Quick Script to Edit a Single Attribute in AD on a Single User Account

  • Article

There are no real dependencies for this script, PSv1 or v2, no snap-ins, no modules….just plain old PS (POPS :) ).  No magic happening here, just some basic read-host and ADSI in play.  I wrote it for a colleague and thought I would share.

 #This will probably only work for strings and simple numbers and such.                        $username = read-host "Enter a Username"                                    $searcher = New-Object system.directoryservices.directorysearcher            $searcher.filter = "(samaccountname=$username)"            $searchresult = $searcher.FindAll()                        If ($searchresult.count -ne 1)            {                "A single SamAccountName was not matched properly"                "$($searchresult.Count) records found"                $searchresult                return            }            $adobject = $searchresult[0].GetDirectoryEntry()                        "Found $($adobject.Get("DisplayName"))"                        [string]$attributename = read-host "Enter the name of the attribute you want to edit"                        $currentEAP = $ErrorActionPreference            $ErrorActionPreference = "Silentlycontinue"            "Current value of $attributename is " + $adobject.get($attributename)            $ErrorActionPreference = $currentEAP                        $newvalue = Read-Host "Enter the new value (or hit Ctrl-C to Exit)"                        $adobject.Put($attributename,$newvalue)            $adobject.SetInfo()

I hope this is useful to someone out there :)

 

-Gary Siepser

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at https://www.microsoft.com/info/cpyright.htm.