Your PowerGUI Community: Simplify your PowerShell related GUI and script editing needs.


Modify or update existing AD Users contact details

This question is answered
Hi,
I am new to powershell and still learning, I have been given the task to update over 500 Users contact details for existing users for both Manager and department fields only. I have been given a spreadsheet of the changes I am trying to avoid doing it manually. Has anyone got a powershell command or script to assist in doing this ?

Thanks

Debo
Verified Answer
  • Hi debops, welcome to PowerGUI! This is exactly the kind of thing that Powershell was made for!

    In order to easily manipulate Active Directory you'll need some tools. You can either use Microsoft's Remote Server Administration Tools (installed from the Windows features window) or you can use Quest's AD Tools (located on their website).

    Since I'm familiar with Microsoft's tools, that's what I'll use here but the cmdlet's are very similar so you could easily adapt to Quest if you wanted to.

    First we need to save your spreadsheet as a CSV file. I'm going to assume the header row has a row for Username, Manager and Department. If there's no Username then we'll have to use first name last name which is a Idealittle[/i] more challenging, but not too bad.

    First we want to use Import-CSV to pull all the information from the CSV and we want to go through that line by line and reference the 3 columns we want. From there we simply use Set-ADUser to update the 2 fields we want to change.

    The first line of the script loads the Microsoft Powershell tools, so even though you've installed them from Windows Features you have to tell Powershell to load them--by default it won't.

    BeerImport-Module ActiveDirectory -ErrorAction SilentlyContinue

    $Users = Import-Csv c:\utils\users.csv
    ForEach ($User in $Users)
    { Set-ADUser $User.Username -Manager $User.Manager -Department $User.Department
    }[/b]
All Replies
  • Hi debops, welcome to PowerGUI! This is exactly the kind of thing that Powershell was made for!

    In order to easily manipulate Active Directory you'll need some tools. You can either use Microsoft's Remote Server Administration Tools (installed from the Windows features window) or you can use Quest's AD Tools (located on their website).

    Since I'm familiar with Microsoft's tools, that's what I'll use here but the cmdlet's are very similar so you could easily adapt to Quest if you wanted to.

    First we need to save your spreadsheet as a CSV file. I'm going to assume the header row has a row for Username, Manager and Department. If there's no Username then we'll have to use first name last name which is a Idealittle[/i] more challenging, but not too bad.

    First we want to use Import-CSV to pull all the information from the CSV and we want to go through that line by line and reference the 3 columns we want. From there we simply use Set-ADUser to update the 2 fields we want to change.

    The first line of the script loads the Microsoft Powershell tools, so even though you've installed them from Windows Features you have to tell Powershell to load them--by default it won't.

    BeerImport-Module ActiveDirectory -ErrorAction SilentlyContinue

    $Users = Import-Csv c:\utils\users.csv
    ForEach ($User in $Users)
    { Set-ADUser $User.Username -Manager $User.Manager -Department $User.Department
    }[/b]
  • Things will get a little trickier if, as I suspect, your spreadsheet was written for people and not for scripts :) That means it has the user's full name and the manager's full name in it. We can work with that but it will require a few more steps and a little more information from you, like how is your displayName formatted? FirstName Lastname or Lastname, Firstname? And is your spreadsheet formatted in the same way?

    Good times :)
  • Hi,

    Thanks for the reply. I would have to extract the data from the spreadsheet into new spreadsheead columns  it has first name, second name and manager I assume I have to change the  the title header to be smilar to the attributes that powershell can recognise. I will test it and let you know.

    Thanks

    Debo
  • Yes, you would have to create your own CSV, or just add the column headers to the one you have and save THAT as a CSV. Powershell is able to read the header row and then reference the column based on that name. So there could be a dozen other bits of information in the spreadsheet but we won't use any of it.

    So, finding the user by firstname secondname we have to change our Set-ADUser cmdlet just a little. First we need the username for both the user we're changing and for the manager. We can use Get-ADUser with the Filter parameter to do that. For some reason the filter parameter on Get-ADUser won't let you reference a property when doing it's search, so I can't use $User.Firstname, which is too bad. Instead I have to assign that to a plain variable and Filter is OK with that. Do the search for the user and their manager and we have the information we need!

    BeerImport-Module ActiveDirectory -ErrorAction SilentlyContinue

    $Users = Import-Csv c:\utils\users.csv
    ForEach ($User in $Users)
    { $GivenName = $User.FirstName
    $SurName = $User.SecondName
    $ADUser = (Get-ADUser -Filter { GivenName -eq $GivenName -and Surname -eq $SurName }).SamAccountName
    $GivenName = $User.ManagerFirstname
    $SurName = $User.ManagerSecondname
    $ADManager = (Get-ADUser -Filter { GivenName -eq $GivenName -and Surname -eq $SurName }).SamAccountName
    Set-ADUser $ADUser -Manager $ADManager -Department $User.Department
    }[/b]
  • Hi Martin,

    I get this error when I applied it to this script containing

    FirstName,SecondName,department,ManagerFirstName,ManagerSecondName
    Evas,Wilam,Business Affairs,Debo,Adel

    I can't work what wrong this command At line:12 char:12
    + Set-ADUser $ADUser -Manager $ADManager -Department $User.Department

    S C:\Windows\sysWOW64\Windowspowershell\v1.0> Import-Module ActiveDirectory -ErrorAction SilentlyContinue

    $Users = Import-Csv c:\55\stafflist9.csv
    ForEach ($User in $Users)
    { $GivenName = $User.FirstName
    $SurName = $User.SecondName
    $ADUser = (Get-ADUser -Filter { GivenName -eq $GivenName -and Surname -eq $SurName }).SamAccountName
    $GivenName = $User.ManagerFirstname
    $SurName = $User.ManagerSecondname
    $ADManager = (Get-ADUser -Filter { GivenName -eq $GivenName -and Surname -eq $SurName }).SamAccountName

    Set-ADUser $ADUser -Manager $ADManager -Department $User.Department
    }
    Set-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null
    argument and try the command again.
    At line:12 char:12
    + Set-ADUser $ADUser -Manager $ADManager -Department $User.Department
    + ~~~~~~~
    + CategoryInfo : InvalidData: (:) [Set-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.
    SetADUser

    Any ideas

    Thanks

    Debo
  • Error message tells us the story:
    Set-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null

    So the Get-ADUser is not finding the user. This means we have some bad data. Try doing this at a Powershell prompt and see what happens:

    Get-ADUser -Filter { GivenName -eq "Evas" -and Surname -eq "Wilam" }

    GivenName = First Name
    SurName = Second Name
  • Hi Martin,

    It was a spelling mistake in the name, after that it worked ok but the Manager under organisation in AD change to manager name is ADmanger a valid command?

    Thanks

    Debo


  • Sorry? Not sure what the problem you're having? Did you get an error message from Powershell you could post?
  • I think that debops is asking how to set the manager name.

    Full details can be found by entering Get-Help Set-ADUser -Full (or Get-Help Set-ADUser -Online). But, simply, once you've gotten the user account from Get-ADUser, you can then pipe that to Set-ADUser -Manager <manager name> just like Martin showed.

  • I do have some functions I wrote that will help with controlling the Manager field after this initial install:

    http://thesurlyadmin.com/2013/02/18/setting-the-manager-field-in-active-directory/
  • Hi,

    here is the tool for Bulk user modification - ADManager Plus ManageEngine

    Link:http://www.manageengine.com/products/ad-manager/active_directory_bulk_user_management.html#Modification