Update attribute in AD for all users

[Harrison Midkiff]

Hello:

Due to some customization I added an attribute to my 2003 AD schema for all
users in my domain. I need this attribute set to the same value for
everyone. Does anyone know how I can set this attribute for all users?

Thanks.

Harrison

 

[Richard Mueller [MVP]]

Due to some customization I added an attribute to my 2003 AD schema for
all users in my domain. I need this attribute set to the same value for
everyone. Does anyone know how I can set this attribute for all users?

It might be possible to do this with command line utilities. Otherwise, a
VBScript program can use ADO to retrieve the Distinguished Names of all
users. You would bind to each user object and assign the desired value to
your attribute, assuming it is a single-valued string attribute. For
example:
=============
Option Explicit

Dim adoCommand, adoConnection, strBase, strFilter, strAttributes

Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strDN

Dim strValue, objUser



' Value to be assigned to your attribute.

strValue = "New Value"



' Setup ADO objects.

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection



' Search entire Active Directory domain.

Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"


' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"



' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"



' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False



' Run the query.
Set adoRecordset = adoCommand.Execute


' Enumerate the resulting recordset.
Do Until adoRecordset.EOF

' Retrieve value.
strDN = adoRecordset.Fields("distinguishedName").Value

' Bind to the user object.

Set objUser = GetObject("LDAP://" & strDN)

' Assign value to your attribute, called "NewAttribute".

objUser.NewAttribute = strValue

' Save changes.

objUser.SetInfo

' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop



' Clean up.

adoRecordset.Close

adoConnection.Close

===========

Remember, this will modify all users, including Administrator, Guest,
disabled users, etc. You could restrict the script to an OU by changing the
base of the query. For example, change:



strBase = "<LDAP://" & strDNSDomain & ">"


to something similar to:



strBase = "<LDAP://ou=Sales,ou=West," & strDNSDomain & ">"


to only modify users in the ou=Sales Organizational Unit (which is a child
of the ou=West OU). For more on using ADO in VBScript programs, see this
link:



http://www.rlmueller.net/ADOSearchTips.htm

 

[Ken Aldrich]

Harrison,

This is very easy to do with DSRAZOR for Windows.
You can list all users in your domain, select them, and update the value for
a custom text-based or number-based attribute on all of your users at once.

If you would like a free, one-on-one web-based demostration you can find it
here:
www.visualclick.com/?source=NGwin2kAD

 

[Meinolf Weber]

Hello Ken,

SPAM

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Ken Aldrich]

Sorry Meinolf, but the help I offered the original poster is far from spam.
I posted a very workable solution to his problem.
It is relevent information and I do not understand how you can characterize
it as spam.
Not everyone on these newsgroups wants to learn how to script, and supported
solutions are preferred by some.
You may not know if the information I offered is a good fit for him or not.
It could be that a 3rd party product saves him valuable time completing a
mundane task, freeing him up to peform more important duties. It could be
that scripting is the best fit for him. Lets let the person that posted the
problem decide his preferred solution. I know, as an administrator, when
I'm trying to solve a problem I like to learn several solutions and choose
the best... rather than being limited on options. This is a friendly
community trying to help each other afterall.

 

[Jorge de Almeida Pinto [MVP - DS]]

ADFIND -b "<DN of starting OU>" -f
"(&(objectCategory=person)(objectClass=user))" -dsq | ADMOD
"YourAttribute::YourValue" -unsafe

ADFIND and ADMOD can be found at joeware.net

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx

 

[Meinolf Weber]

Hello Ken,

You are providing only a link to YOUR company, that's the reason.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Ken Aldrich]

Meinholf,

That doesn't make it spam.
I can understand concern about unsolicited advertisements and all of that.
Nobody likes unhelpful clutter.
Many people on these newsgroups link software to help people out . And often
times when I link DSRAZOR we get someone that reads the post and thanks us
for posting the information. They use our software to quickly solve their
problem so they can move on to the next challenge... without having to spend
a lot of time scripting or figuring out unsupported solutions. Not everyone
is after the free solution if its complicated, some people want easier
solutions and are willing to pay for them. I think most people that come to
these newsgroups for help are genuinely appreciative that they're given
options.... at least thats what I hear when someone calls me on the phone
and says, "Hey, you're the guy that posted a reply to my question online.
Thanks. Now, show me how this works."

Thanks for reading