Change user attribute based on group membership - Richard Siddaway's Blog

Change user attribute based on group membership

Want to change an attribute on all members of an Active Directory group. Then try this

Get-ADGroupMember -Identity Legal |             
where {$_.objectclass -eq "user"} |            
foreach {            
 Set-ADUser -Identity $($_.distinguishedName) -Department "Student"            
}

Get the group members – filter out nested groups by checking the objectclass of the object. For each user set the attribute.

You can test its worked or look at an attribute in a similar way

Get-ADGroupMember -Identity Legal |             
where {$_.objectclass -eq "user"} |            
foreach {            
 Get-ADUser -Identity $($_.distinguishedName) -Property Department |            
 select Name, distinguishedName, Department            
}

You can perform a similar process with the Quest cmdlets

Published Mon, Sep 17 2012 21:24 by RichardSiddaway

Filed under: PowerShell and Active Directory

Leave a Comment

Title (required)
Name: (required)
Website: (optional)
Comments (required)
Remember Me?
Enter the numbers above: