Windows LiveWindows Live
 
 
Richard's profileRichard Siddaway's BlogPhotosBlogLists Tools Help

Blog
    April 23

    AD attributes

    I had a question come through as a private message regarding how to extract a particular attribute for user objects. The script wasn’t working because the label name in AD Users and Computers didn’t match the attribute name. This is a fairly common scenario as there are quite a few attributes like this for instance in the GUI the label is First Name but the AD attribute that we need to access in our PowerShell scripts is givenName (capitalisation isn’t mandatory).

    How can we find the correct attribute.  I tend to dive into ADSIEdit. I pick a test user. Set the value of the attribute in question to something obvious using the GUI then look it up in ADSIEdit.

    Another way is to use the information on msdn - http://msdn.microsoft.com/en-us/ms677980(VS.85).aspx.  There is a set of User Object User Interface Mapping tables one for each tab in the GUI.

    At http://msdn.microsoft.com/en-us/ms677286.aspx you can find a link that covers mapping for computers, domains, groups, OUs printers and users.

    With this information easily available and much of it defined as parameters in the AD cmdlets (Win 2008R2 and Quest) accessing AD objects in scripts becomes much easier. 

    Technorati Tags: ,
    8:25 AM | View trackbacks (1) | Blog it | PowerShell and Active Directory

    Comments (1)

    Please wait...
    Sorry, the comment you entered is too long. Please shorten it.
    You didn't enter anything. Please try again.
    Sorry, we can't add your comment right now. Please try again later.
    To add a comment, you need permission from your parent. Ask for permission
    Your parent has turned off comments.
    Sorry, we can't delete your comment right now. Please try again later.
    You've exceeded the maximum number of comments that can be left in one day. Please try again in 24 hours.
    Your account has had the ability to leave comments disabled because our systems indicate that you may be spamming other users. If you believe that your account has been disabled in error please contact Windows Live support.
    Complete the security check below to finish leaving your comment.
    The characters you type in the security check must match the characters in the picture or audio.

    To add a comment, sign in with your Windows Live ID (if you use Hotmail, Messenger, or Xbox LIVE, you have a Windows Live ID). Sign in


    Don't have a Windows Live ID? Sign up
    Paul Bendallwrote:
    This has caught me out many a time in the past (was even worse with the Exchange 5.5 directory). I now use LDP.exe which is part of the Support tools (From the CD \support\tools, double click suptools.msi). For more info check out this article:

    http://www.computerperformance.co.uk/w2k3/utilities/ldp.htm
    Apr. 23

    Trackbacks (1)

    The trackback URL for this entry is:
    http://richardsiddaway.spaces.live.com/blog/cns!43CFA46A74CF3E96!2249.trak
    Weblogs that reference this entry