I want to replace AD attribute "userPrincipalName" value according to CSV file header value here is what csv file(group.csv) contains
sAMAccountName
--------------
test.user1
test.user2
below the script
$data = Import-Csv -Path .\group.csv -Header 'sAMAccountName'
foreach($user in $data){
Get-ADUser -Filter {sAMAccountName -eq "$($user.sAMAccountName)"} | Set-ADUser -Replace @{userPrincipalName="$($user.sAMAccountName)@RES.GROUP"}
}
here I want to replace AD attribute "userPrincipalName" with the value of sAMAccountName from csv file, something like [email protected]
this script does not work, can anyone please correct it?
CodePudding user response:
Ok, since your comment shows the CSV file indeed does not have a header, I would suggest changing the code to:
$data = Import-Csv -Path .\group.csv -Header 'sAMAccountName'
foreach($user in $data) {
$adUser = Get-ADUser -Filter "SamAccountName -eq '$($user.sAMAccountName)'" -ErrorAction SilentlyContinue
if ($adUser) {
$newUPN = '{0}@res.group' -f $user.sAMAccountName
$adUser | Set-ADUser -UserPrincipalName $newUPN
}
else {
Write-Warning "No user with SamAccountName '$($user.sAMAccountName)' could be found.."
}
}
This way, any mistakes in the file will not make the code quit when a user with that samaccountname cannot be found. Instead, in that case you will see a warning about it and the code will continue with the rest of the data.
It might be worth mentioning that you can use parameter -Server on both the Get-ADUser and Set-ADUser cmdlets to make sure you use the same domain server (DC) to set the new UPN. Otherwise, you can set it on one DC, but are looking at another which doesn't show the change immediately because the servers need time to synchronize..
CodePudding user response:
Guys thanks a lot for your efforts I got a script that works for only an individual user, the script bellow
get-aduser -filter {samaccountname -eq "test.user1"} | set-aduser -replace @{userprincipalname="[email protected]"}
this script is working fine, but I want somehow to make it dynamically for all users, I have tried to create this script
Get-ADUser -SearchBase "OU=Teams,OU=Prod,DC=RES,DC=TEST,DC=GROUP" -Filter {userPrincipalName -like "*@TEST.GROUP"} -Properties sAMAccountName | FT sAMAccountName | Out-File .\group.csv
$data = Import-Csv -Path .\group.csv -Header 'sAMAccountName' foreach($user in $data){ Get-ADUser -Filter "sAMAccountName -eq '$($user.sAMAccountName)'" | Set-ADUser -Replace @{userPrincipalName="$($user.sAMAccountName)@RES.TEST.GROUP"} }
in this script, I am trying to get all users whose "userPrincipalName" attribute end with *@TEST.GROUP in AD and replace the attribute "userPrincipalName" with a user's corresponding "sAMAccountName" value
unfortunately, neither my script nor your suggested scripts are working as expected
And, I also tried this script below
$user = Import-Csv -Path .\group.csv -Header "sAMAccountName" Get-ADUser -Filter {userPrincipalName -like "*@TEST.GROUP"} | Set-ADUser -Replace @{userPrincipalName="$($user.sAMAccountName)@RES.TEST.GROUP"}
It gave an error:
Set-ADUser : The operation failed because UPN value provided for addition/modification is not unique forest-wide At line:2 char:121
- ... A.GROUP"} | Set-ADUser -Replace @{userPrincipalName="$($user.sAMAccou ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~- CategoryInfo : NotSpecified: (CN=test user2,O...C=TEST,DC=GROUP:ADUser) [Set-ADUser], ADException
