUser. Set-ADUser is a great cmdlet because it has parameters for most of the user properties.

In this case though we know that some of the users don’t have employee numbers. This means a bit more work. Two approaches are possible – use splatting and the parameters used above or use the –Replace option

Lets look at splatting first

$users = Import-Csv -Path .\users.csv  
foreach ($user in $users){
 $params = @{
   Division = $user.Division
   EmployeeNumber = 0
 }
 
 if ($user.EmployeeNumber) {
   $params.EmployeeNumber = $user.EmployeeNumber
 }
 else {
   $params.Remove('EmployeeNumber')
 }
 
 Get-ADUser -Identity $user.Id |
 Set-ADUser @params
}

As before read the user information into the $users variable. Iterate over the users with foreach. Create a hashtable for the parameters and their values. Division is always present so that can be set directly. Employeenumber should be tested and if  present the place holder value should be overwritten with the correct value otherwise Employeenumber is removed from the hashtable.

The user account is found and Set-ADUser sets the correct values. Notice how the hashtable is specified to the cmdlet.

Splatting is a great way to dynamically set the parameters you’re using on a particular cmdlet.

Set-ADUser has an alternative – the –Replace parameter.

$users = Import-Csv -Path .\users.csv 
foreach ($user in $users){
 $params = @{
   division = $user.Division
   employeeNumber = 0
 }
 
 if ($user.EmployeeNumber) {
   $params.EmployeeNumber = $user.EmployeeNumber
 }
 else {
   $params.Remove('EmployeeNumber')
 }
 
 Get-ADUser -Identity $user.Id |
 Set-ADUser -Replace $params
}

This is very similar to the splatting example but instead of splatting the hashtable you use it as the value input to the Replace parameter. If you wrote  out the command it would look like this:

 Set-ADUser –Replace @{division = ‘Division B’; employeeNumber  = 100}

With –Replace you’re using the LDAP names of the properties rather than the GUI or PowerShell name – there are differences for instance surname is sn in LDAP.

Modifying AD users in bulk is straightforward with PowerShell and its relatively easy to deal with missing values if you adopt one of the above ideas. Splatting is probably the easiest in this case.

 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: