Updating Multi-Valued Active Directory Properties Part 2

A few weeks ago I posted about updating multi-valued attributes in Active Directory. Part 1 covered how to accomplish this in PowerShell using ADSI. In Part 2 I’ll show you how to accomplish this using the free Active Directory cmdlets from Quest Software. As you’ll see, the over all process isn’t that much different. Except that using cmdlets simplifies a lot of the typing.

In a PowerShell session I’ll first need to add the Quest snapin.


PS C:\> Add-PSSnapin Quest.ActiveRoles.ADManagement

For the same of simplicity, I’m only going to update a single user; but it wouldn’t take much more work to apply the following concepts to any number of users. I’m going to get the Roy G.Biv user account from the Globomantics domain using the Get-QADuser cmdlet. I’m interested in the ProxyAddresses property, which is multi-valued.


PS C>\> $roy=get-qaduser rgbiv
PS C:\> $roy=get-qaduser rgbiv
PS C:\> $roy.ProxyAddresses
SMTP:RoyG.Biv@globomantics.local

Right now, there is only one value. Let’s add one using the Set-QADUser cmdlet. Now, this cmdlet offers parameters for many properties, but unless I missed it, there is no parameter for this value. In these situations, we’ll use the -OtherAttributes parameter. This expects a value of an associate array, or hash table, where the key is the property name and the value is the new property value. Here’s how I’ll add a new proxy address.


PS C:\> $roy | set-qaduser -objectAttributes @{ProxyAddresses=@{Append=@("roy@globomantics.com")}}

The hash table value is in fact another hash table. The key is the multivalue operation that we saw in Part 1. In this case I want to append. The value I want to append is an explicit array that only has a single item. Let’s refresh the user object and see what we have.


PS C:\> $roy=get-qaduser rgbiv
PS C:\> $roy.ProxyAddresses
roy@globomantics.com
SMTP:RoyG.Biv@globomantics.local

Oops! It worked, but I forgot to include the SMTP prefix. No problem. I’ll update the entry.


PS C:\> $roy | set-qaduser -objectAttributes @{ProxyAddresses=@{Update=@("SMTP:roy@globomantics.com",$roy.proxyAddresses[1])}}
PS C:\> $roy=get-qaduser rgbiv
PS C:\> $roy.ProxyAddresses
SMTP:roy@globomantics.com
SMTP:RoyG.Biv@globomantics.local

I need to specify all the values that I want to include, so the second value is the second Proxy address from the current $roy object. But you can see that it works.

Finally, let’s say I no longer want the address I just added. I’m going to use basically the same syntax except my nested hash table will indicate Delete and the item to remove.


PS C:\> $roy | set-qaduser -objectAttributes @{ProxyAddresses=@{Delete=@("SMTP:roy@globomantics.com")}}
PS C:\> $roy=get-qaduser rgbiv
PS C:\> $roy.ProxyAddresses
SMTP:RoyG.Biv@globomantics.local

And there we are! This is much easier, I think, than trying to use ADSI code. This especially is an improvement when you want to update many user accounts. There is less scripting when using a pipelined expression. I’ll be back one more time to show how to use the Microsoft Active Directory cmdlets.

If you are looking for more documentation on managing Active Directory with Windows PowerShell, I hope you’ll take a look at Managing Active Directory with Windows PowerShell: TFM. (2nd ed)