Powershell – Active Directory Module for PowerShell Get-ADObject and Set-ADObject don’t work with custom attribute

ad-ldspowershell

I am trying to work with a custom attribute in an AD LDS instance that I did not create, using the Active Directory Module for PowerShell. Unfortunately, the cmdlets Get-ADObject and Set-ADObject are not returning the results I expected. In fact, any parameters using PowerShell language are not working on this attribute. The custom attribute has an LDAP display name of 'jenzabar-ICSNET-GenericFlags'.

Get-ADObject returns no results if I use the custom attribute in my Where-Object parameter, even though I know that there are plenty of objects with this custom attribute set to this value:

Get-ADObject -Server 'localhost:389' -SearchBase 'CN=Academics,CN=Portal,O=Jenzabar,C=US' | Where-Object {$_.'jenzabar-ICSNET-GenericFlags' -eq '1'

However, if I use the custom attribute in a filter parameter then I see the expected list of results:

Get-ADObject -Server 'localhost:389' -SearchBase 'CN=Academics,CN=Portal,O=Jenzabar,C=US' -Filter 'jenzabar-ICSNET-GenericFlags -eq 1'

Additionally, if I use that query and I select the jenzabar-ICSNET-GenericFlags from the results then even though I get results, the column showing the custom attribute is empty. The column doesn't even show brackets {}, as though I had selected an unknown attribute. There's nothing in the column at all.

Finally, Set-ADObject used to replace the value of the custom attribute seems to fail silently. This query produces no error or other message, but fails to modify the custom attribute:

Set-ADObject -Server 'localhost:389' -Identity 'CN=Overview,OU=Pages,CN=2014 JA-WTC  600-05,CN=WTC  600,CN=WTC,CN=Academics,CN=Portal,O=Jenzabar,C=US' -Replace @{'jenzabar-ICSNET-GenericFlags'='0'}

I know there must be some rule about what kinds of attributes I can use the Get-ADObject and Set-ADObject cmdlets on, but I don't know what the rules are. I don't know how to determine what kind of attribute this custom attribute is. The Active Directory Schema is not installed.

Thanks in advance.

Best Answer

Get-ADObject only returns a subset of attributes from Active Directory.

You can speficy additional attributes with the Properties parameter:

$ADObjectSplat = @{
    Server     = 'localhost:389'
    SearchBase = 'CN=Academics,CN=Portal,O=Jenzabar,C=US'
    Properties = 'jenzabar-ICSNET-GenericFlags'
}
Get-ADObject @ADObjectSplat | Where-Object { $_.'jenzabar-ICSNET-GenericFlags' -eq 1 }
Related Topic