3

I am trying to work with a custom attribute in an AD LDS instance that I did not create, using the Active Directory Module for PowerShell. Unfortunately, the cmdlets Get-ADObject and Set-ADObject are not returning the results I expected. In fact, any parameters using PowerShell language are not working on this attribute. The custom attribute has an LDAP display name of 'jenzabar-ICSNET-GenericFlags'.

Get-ADObject returns no results if I use the custom attribute in my Where-Object parameter, even though I know that there are plenty of objects with this custom attribute set to this value:

Get-ADObject -Server 'localhost:389' -SearchBase 'CN=Academics,CN=Portal,O=Jenzabar,C=US' | Where-Object {$_.'jenzabar-ICSNET-GenericFlags' -eq '1'

However, if I use the custom attribute in a filter parameter then I see the expected list of results:

Get-ADObject -Server 'localhost:389' -SearchBase 'CN=Academics,CN=Portal,O=Jenzabar,C=US' -Filter 'jenzabar-ICSNET-GenericFlags -eq 1'

Additionally, if I use that query and I select the jenzabar-ICSNET-GenericFlags from the results then even though I get results, the column showing the custom attribute is empty. The column doesn't even show brackets {}, as though I had selected an unknown attribute. There's nothing in the column at all.

Finally, Set-ADObject used to replace the value of the custom attribute seems to fail silently. This query produces no error or other message, but fails to modify the custom attribute:

Set-ADObject -Server 'localhost:389' -Identity 'CN=Overview,OU=Pages,CN=2014 JA-WTC  600-05,CN=WTC  600,CN=WTC,CN=Academics,CN=Portal,O=Jenzabar,C=US' -Replace @{'jenzabar-ICSNET-GenericFlags'='0'}

I know there must be some rule about what kinds of attributes I can use the Get-ADObject and Set-ADObject cmdlets on, but I don't know what the rules are. I don't know how to determine what kind of attribute this custom attribute is. The Active Directory Schema is not installed.

Thanks in advance.

MasterOfNone
  • 174
  • 1
  • 8

1 Answers1

5

Get-ADObject only returns a subset of attributes from Active Directory.

You can speficy additional attributes with the Properties parameter:

$ADObjectSplat = @{
    Server     = 'localhost:389'
    SearchBase = 'CN=Academics,CN=Portal,O=Jenzabar,C=US'
    Properties = 'jenzabar-ICSNET-GenericFlags'
}
Get-ADObject @ADObjectSplat | Where-Object { $_.'jenzabar-ICSNET-GenericFlags' -eq 1 }
Mathias R. Jessen
  • 24,907
  • 4
  • 62
  • 95
  • Thank you very much for your help with this. This worked with a little modification. I needed semicolons after each parameter listed in the variable. For example: Server = 'localhost:389'; Searchbase etcetera. You may want to edit your post to insert those.Also, since you don't have a -Filter specified in the variable or the Get-ADObject command, I was prompted for it. You might want to put Filter = * in the variable. But this worked, so thanks. Finally, I don't know why, but the same Set-ADObject I tried to use before is working now, and with your Get-ADObject solution I am good. – MasterOfNone Aug 03 '15 at 16:12
  • Yes, this was just an example to convey the idea of using the `Properties` parameter, glad you figured out how to use it on your own. You can put the `Filter` parameter into the splatting hashtable if you like, or use it regularly alongside it :) – Mathias R. Jessen Aug 03 '15 at 16:44