Easy Script to Make Bulk Computer Object Attribute Changes

question

Set and Get AD-Computer extensionattribute in powershell

Hi,

I found how to set an extension attribute for a computer
First it must be cleared
Set-ADcomputer –Identity computername -Clear "extensionAttribute15"

Then I can fill it
Set-ADcomputer -Identity computername -Add @{extensionAttribute15 = "anystring"}

It becomes tricky when I then try to extract
$value = Get-ADcomputer -identity KRKL0590 -Properties extensionAttribute15 | Select-Object extensionAttribute15

$value
@{extensionAttribute15=12/06/2021 00:00:00} (my script actually pushed a date in me extensionAtribute15)

$value.extensionAttribute15
gives nothing.

It looks like a hash but I can't manipulate it like it, it would seem.
I don't find how to extract only the value of extensionAttribute15.

Any help appreciated.

Thank you.

windows-server-powershell windows-active-directory

Hello,

Is it possible to tell us how you put the value in the extensionAttribute15 ?
I've tried to put some value in it and it works fine for me :

Regards,

0 Votes 0 ·

It's in my first post :
Then I can fill it
Set-ADcomputer -Identity computername -Add @{extensionAttribute15 = "anystring"}

Can you show $value.gettype() ?

0 Votes 0 ·

Below the command

0 Votes 0 ·

The code is this one at the moment. There are other corrections to do I know.

                                      $ComputersWithManagedBy = get-adcomputer -ldapfilter '(managedby=*)' -properties name, managedby | select-object name, managedby       $currentday = (Get-Date).ToUniversalTime()    $validedate = (Get-Date).adddays(7).ToUniversalTime()               Foreach ($CPT in $ComputersWithManagedBy){           $ExpiryDate = Get-ADcomputer -identity $CPT -Properties extensionAttribute15 | Select-Object extensionAttribute15           #struggling here with the date format      if ($ExpiryDate -gt $validedate){      Write-Host "Date is more than 7 days. Correcting to within 7 days. Maximum accepted value."      Set-ADcomputer –Identity $CPT -Clear "extensionAttribute15"      Set-ADcomputer -Identity $CPT -Add @{extensionAttribute15 = "$validedate"}      }elseif($ExpiryDate -le $currentday ) {              write-host "Emptying Managed by field"              #some code          }else{               write-host "Date is inferior we don't take action"           }  }                                  

Your first problem is on line #8. When you use the "Select-Object" cmdlet the object that's returned is a PSCustomObject with a NoteProperty named "extentionAttribute15". To get the actual value you'd use $ExpiryDate.extentionAttribute15. You can get the actual value (without the creation of a PSCustomObject) by doing this: Select-Object -Expand extentionAttribute15.

The next problem is on line #11. Even by using the "-Expand" technique you're left with a string value, not a DateTime object in $ExpiryDate. Comparing dates using strings is subject to quite a few problems that lead to inaccuracies and incorrect results. You should cast $ExpiryDate as a "[DateTime]" object.

Line #14 should 1) remove the surrounding quotation marks from the $validedate, and 2) you should probably drop the time portion of the $validedate object before you store it: $validedate.Date.ToString("MM/dd/yyyy") -- unless the time of day is important (which it probably isn't).

Hi Rich,

thank you so much for all this. I will review and come back to you.

There was another issue on line 8. $CPT.name in Get-ADComputer

I also had to deal with potential empty value.

Here is the corrected and working script. Thank you so much. I'll later had a test for searching "NEVER" string in my attribute. And make it run on multiple domains :)

                                          $ComputersWithManagedBy = get-adcomputer -ldapfilter '(managedby=*)' -properties name, managedby, extensionAttribute15 | select-object name, managedby, extensionAttribute15       $currentday = (Get-Date).ToUniversalTime()    $validedate = (Get-Date).adddays(7).ToUniversalTime()               Foreach ($CPT in $ComputersWithManagedBy){           $ExpiryDate = Get-ADcomputer -identity $CPT.name -Properties extensionAttribute15 | Select-Object -expand extensionAttribute15           if(!$ExpiryDate){      Write-Host "Null not allowed. Correcting to within 7 days. Maximum accepted value." -ForegroundColor DarkRed      Set-ADcomputer –Identity $CPT.name -Clear "extensionAttribute15" -WhatIf      Set-ADcomputer -Identity $CPT.name -Add @{extensionAttribute15 = $validedate.Date.ToString("MM/dd/yyyy")} -whatif      } else {      [datetime]$ExpiryDate                   if ($ExpiryDate -gt $validedate){          Write-Host "Date is more than 7 days. Correcting to within 7 days. Maximum accepted value." -ForegroundColor Red          Set-ADcomputer –Identity $CPT.name -Clear "extensionAttribute15" -WhatIf          Set-ADcomputer -Identity $CPT.name -Add @{extensionAttribute15 = $validedate.Date.ToString("MM/dd/yyyy")} -WhatIf          }elseif($ExpiryDate -le $currentday ) {                  write-host "Emptying Managed by field for $($CPT.name)" -ForegroundColor Yellow                  #some code              }else{                   write-host "Date is inferior to 7 days we don't take action for $($CPT.name)" -ForegroundColor Green          }

Share this post