The following examples set the last name (sn)
attribute for the jsmith user object.
Open ADSI Edit.
If an entry for the naming context you want to browse is not already displayed, do the following:
Right-click on ADSI Edit in the right pane and click Connect to . . .
Fill in the information for the naming context, container, or OU you want to add an object to. Click on the Advanced button if you need to enter alternate credentials.
In the left pane, browse to the container or OU that contains the object you want to modify. Once you’ve found the object, right-click on it and select Properties.
Edit the
snattribute.Enter
Smithand click OK.Click Apply.
Create an LDIF file called modify_object.ldf with the following contents:
dn: cn=jsmith,cn=users,dc=rallencorp,dc=com changetype: modify add: givenName givenName: Jim -
then run the following command:
> ldifde -v -i -f modify_object.ldf
You can modify a limited number of object types with the
dsmod command. Run dsmod /?
from a command line for more details.
If the parent container of the object you want to modify has a lot of objects in it, you may want to add a new connection entry for the DN of the target object. This will be easier than trying to hunt through a container full of objects. You can do this by right-clicking ADSI Edit and selecting Connect to. Under Connection Point, select Distinguished Name and enter the DN of the object.
For more on ldifde, see Recipe 4.25.
As of the publication of this book, the only types of objects you can
modify with dsmod are computer, contact, group,
ou, server, quota and user.
If you need to do anything more than simple assignment or replacement
of a value for an attribute, you’ll need to use the
PutEx method instead of Put.
PutEx allows for greater control of assigning
multiple values, deleting specific values, and appending values.
PutEx requires three parameters: update flag,
attribute name, and an array of values to set or unset. The update
flags are defined by the
ADS_PROPERTY_OPERATION_ENUM collection and listed
in Table 4-3. Finally, SetInfo
commits the change. If SetInfo is not called, the
creation will not get committed to the domain controller.
Table 4-3. ADS_PROPERTY_OPERATION_ENUM
|
Name |
Value |
Description |
|---|---|---|
|
ADS_PROPERTY_CLEAR |
1 |
Remove all value(s) of the attribute. |
|
ADS_PROPERTY_UPDATE |
2 |
Replace the current values of the attribute with the ones passed in. This will clear any previously set values. |
|
ADS_PROPERTY_APPEND |
3 |
Add the values passed into the set of existing values of the attribute. |
|
ADS_PROPERTY_DELETE |
4 |
Delete the values passed in. |
In the following example, each update flag is used while setting the
otherTelephoneNumber attribute:
strObjectDN = "cn=jsmith,cn=users,dc=rallencorp,dc=com"
const ADS_PROPERTY_CLEAR = 1
const ADS_PROPERTY_UPDATE = 2
const ADS_PROPERTY_APPEND = 3
const ADS_PROPERTY_DELETE = 4
set objUser = GetObject("LDAP://" & strObjectDN)
' Add/Append two values
objUser.PutEx ADS_PROPERTY_APPEND, "otherTelephoneNumber", _
Array("555-1212", "555-1213")
objUser.SetInfo
' Now otherTelephoneNumber = 555-1212, 555-1213
' Delete one of the values
objUser.PutEx ADS_PROPERTY_DELETE, "otherTelephoneNumber", Array("555-1213")
objUser.SetInfo
' Now otherTelephoneNumber = 555-1212
' Change values
objUser.PutEx ADS_PROPERTY_UPDATE, "otherTelephoneNumber", Array("555-1214")
objUser.SetInfo
' Now otherTelephoneNumber = 555-1214
' Clear all values
objUser.PutEx ADS_PROPERTY_CLEAR, "otherTelephoneNumber", vbNullString
objUser.SetInfo
' Now otherTelephoneNumber = <empty>Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
