Dynamically populating user properties in Active Directory

Posted on by

Recently I was asked to help out with a small issue pertaining to rolling out MS Live Communications Server. Two SIP properties (msRTCSIP-LineServer & msRTCSIP-Line) on the user object in AD were set dependent on which office the user was located in, and their Direct Dial (DDI) number. These properties needed to be set on the users on 3 sites, and I was asked if PowerShell could assist.

Seeing as I don’t have the schema extensions in my test lab, we will step through a similar scenario, but we’ll update the users description property instead.

In this example we have two test users:
Test Users for setting description property

We’re interested in the two User properties: Office and Telephone number. These would make up part of the SIP information for LCS, but in our example we just want to add them to the description property for easier viewing in AD User’s and Computers.
User1 Property page

Presuming, that we want to update the description field against a large selection of users we will take advantage of how PowerShell handles CSV’s:
Accounts.csv


#
# NAME: Set-UsrDesc.ps1
#
# AUTHOR: Adam Bell, http://www.leadfollowmove.com
# RELEASE: Contractors Creed – All care taken, no responsibility admitted. Use at your own risk.
# VERSION:
# 1.0.1 25/09/2007 Adam Bell Initial.
# 1.0.2 26/09/2007 Adam Bell refined for live.
#
# COMMENT: Best viewed using Notepad2
#
# ———————————————————–
# Check command-line arguments
# ———————————————————–
if ($args.count -ne 1)
{
write-host “Usage:
write-host “CSV requires a header line.”
write-host ” UserName,OU is the only data needed. No DomainDN in the OU DN.”
write-host “”
exit
}
$InFile = $args[0]
If (-not(test-path $InFile))
{
write-host “Unable to locate” $InFile
exit
}
# ———————————————————–
# Globals
# ———————————————————–
# If there are any errors,we’ll handle them in code.

$erroractionpreference = “SilentlyContinue”
$root = [adsi]“”
# ———————————————————–
function set-Desc
# ———————————————————–
{
# Inputs: 1) The CN UserName of the Account object
# 2) The OU DN without the Domain DN portion included.
# Objective: 1) Process each user, and update the description property based on Office and DDI info.
# Returns: 1) Nothing. Updates the users props.
Param (
$UserName,
$OUname
)
$error.clear()
$user = [adsi](“LDAP://cn=”+$UserName `
+”,”+$OUname+”,”+$root.distinguishedName)
if (!$?)
{
write-warning “Unable to bind to $UserName”
write-host “”
continue
}
$office = $user.get(“physicalDeliveryOfficeName”)
if (!$?)
{
write-warning “Unable to retrieve Office Location for $UserName”
write-host “”
continue
}
$ddi = $user.get(“telephoneNumber”)
if (!$?)
{
write-warning “Unable to retrieve DDI number for $UserName”
write-host “”
continue
}
$user.put(“description”, “($office) $ddi”)
$user.setinfo()
If (!$error[0])
{
write-host “$username updated.” -foregroundcolor “green”
}
else
{
write-warning “Updating $UserName failed!”
}
write-host “”
}
# ———————————————————–
function get-userlist
# ———————————————————–
{
# Inputs: 1) Path to CSV file containing Users to process. Needs a header line: UserName, OU
# Objective: 1) Get the data from the CSV file and pass it to Set-Desc
# Returns: 1) Nothing.
# Depends: 1) Set-Desc
Param (
$PathToCSV
)
$accounts = Import-Csv $PathToCSV
foreach ($account in $accounts)
{
$UserName = $account.UserCN
If ($UserName.StartsWith(“#”) -eq $true)
{
}
Else
{
“Processing … “+$UserName
set-Desc $UserName $account.OU
}
}
}
# ———————————————————–
# Main
# ———————————————————–
get-userlist $InFile
# ———————————————————–

A couple of points of interest, from the script above:
The Username is the CN (usually the displayName property), and is added with the ouName provided in the CSV, and the distinguishedName of the domain to build the ADSI binding to the user object.

The get(),put() and setinfo() methods are pretty self explanatory, especially if you’ve done any ADSI scripting before.

What’s nice about PowerShell is that you can user variables “inline”. It doesn’t work when constructing the ADSI binding, but it does when constructing strings (in this case for out put() method).

The (!$?) if block is a nice error checking step that check’s if the the last command wasn’t successful.

The !error[0] if block tests if we have had any errors in our process, and provides feedback to the console accordingly.

Running the script gives us the following output:
Set-UsrDesc.ps1 script console output

And if we check the user account, we can see that the description field has been updated for easy viewing , if we had a lot of users.
User1 account - updated by the set-usrdesc.ps1 script

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>