简体   繁体   中英

Add An AD Attribute To All Users In an AD Group

We have a few groups that we are playing with. We'll call it Group1 Group2 Group3. We then have a custom AD Attribute called "team". We need to take all the users of Group1 and change their AD Attribute to "Group1" etc etc. I've looked at a few ways to do this but am drawing up a blank. Any suggestion is greatly appreciated.

There are a few functions to work with here, and this will require that you have the AD module installed for PowerShell.

First, you'll need to get all of the members of the group, and you likely want to do it recursively. So that's:

Get-ADGroupMember -Identity "Group A" -Recursive

Running that on its own should give you all the members. But now you want to do something with what you got back from that function, so you want to loop over them

Get-ADGroupMember | ForEach-Object {
     # You'll do something with each member here.    
}

And what you want to do it set the AD attribute, which you can do with Set-ADUser. While most attributes can be set easily as they're all properties of the function, yours appears to be custom so you need to use -replace . That looks like this:

Get-ADGroupMember | ForEach-Object {
     Set-ADUser -Identity $_ -Replace @{"Team"="Group A"} -WhatIf
}

The -WhatIf on the end makes the function tell you what it would do, but it doesn't actually do it. I've left it there so you don't accidentally run the code without testing it out first. When you want this to actually do something, remove that text.

You should try this on a small group with one or two people to make sure it works the way you want, and then when you're ready, hit the larger group

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM