Scripting Active Directory does not necessarily require additional modules. With simple .NET Framework methods, you can achieve amazing things. In fact, this technique is so powerful that you should not run the following example in your productive environment until you understand what it does.
The next piece of code finds all users in your Active Directory that are located in CN=Users and have no mail address. It then assigns a default mail address, consisting of first and last name plus "mycompany.com".
# adjust LDAP path (i.e. remove CN=Users to search the entire domain): $SearchRoot = 'LDAP://CN=Users,{0}' -f ([ADSI]'').distinguishedName.ToString() # adjust LDAPFilter. Example: (!mail=*) = all users with no defined mail attribute $LdapFilter = "(&(objectClass=user)(objectCategory=person)(!mail=*))" $Searcher = New-Object DirectoryServices.DirectorySearcher($SearchRoot, $LdapFilter) $Searcher.PageSize = 1000 $Searcher.FindAll() | ForEach-Object { $User = $_.GetDirectoryEntry() try { # Set mail attribute $User.Put("mail", ('{0}.{1}@mycompany.com' -f $user.givenName.ToString(), $user.sn.ToString())) # Commit the change $User.SetInfo() } catch { Write-Warning "Problems with $user. Reason: $_" } }
This example code can read and change/set any attribute. This is especially useful for custom attributes that often cannot be directly set by cmdlets.
