Updating AD attributes programmatically

Question

My apologies, as I am an engineer not a sys admin, but am working with someone who is managing AD.

Current situation: We have an AD attribute that contains a longish parse-able string that contains several data elements. We'd like to break those elements into a separate attributes. For example if we have:

serverInfo: name=nameOne|xx=xx|group=group1|id=123|privilege=9;name=nameTwo|xx=yy|.....

Id like to find the name of nameOne, and extract the group, id, and privilege into separate attributes, so for this user you would have:

serverInfo: name=nameOne|xx=xx|group=group1|id=123|privilege=9;name=nameTwo|xx=yy|.....
group: group1
id: 123
privilege: 9

Given that the number of users is sufficiently large, it will need to be done programmatically.

My question is How would you go about this?

I expect answers would be "I'd right a batch file" or "I'd use xyz tool" or something like that. I am not looking for a specific solution just how one would begin to tackle this.

Answer 1

There are a number of ways you could accomplish this goal, but the most common would likely be a PowerShell script utilizing the ActiveDirectory module to:

• Query the attribute from the object(s) that contain it
• Parse the data
• Set new values for the separate attributes associated with the parsed data

This also assumes the new attributes you're trying to set already exist in your AD schema.

The user running the script would also need the appropriate permissions (or a set of credentials with permissions) within AD to read the source attribute and modify the destination attributes.