Update attribute in AD for all users

Tutorials Win: Microsoft Windows Forum

Hello:

Due to some customization I added an attribute to my 2003 AD schema for all
users in my domain. I need this attribute set to the same value for
everyone. Does anyone know how I can set this attribute for all users?

Thanks.

Harrison
Top

Re: Update attribute in AD for all users by Richard

Richard
Fri Mar 07 09:28:41 PST 2008

Harrison wrote:

> Due to some customization I added an attribute to my 2003 AD schema for
> all users in my domain. I need this attribute set to the same value for
> everyone. Does anyone know how I can set this attribute for all users?

It might be possible to do this with command line utilities. Otherwise, a
VBScript program can use ADO to retrieve the Distinguished Names of all
users. You would bind to each user object and assign the desired value to
your attribute, assuming it is a single-valued string attribute. For
example:
=============
Option Explicit

Dim adoCommand, adoConnection, strBase, strFilter, strAttributes

Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strDN

Dim strValue, objUser



' Value to be assigned to your attribute.

strValue = "New Value"



' Setup ADO objects.

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection



' Search entire Active Directory domain.

Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"


' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"



' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"



' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False



' Run the query.
Set adoRecordset = adoCommand.Execute


' Enumerate the resulting recordset.
Do Until adoRecordset.EOF

' Retrieve value.
strDN = adoRecordset.Fields("distinguishedName").Value

' Bind to the user object.

Set objUser = GetObject("LDAP://" & strDN)

' Assign value to your attribute, called "NewAttribute".

objUser.NewAttribute = strValue

' Save changes.

objUser.SetInfo

' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop



' Clean up.

adoRecordset.Close

adoConnection.Close

===========

Remember, this will modify all users, including Administrator, Guest,
disabled users, etc. You could restrict the script to an OU by changing the
base of the query. For example, change:



strBase = "<LDAP://" & strDNSDomain & ">"


to something similar to:



strBase = "<LDAP://ou=Sales,ou=West," & strDNSDomain & ">"


to only modify users in the ou=Sales Organizational Unit (which is a child
of the ou=West OU). For more on using ADO in VBScript programs, see this
link:



http://www.rlmueller.net/ADOSearchTips.htm


--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--


Top

Re: Update attribute in AD for all users by Ken

Ken
Thu Mar 13 14:44:23 PDT 2008

Harrison,

This is very easy to do with DSRAZOR for Windows.
You can list all users in your domain, select them, and update the value for
a custom text-based or number-based attribute on all of your users at once.

If you would like a free, one-on-one web-based demostration you can find it
here:
www.visualclick.com/?source=NGwin2kAD

--
Ken Aldrich
DSRAZOR for Windows
Visual Click Software, Inc.
www.visualclick.com

"Harrison Midkiff" <HMidkiff@aviinc.com> wrote in message
news:%23LsqJ%23FgIHA.1824@TK2MSFTNGP02.phx.gbl...
> Hello:
>
> Due to some customization I added an attribute to my 2003 AD schema for
> all users in my domain. I need this attribute set to the same value for
> everyone. Does anyone know how I can set this attribute for all users?
>
> Thanks.
>
> Harrison
>


Top

Re: Update attribute in AD for all users by Jorge

Jorge
Sun Mar 16 14:15:20 PDT 2008

ADFIND -b "<DN of starting OU>" -f
"(&(objectCategory=person)(objectClass=user))" -dsq | ADMOD
"YourAttribute::YourValue" -unsafe

ADFIND and ADMOD can be found at joeware.net

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Harrison Midkiff" <HMidkiff@aviinc.com> wrote in message
news:%23LsqJ%23FgIHA.1824@TK2MSFTNGP02.phx.gbl...
> Hello:
>
> Due to some customization I added an attribute to my 2003 AD schema for
> all users in my domain. I need this attribute set to the same value for
> everyone. Does anyone know how I can set this attribute for all users?
>
> Thanks.
>
> Harrison
>

Top