ADModify not working!?!

Joe Murphy · Mar 26, 2004

I have downloaded and run admodify on a test AD environment, choosing my
domain controller and an OU and then selecting individual users, choosing to
update just the Office field for testing purposes.

The log says that the changes were made to the accounts, but in AD Users and
Computers the accounts remain unchanged.

My test server is a domain controller. I'm running admodify as domain admin,
too.

Any clues?

Thanks,
JM

Cary Shultz [A.D. MVP] · Mar 26, 2004

Joe,

It seems that several people are having this problem - specifically with the
'Office' filed. I believe that I have had this problem as well. I just
tried it in three of our production environments and the Office field does
not seem to want to work in any of them. What I have done is use the
Description field ( if available ) in place of the Office field.

You can also use ldifde to modify the 'physicalDeliveryOfficeName' attribute
if this is really important.

HTH,

Cary

Guest · Mar 26, 2004

Does that field have certain security on it or something?

-----Original Message-----
Joe,

It seems that several people are having this problem - specifically with the
'Office' filed. I believe that I have had this problem as well. I just
tried it in three of our production environments and the Office field does
not seem to want to work in any of them. What I have done is use the
Description field ( if available ) in place of the Office field.

You can also use ldifde to modify

the 'physicalDeliveryOfficeName' attribute

Cary Shultz [A.D. MVP] · Mar 26, 2004

Not that I know of. Maybe it is a simple glitch in this tool? Don't know.

Cary

Cary Shultz [A.D. MVP] · Mar 26, 2004

Have sent an e-mail to the two authors of ADModify.

Cary

Guest · Mar 26, 2004

I'm playing around with ldifde right now and came across
this. Wondering if you could add your two cents

I ran the following against an OU that I know does not
have any entries at all for the 'Office' field just to see
what it would look like.

ldifde -f fsusers.ldf -d "OU=FS Users and
Computers,OU=North_America,DC=mycompany,DC=com" -
r "(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=
cytyc,DC=com)" -l "physicalDeliveryOfficeName"

This returned an .ldf file that looks like this:

dn: CN=Stauffacher\, Lee,OU=FS Users and
Computers,OU=North_America,DC=mycompany,DC=com
changetype: add

dn: CN=Cook\, David,OU=FS Users and
Computers,OU=North_America,DC=mycompany,DC=com
changetype: add

dn: CN=Benink\, Mark,OU=FS Users and
Computers,OU=North_America,DC=mycompany,DC=com
changetype: add

What do I do with this to add the word 'Field' to the
physicalDeliveryOfficeName of each of these users? Is it
changetype: add or changetype: modify? Can I modify the
field if it is empty?

Much obliged for any guidance here.

Thanks,
JM

Cary Shultz [A.D. MVP] · Mar 26, 2004

JM,

You would have to modify each user account by replacing the current value
associated with the 'physicalDeliveryOfficeName' attribute.

It would look something like this:

dn: CN=Stauffacher\, Lee,OU=FS Users and
Computers,OU=North_America,DC=mycompany,DC=com
changetype: modify
replace: physicalDeliveryOfficeName
physicalDeliveryOfficeName: Chicago
-

dn: CN=Cook\, David,OU=FS Users and
Computers,OU=North_America,DC=mycompany,DC=com
changetype: modify
replace: physicalDeliveryOfficeName
physicalDeliveryOfficeName: Chicago
-

dn: CN=Benink\, Mark,OU=FS Users and
Computers,OU=North_America,DC=mycompany,DC=com
changetype: modify
replace: physicalDeliveryOfficeName
physicalDeliveryOfficeName: Chicago
-

You are not adding a new user ( that would be changeType: add ), you are
simply changing an attribute. Just because there is no value currently
associated with the attribute does not mean that it is not there. It is.
It is just blank ( or empty ). Thus, you need to modify that value
associated with the attribute. To do this, you use the 'changeType: modify'
and then you have to replace the current value for
'physicalDeliveryOfficeName' ( empty is just as valid a value as anything
else in this case ) with whatever it needs to be ( 'Chicago' in my
example ).

HTH,

Cary

Joe Murphy · Mar 27, 2004

Worked like a champ, Cary.

LDIFDE isn't that scary after all.

Thanks,
JM

Cary Shultz [A.D. MVP] · Mar 27, 2004

Glad that you were able to get it squared away.

You are correct - ldifde is not that scary. However, the syntax is rather
unforgiving and can be a really tough nut to crack. Sometimes it is the
'approach' that one takes to this that causes the problem. The example that
I always use is that of group membership.

You might think that you could simply go to each user account and use the
memberOf: attribute to add each group to which that user is a member. No!
Not gonna work. You have to go to the group account and use the member:
attribute and add each and every user.

There are also some attributes that you can not add and there are some
attributes that you *must* have ( when creating users / groups / etc. ).

Cary

Display Name changed but did not update display name field	1	Mar 31, 2007
admodify and samaccountname append	2	Jan 15, 2004
Unable to log on with a domain account	3	Oct 1, 2007
AD for Multi tenancy	0	Aug 10, 2010
Migrating from multiple child domain environment to single domain with OUs. What's correct method?	5	Oct 12, 2007
Prevent some Domain Admin Account from creating USERS, Groups, OUs	2	Jan 4, 2008
pc takes time to apply computer settings	1	Apr 5, 2007
Slow Logons and Can't open files	0	Sep 29, 2009

ADModify not working!?!

Joe Murphy

Cary Shultz [A.D. MVP]

Guest

Cary Shultz [A.D. MVP]

Cary Shultz [A.D. MVP]

Guest

Cary Shultz [A.D. MVP]

Joe Murphy

Cary Shultz [A.D. MVP]

Ask a Question

Similar Threads