Active Directory Scripting – modify Attributes
Reference page: Active Directory – Sample Scripts (Excel/VBA)
How to modify Attributes of an Object
Introduction
In Microsoft Active Directory Object Classes have Attributes representing additional information about an object. It could be Firstname, Lastname – for a person, Address and Phone number both for a person and organization. Access to Attributes is performed through LDAP calls, Get/GetEx for reading, Put/PutEx for writing.
Click the link to read more about access interface: IADs Interface.
Accessing Attributes
Get method retrieves a property of a given name from the property cache. The property can be single-valued, or multi-valued. The property value is represented as either a variant for a single-valued property or a variant array (of VARIANT or bytes) for a property that allows multiple values.
GetEx method retrieves property values of a given attribute from the property cache. The returned property values can be single-valued or multi-valued. Unlike the Get method, the property values are returned as a variant array of VARIANT, or a variant array of bytes for binary data. A single-valued property is then represented as an array of a single element.
Put method sets the values of an attribute in the ADSI attribute cache.
PutEx method is usually used to set values on multi-value attributes. Unlike the Put method, with PutEx, you are not required to get the attribute values before you modify them.
PutEx enables you to append values to an existing set of values in a multi-value attribute using ADS_PROPERTY_APPEND. When you update, append, or delete values to a multi-value attribute, you must use an array.
Understanding the Property Cache
Once LDAP object instance is created all the values are stored in there. You need to synchronize it with LDAP in order to refresh or save back the values.
The following IADs methods serve data synchronization purposes.
GetInfo method loads into the property cache values of the supported properties of this ADSI object from the underlying directory store.
GetInfoEx method loads the values of specified properties of the ADSI object from the underlying directory store into the property cache.
SetInfo method saves the cached property values of the ADSI object to the underlying directory store.
Note that you can selectively download property value but you can’t selectively upload it back.
Code examples
The examples below is based on the assumption that we successfully retrieved or created an instance of User Account object.
Note. You need to be logged in as an authorized person to successfully execute the script.
How to modify User Account attributes in Active Directory (Excel/VBA source code)
objUser.Put "givenName", "John"
objUser.Put "sn", "Doe"
objUser.Put "displayName", "John Doe"
'Submit
boolRC = SubmitInfo(objUser)
If Not boolRC Then
'Error occurred
End If
objUser.Put "mail", "user01" & "@" & "company01.com"
objUser.Put "physicalDeliveryOfficeName", "City Street Building Floor Desk"
objUser.PutEx 3, "otherHomePhone", Array("(111) 222-3333")
'Submit
boolRC = SubmitInfo(objUser)
If Not boolRC Then
'Error occurred
End If
'
'
Private Function SubmitInfo(ByRef objLDAPRecord)
Dim boolRC
On Error Resume Next
objLDAPRecord.SetInfo
boolRC = (Err.Number <> 0)
On Error GoTo 0
If boolRC Then
SubmitInfo = False
Else
SubmitInfo = True
End If
End Function
References
Active Directory Schema Terminology
