PowerShell: Extension Attributes Server 2012

PowerShell: Extension Attributes Server 2012

A few days ago I wrote up a small post on modifying extension attributes for computer objects in Active Directory. I recently set up a lab with Server 2012 and found that extensionattribute1 is now msDS-cloudExtensionAttribute1, and if you just drop in msDS-cloudExtensionAttribute1 without quotes it has issues… This gave me a small headache, after reading this link I found that simply putting quotes around it, fixed it. The following code should work better in a server 2012 enviornment.

import-module activedirectory
$machines = Get-Content "C:\PATH TO LIST\feedme.txt"
foreach($machinename in $machines)
{
    Set-ADComputer $machinename -add @{"msDS-cloudExtensionAttribute1" = "SALOMONTEST"}
    write-host $machinename " is done."
}

If you want to remove an attribute from a list the following should work:

import-module activedirectory
$machines = Get-Content "C:\PATH TO LIST\feedme.txt"
foreach($machinename in $machines)
{
    Set-ADComputer $machinename -clear @{"msDS-cloudExtensionAttribute1"}
    write-host $machinename " is done."
}

3 thoughts on “PowerShell: Extension Attributes Server 2012

  1. Hi,

    To remove.clear the value just use…
    Set-ADComputer $machinename -clear “msDS-cloudExtensionAttribute1”

    Otherwise you get the error “Missing ‘=’ operator after key in hash literal.”

    Cheers,
    Jeremy

  2. Here is what I did based on your suggestion. # Pull the seosisn information from each instance ForEach ($queryResult in $queryResults) { $RDPUser = $queryResult.USERNAME $seosisnType = $queryResult.SESSIONNAME If ($seosisnType -ne $NULL ) {$ICA = $seosisnType.startswith( ica )} # We only want to display where a person is logged in. Otherwise unused seosisns show up as USERNAME as a number If ($RDPUser -match “[a-z]“ -And $RDPUser -notmatch “Disc” -And $RDPUser -notmatch “Down” -and $RDPUser -ne $NULL -and $ICA -match False ) { # When running interactively, uncomment the Write-Host line below to show the output to screen Write-Host $ServerName logged in by $RDPUser on $seosisnType $SessionList = $SessionList + `n`n + $ServerName + logged in by + $RDPUser + on + $seosisnType } }} I also excluded any ICA seosisns, as we have a bunch of citrix servers, and we just want to audit the admins who leave RDP seosisns open.

  3. Hi Clay,Thanks for the note on this. I wasn’t as clear on the output for doenicnectsd sessions. For my environment I actually have hung doenicnectsd sessions sometimes so I didn’t do any additional management for that result.To get around this we can adjust the If statement which generates the results to return to the console/email:Currrent: If (($RDPUser -match “[a-z]“) -and ($RDPUser -ne $NULL)) {Remove results if the Username is Disc: If ($RDPUser -match “[a-z]“ -And $RDPUser -notmatch Disc -and $RDPUser -ne $NULL) {Now that I look at it, I had some unnecessary brackets in the statement Hopefully I’ll have some time to update the post to reflect that change. Thanks for the input!Eric

Comments are closed.

Comments are closed.