Set Extension Attribute value for bulk users in Active Directory

Posted on by Dean Grant

I was recently reminded of a powershell script I compiled many months ago, to set a specified extension attribute to the location of JPEG a on a network share which would be used as the users profile picture within Sharepoint.

The script was dependant on two items. Firstly,  the cmdlet’s require ActiveRoles Management Shell for Active Directory to be installed and the filename of the JPEG file is required to match the username of each user.

As mentioned previously, the script is dependant on the installation of ActiveRoles Management Shell for Active Directory being installed and therefore, we need to load the snap-in to the current session

# Adds the Quest.ActiveRoles.ADManagement snap-in to the current session.
Add-PSSnapin Quest.ActiveRoles.ADManagement

The script will require a number of variables to be specified for the UNC path of the shared folder where the JPEG files are located ($UNC) and  the canonical name of the object in the domain to retrieve user objects ($SearchRoot). In the below examples the UNC path is \\Server\Share\ and the domain object is the ‘Users’ organisational unit located in the domain ‘domain.local.

# Variables required to be completed for UNC path of shared folder and canonical name of domain object
$UNC = “\\Server\Share\”
$SearchRoot = “OU=Users,DC=domain,DC=local”

The script will then invoke the command to retrieve all users in the top level organisational unit and set this as a variable.

# Retrieve all users in the organisational unit and stores them in a variable
$Users = Get-QADUser -SearchRoot $SearchRoot

For each item returned in the loop, the script firstly determines if the JPEG file exists on the network shared folder and then if this does, sets the extensionattribute2 to be the UNC path.

# Provides a loop on each item stored in the variable.
foreach ($User in $Users)
{
# Determines if the profile picture exists for the user.
If (Test-Path ($UNC + $User.SamAccountName +”.jpg”))
{
# If the profile pictures exists, the extensionattribute2 value is changed for the user account.
Set-QADUser -Identity $User.Name -ObjectAttributes @{“extensionattribute2″=”” + $UNC + $User.SamAccountName + “.jpg”}
}
}

The above methodology can be applied for modifying any attribute value within Active Directory, not just my example. Also, the above was compiled in a Windows 2003 domain where the ‘Active Directory Module for Windows PowerShell’ was not available so by using the cmdlets loaded by this snap-in, the dependency on ActiveRoles Management Shell for Active Directory can be removed.

2 thoughts on “Set Extension Attribute value for bulk users in Active Directory

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s