Archive for the 'Active Directory Updates' Category

Updating the country Attribute in Active Directory

Published July 29, 2011 Active Directory , Active Directory Updates , Active Directory Users and Computers (ADUC) , Development , Microsoft Active Directory , Tools Leave a Comment
Tags: , , , , , , , , ,

Active Directory stores most of the commonly-used attributes internally in a string syntax, including most naming and address attributes as well as many organizational attributes. The process used to programatically update string attributes is usually very straightforward and merely requires you update the attribute value and then commit the changes to the directory.

Ah, but exceptions seem to always come up even with straightforward processes. In many cases, we see this happen when updating the country attribute in Active Directory. At first glance this attribute seems just like the other address attributes in AD: streetAddress, l, st, postalCode, etc. When you look at the country for a user account in Active Directory Users and Computers (ADUC), you see the nice friendly name for the country. Updating this value merely requires you to select another country and update the changes.

But try updating the country attribute programatically in Active Directory. Looking through the raw attributes for a user account using a tool like ADSI Edit or Active Directory Explorer shows several promising candidate attributes to use to update the country data. As you dive deeper, though, you’ll notice that there are actually three different country-related attributes. What gives?

At the end of the day, to update a country value in Active Directory requires you to update three different attributes at the same time: the countryCode, c and co attributes. Better yet, you must update two of the values, countryCode and c, using the appropriate integral and string ISO 3166 country code values or the update will fail.

  • countryCode (Country-Code): ISO-3166 Integer value
  • c (Country-Name): ISO-3166 2-digit string value
  • co (Text-Country): Open string value
So just remember if you are updating the country attribute in AD that you actually need to update the countryCode, c and co attributes together. You can get a great downloadable list of ISO 3166 country codes from the ISO and this can help you create a drop-down list with matching values for your application.

Simple PowerShell Script to Bulk Update or Modify Active Directory User Attributes

Published July 18, 2011 Active Directory , Active Directory Updates , Powershell Leave a Comment
Tags: , , , , , ,

I spoke at a conference a couple of months ago about Active Directory management and free tools available to help with AD management. One of the attendees from the presentation recently asked for some guidance using PowerShell to perform a bulk update of AD user information.

The simple PowerShell snippet here uses the Get-ADUser cmdlet from the ActiveDirectory PowerShell module to retrieve all the users in one OU and then iterate the users to set a couple of AD properties. Refer to the documentation references below the script for more information about the specific cmdlets and how to use the ActiveDirectory module for PowerShell.

PowerShell Script to Bulk Update AD User Information

# Get all users in the Finance OU.
$FinanceUsers = Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM"
# Iterate the users and update the department and title attributes in AD.
foreach($FinanceUser in $FinanceUsers)
{
    # Update properties.
    $FinanceUser.department = "Finance"
    $FinanceUser.title = "Analyst 1"   
    # Update the user data in AD using the Instance parameter of Set-ADUser.
    Set-ADUser -Instance $FinanceUser
}

The example uses the Instance parameter of Set-ADUser to update each user in the OU. The parameter allows any modifications made to the ADUser object to go to the corresponding Active Directory object while only updating object properties that have changed.

Handy ActiveDirectory Module Cmdlet References

Top 3 issues with Identity Management and Active Directory

Published October 20, 2010 Active Directory Password , Active Directory Updates , Microsoft Active Directory , PeoplePassword , PeopleSearch & PeopleUpdate Leave a Comment
Tags: , , , , , , , , ,

Web Active Directory has been in the identity management business for over 6 years now and the one thing that we have learned in that time is that there are three critical areas that solutions such as ours need to adhere to, they are:

  1. Security
  2. Security
  3. Security

We hear you loud and clear.  That is why we have built our solutions, PeoplePassword and PeopleUpdate to securely delegate repetitive and costly tasks to end users and business owners.  However, we have not stopped there.  Coming soon, is our new and improved role-based access control (RBAC) on a new, robust platform that will enable customized RBAC for searching, updating, and provisioning of Active Directory objects.  Additionally, we have added the powerful Microsoft Windows Workflow 4 and PowerShell 2.0 to completely automate and customize the business process rules around the way you do business.  No longer will you have to conform your business process to the software, but rather make the software work with your business process.  What a concept – eh!

To learn more about the new platform and when it will be available, or to sign up for our beta program, fill out the following form and we will put you on our notification list. 

In the meantime, please visit our website at www.webactivedirectory.com, or call us toll free at +1-800-747-3565

New PeopleUpdate demostration videos – Web-based, Active Directory Management

Published May 3, 2010 Active Directory Updates , Microsoft Active Directory , PeopleSearch & PeopleUpdate Leave a Comment
Tags: , ,

Our engineers have created a series of demonstration online videos that provide insight into how PeopleUpdate can be used to delegate active directory updates out to the information and business owners within your organization.  Each video provides a different view of PeopleUpdate through the eyes of a typical end-user, a typical HR-user and a typical IT-user.  Here are the links to the online YouTube videos:

Typical end-user view - 

Typical HR-user view –

Typical IT-user view –

Needless to say, there are many other ways you can configure and customize PeopleUpdate to manage your Active Directory information based on your organizations’ needs.  Please take a look at the videos and let us know if you have any questions or comments.  And remember, you can always request a 30-day evaluation of PeopleUpdate on our website or call us toll free at +1-800-747-3565.

Dynamic email signature that pulls from Active Directory

Published February 24, 2010 Active Directory Updates , Microsoft Active Directory , Powershell , Tools Comment
Tags: , , , , , , , , ,

I’m sure if asked everyone could come up with a few reasons for having Active Directory kept with accurate information…but here is another one I came across.  The link below is to a script that allows you to create email signatures for your users in Outlook by pulling in the information that is kept in Active Directory.  So if you update Active Directory on a regular basis and/or allow users to use a delegated update to Active Directory like PeopleUpdate then this script has some real value to you.

http://gallery.technet.microsoft.com/ScriptCenter/en-us/b6dfc6d1-5354-4ed0-9856-9547d19ef670/view/Discussions

It looks like the most logical place to apply this script would probably be a login script so that the signature is updated every time the user logs in.  If you are doing desktop virtualization then this is another powerful tool to automate the profile setup process.

If you are interested in delegating updates to Active Directory to your end-users, human resources department, etc then you should check out Web Active Directory’s PeopleUpdate product at http://www.webactivedirectory.com

Slipstick Systems Outlook and Exchange Solutions Center
Utilities, how to's and other solutions for Microsoft Outlook and Microsoft Exchange users, administrators and developers

Share this blog

Facebook Twitter More...

Enter your email address to subscribe to WebActiveDirectory blog via email.

Join 243 other followers

Web Active Directory Products

Download PDF product data sheets:
Follow

Get every new post delivered to your Inbox.

Join 243 other followers