AD.Account.SetProperty
Top  Previous  Next


Sets / edits global user account properties

Use AD.Account.CopyProperties to copy multiple properties from one user account to another.

Category
Active Directory

Script section
All

AD.Account.SetProperty AccountADPath, [$]PropertyName, Value

AccountADPath
Full AD path to account  
 
If the common name contains a comma (example cn = Smith, Steve), the comma must be preceded with a backslash and the cn must be surrounded by quotes. Example:  
AD.Account.SetProperty %ADOUPath%/cn="Smith\, Steve",UserPrincipalName,Steve.Smith@acme.com  

PropertyName
Name of property to set, see table 1 below  
 
Put a "$" character in front of the property name to bypass the syntax checker in order to modify AD properties unknown by SetupBatcher.  
 
Notice: some properties (like logon hours) can only be set by AD.Account.CopyProperties  

Value
New value for property, leave value blank to delete the property  
 
The error message "A constraint violation occurred" often means that there are too many characters in the property value.  

Table 1 - properties known by SetupBatcher
PropertyName
Property in AD
Comment
UserPrincipalName
Account / User logon name
Notice: unlike when the UPN is entered in MMC / "Active Directory Users and Computers", the complete UPN most be specified, example: "bill@microsoft.com".
samAccountName
Account / User logon name (pre-Windows 2000)
Can also be modified with Account.Rename.
PWMustChange
Account / User must change password at next logon
Flag, value = "Yes" or "No"
PWNeverExpires
Account / Password never expires
Flag, value = "Yes" or "No"
PWReversibleEncryption
Account / Store password using reversible encryption
Flag, value = "Yes" or "No"
AccountDisabled
Account / Account is disabled
Flag, value = "Yes" or "No"
SmartCardRequired
Account / Smart card is required for interactive logon
Flag, value = "Yes" or "No"
TrustedForDelegation
Account / Account is trusted for delegation
Flag, value = "Yes" or "No"
NotDelegated
Account / Account is sensitive and cannot be delegated
Flag, value = "Yes" or "No"
DESencryption
Account / Use DES encryption for this account
Flag, value = "Yes" or "No"
DontRequireKerberosPreauth
Account / Do not require Kerberos preauthentication
Flag, value = "Yes" or "No"
AccountExpires
Account / Account Expires
YYYY-MM-DD | Never
*
CommonName
Active directory name
Notice: Commas in the common name must be preceded with a backslash. Example: "Smith\, John". (The backslash will be invisible in AD.)
StreetAddress
Address / Street   

l
Address / City

PostalCode
Address / Zip/Postal Code

PostOfficeBox
Address / P.O. Box

st
Address / State/province   

c
Address / Country/region
US = USA, NO = Norway etc.
FirstName
General / First Name

Initials
General / Initials
Maximum 6 characters
LastName
General / Last Name

FullName
General / Display Name
*
Description
General / Description
*
TelephoneNumber
General / Telephone number

EmailAddress
General / E-mail   

HomePage
General / Web page

OfficeLocations
General / Office

Company
Organization / Company

Department
Organization / Department

Title
Organization / Title

LoginScript
Profile / Logon Script
*
Profile
Profile / Profile path
*
HomeDrive
Profile / Home folder
*
HomeDirectory
Profile / Home folder
*
TelephoneHome
Telephones / Home

TelephoneMobile
Telephones / Mobile

FaxNumber
Telephones / Fax

TelephonePager
Telephones / Pager



*) Can also be set/modified with Account.Create or Account.Edit         

Tips
·Use the SetupBatcher script wizard to get started with the syntax.  
·Set properties in "active directory users and computers" and then use SetExplorer to see what actually changes, see How to compare all properties for two accounts.  
·Use dsacls.exe to manipulate AD security attributes.  

Examples
1) Set UserPrincipalName to "niceguy@acme.com" for account with CommonName "steve" in the users container of domain d09.acme.com

AD.Account.SetProperty dc=com/dc=acme/dc=D09/cn=users/cn=steve, UserPrincipalName, niceguy@acme.com         

2) Set UPN to value of column 5 in the [data] section + "@acme.com" for account with CommonName in column 2 in the [data] section in the users container of domain d09.acme.com

AD.Account.SetProperty dc=com/dc=acme/dc=D09/cn=users/cn=%col2%, UserPrincipalName, %col5%@acme.com

3) Set Last Name to value of column 7 in the [data] section for account with CommonName in column 2 in the [data] section in the myOU OU of domain d09.acme.com

AD.Account.SetProperty dc=com/dc=acme/dc=D09/ou=myOU/cn=%col2%,LastName,%col7%