Powershell – How to set an arbitrary (non default) attribute for an AD user or AD Contact

active-directoryexchangepowershell

I have AD Users, or contacts that are not Exchange Mailbox users, or contacts.

I also have a SSO system (Ping Identity… technology similar to Microsoft ADFS), where it leverages the AD Schema attribute: CustomAttribute1 to store information needed for SSO. This CustomAttribute1 was created by the Exchange Schema.

I would like to use CustomAttribute1 for both AD Users and AD Contacts, as well as the Exchange equivalent user and contacts.

Question

Since the Exchange tools will only allow me to modify "Exchange" users, what is the way to modify the AD counterpart? e.g. if the following command sets a mailbox…

set-mailbox -Identity christopher@company.com  -CustomAttribute1  chris@company.com  -WarningAction silentlyContinue

What command will allow me to update an AD user (non-mailbox) under the same schema attribute?

Best Answer

Active Directory users are modified with Set-ADUser. A specific attribute could be modified with the -replace switch.

For example, to update the Info attribute in Active Directory and replace it with a new value:

Set-ADUser john.smith –replace @{info="John Smith is a Temporary Contractor"}

In your case, you'd be using something very much like:

Set-ADUser christopher –replace @{CustomAttribute1="chris@company.com"}

Related Solutions

Powershell – Can’t give ‘send-as’ permissions in Exchange 2010

I've finally fixed this.

Interestingly Send-As is an AD permission - not an exchange permission as you might have expected.

Anyway, these are the steps:

Make the target mailbox "shareable" using this command in Powershell on your Exchange Server:

Set-Mailbox user1 -type:shared

If you get this error (same as in my first post): AD Failure

You will need to find that user in AD and go to the properties >> Security >> Advanced:

AD Properties

You need to ENABLE the option to "Include inheritable permissions from this object's parent":

enter image description here

Once that is done you should be able to complete the folder share script.

Then actually grant the rights using this command:

Add-ADPermission user1 -User Ourdomain\User2 -ExtendedRights "Send As"

Hope that helps others who have the same problem.

Kieran

Powershell – How to suppress “Yellow Text” from Exchange Set-Mailbox, when -WarningAction doesn’t seem to work

You can try setting the warning action before running the command:

$oldWarningPreference = $WarningPreference
$WarningPreference = 'SilentlyContinue'
set-mailbox -Identity  user@company.com -CustomAttribute6 knruiz@nfp.com -ErrorAction SilentlyContinue
$WarningPreference = $oldWarningPreference

Best Answer

Related Solutions

Powershell – Can’t give ‘send-as’ permissions in Exchange 2010

Powershell – How to suppress “Yellow Text” from Exchange Set-Mailbox, when -WarningAction doesn’t seem to work

Related Topic