Other Posts in this Series:
- LDAP Does Not Return All Active Directory Group Members
- The Difference Between ADSI and ADSISearcher
- Use ADSI to Check if a User is a Member of an AD Group
- Use ADSI to Check if a Computer is a Member of an AD Group
- Use ADSI to Migrate AD Group Members
This post provides an example of how we can use ADSI to set and clear Active Directory Attributes. We search for a user called “alkaneuser” and set or clear the department attribute.
$objSearcher=[adsisearcher]'(&(objectCategory=person)(objectClass=user)(sAMAccountName=alkaneuser))'
$colProplist = "samaccountname","department"
foreach ($i in $colPropList) { $objSearcher.PropertiesToLoad.Add($i) | out-null }
$colResults = $objSearcher.FindOne()
if ($colResults -ne $null)
{
$user = [adsi]($colResults.Properties).adspath[0]
#set attribute
$user.Put("department", "Example department2");
$user.setinfo();
#clear attribute - uncomment as required
#$user.PutEx(1, "department", 0);
#$user.setinfo();
}
