Modify attributes of an object in Active Directory. Supported are both Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS).
Syntax
Set-QADObject [[-Identity] <IdentityParameter>] [-ObjectAttributes <ObjectAttributesParameter>] [-Description <String>] [-DisplayName <String>]
[-ExcludedProperties <String[]>] [-IncludedProperties <String[]>] [-DeserializeValues] [-UseDefaultExcludedProperties]
[-UseDefaultExcludedPropertiesExcept <String[]>] [-Proxy] [-Service <String>] [-ConnectionAccount <String>]
[-ConnectionPassword <SecureString>] [-Credential <PSCredential>] [-Connection <ArsConnection>] [-UseGlobalCatalog] [-WhatIf] [-Confirm]
The cmdlet has optional parameters that determine the server and the security context for the operation. The connection parameters could be omitted since a connection to a server is normally established prior to using this cmdlet. In this case, the server and the security context are determined by the Connect- QADService cmdlet. If you do not use Connect-QADService and have no connection established prior to using a cmdlet, then the connection settings, including the server and the security context, are determined by the
connection parameters of the first cmdlet you use. Subsequent cmdlets will use those settings by default.
The connection parameters include: Proxy, Service, ConnectionAccount,
ConnectionPassword, Credential, Connection, and UseGlobalCatalog. For parameter descriptions, see the “Connect-QADService” section earlier in this document.
Parameters
Identity
Specify the DN, SID, GUID, UPN or Domain\Name of the object whose attributes you want to modify. This parameter is optional since you can pipe into this cmdlet the object returned by a Get- cmdlet, to have that object identify the object to act upon.
Description
Specify a string value you want to assign to the "Description" attribute of the object.
DisplayName
Specify a string value you want to assign to the "Display Name" attribute of the object.
ObjectAttributes
Specify an associative array that defines the attributes to set. The array syntax:
@{attr1='val1';attr2='val2';...}
In this syntax, each of the key-value pairs is the LDAP display name and the value of an attribute to set. Thus, passing the @{title='Associate';l='Paris'} array to the ObjectAttributes parameter causes the cmdlet to set the "Job Title" attribute to "Associate" and the "City" attribute to "Paris".
For information about associative arrays, type the following command at the PowerShell command-prompt:
help about_associative_array
ExcludedProperties
Use this parameter to specify the attributes that you do not want the cmdlet to update in the directory. Supply a list of the attribute LDAP display names as the parameter value. You could use this parameter when importing attribute values from a text file, in order to prevent some attributes found in the file from being set in the directory.
IncludedProperties
Use this parameter to specify explicitly the attributes that you want the cmdlet to update in the directory. Supply a list of the attribute LDAP display names as the parameter value. When used together with UseDefaultExcludedProperties, this parameter allows you to have the cmdlet update some attributes that would not be updated otherwise.
Note: If a particular attribute is listed in both ExcludedProperties and
IncludedProperties, the cmdlet does not set the value of that attribute the directory.
DeserializeValues
Supply this parameter on the command line if the input you pass to the cmdlet contains serialized attribute values (for instance, when importing a directory object from a text file that was created using the Serialize parameter). For examples of how to export and import an object, see help on the Get- QADUser cmdlet.
UseDefaultExcludedProperties
When set to 'true', this parameter causes the cmdlet not to update a certain pre-defined set of attributes in the directory. This pre-defined set of attributes (referred to as "default excluded properties") can be viewed or modified by using the Get- or Set-QADPSSnapinSettings cmdlet, respectively.
UseDefaultExcludedPropertiesExcept
This parameter is deprecated, and has no effect.
WhatIf
Describes what would happen if you executed the command, without actually executing the command.
Confirm
Prompts you for confirmation before executing the command.
Detailed Description
Use this cmdlet to change or remove values of attributes of an object in Active Directory.
Examples
Example 1
Connect to any available domain controller with the credentials of the locally logged on user, bind to a specific object by DN, and modify the description of the object:
C:\PS> set-QADObject 'CN=John
Smith,OU=CompanyOU,DC=company,DC=com' -description 'Sales person'
Example 2
Connect to a specific domain controller with the credentials of a specific user, bind to a certain object by SID, modify the description of the object, and then disconnect:
C:\PS> $pw = read-host "Enter password" -AsSecureString
C:\PS> connect-QADService -service 'server.company.com' -ConnectionAccount 'company\administrator' -ConnectionPassword $pw
C:\PS> set-QADObject -identity 'S-1-5-21-1279736177-1630491018- 182859109-1305' -description 'Service account'
C:\PS> disconnect-QADService
Example 3
Connect to the local Administration Service with the credentials of a specific user, bind to a certain object by Domain\Name, set or clear certain attributes, and then disconnect:
C:\PS> $pw = read-host "Enter password" -AsSecureString
C:\PS> connect-QADService -service 'localhost' -proxy -ConnectionAccount 'company\administrator' -ConnectionPassword $pw
C:\PS> set-QADObject -identity 'company\associates' -ObjectAttributes @{info='';description='All company associates'}
Example 4
Connect to the AD LDS instance on 'server.domain.local:389' with the credentials of the locally logged on user, bind to a specific AD LDS object by DN, and modify the description of the object:
C:\PS> set-QADObject '<DN of object>' -Service