Summary: Microsoft Scripting Guy, Ed Wilson, shows how to use Windows PowerShell to standardize user titles and descriptions in Active Directory Domain Services (AD DS).

Microsoft Scripting Guy, Ed Wilson, is here. Well, the weather in Charlotte, North Carolina, has certainly turned—it’s cold outside, gray, and our friends just a few miles north of us are shoveling snow. Some of this is the aftermath of Hurricane Sandy I imagine, but then I only had one course in weather-guessing at the university, so I am not really qualified to say.

Tonight, the Charlotte Windows PowerShell user group meets at the Microsoft office, and the Scripting Wife is chomping at the bit to head out armed with her new Windows Surface. It does have Windows PowerShell on it, so it is an appropriate device to take to the group meetings. You can still sign up for the meeting if you happen to be in the area. We will have a mini Scripting Games event planned, and it will be a blast!

I am qualified to say that Windows PowerShell 3.0 absolutely rocks, and, yet, what I am doing today is basically the same as what would be accomplished with Windows PowerShell 2.0.

Note   This is the third in a series of posts about creating a test Active Directory environment. On Tuesday, I began the series with the Create Test Users in a Test Active Directory Environment by Using PowerShell post, where I wrote a script to create a test organizational unit with 100 test user accounts. On Wednesday, I wrote Use PowerShell to Modify Existing User Accounts in Active Directory, where I talked about using existing user information to create new information such as email addresses and personal web page URLs. You should refer to those articles prior to reading today’s article.

Finding and correcting wayward job titles in AD DS

One of the great things about storing user information in Active Directory Domain Services (AD DS) is that it becomes a centralized repository of user information. The problem is that if you search for a “Senior Network Engineer” in the Global Address List in Outlook and some folks have the title “Sr. Network Engineer,” then the search fails to find some of the engineers.

Tuesday’s blog article described the situation in great detail, and I spent the last couple of days setting up a test environment. Today, I will search a particular organizational unit in the test domain for the following permutations of the Senior Network Engineer job title, and I will change them all to read as “Senior Network Engineer.” The different ways of expressing the title appear here.

 Sr. NetEng

 SR. NetEng

 Senior NetEng

 Sr. Network Engineer

 sr. network engineer

 sr. neteng

 Senior Network Engineer

 Sr. Net Eng

 SR NET ENG

 SR. NETENG

To ensure that you have complete coverage of the different ways the title is expressed, use the Get-ADUser cmdlet to search the desired organizational unit and group the titles. A command that accomplishes this is shown here. I will also use this command following the modifications to ensure the script works as required.

PS C:\> Get-ADUser -SearchBase 'ou=testou,dc=iammred,dc=net' -Filter * -Properties title | group title -NoElement

 Count Name                    

----- ----                    

   11 Senior NetEng           

   39 SR. NETENG              

    6 Senior Network Engineer 

   17 Sr. Net Eng             

   23 Sr. Network Engineer    

    4 SR NET ENG              

I create a $title variable and assign an array of inconsistent titles I discovered from running the previous command. I do not add the Senior Network Engineer title to the array because there is no need to change it for the six instances it already occurs in the Active Directory. Here is the array I use.

$title = @(

 'Sr. NetEng',

 'SR. NetEng',

 'Senior NetEng',

 'Sr. Network Engineer',

 'sr. network engineer',

 'sr. neteng',

 'Sr. Net Eng',

 'SR NET ENG',

 'SR. NETENG')

Next, I create a variable to hold the new title I will use. This new title is “Senior Network Engineer. The variable and value assignment is shown here.

$newtitle = 'Senior Network Engineer'

Now, I import the Active Directory module, and I use the Get-ADUser cmdlet to search the organizational unit containing the users that have the inconsistent titles. I use a wildcard for the filter, and specifically choose the Title and the Description properties to return with the search results. This portion of the script is shown here.

Get-ADUser -SearchBase 'ou=testou,dc=iammred,dc=net' -Filter * `

   -Properties Title, Description

The returned user objects are piped to the Foreach-Object cmdlet. In process scriptblock of the Foreach-Object cmdlet (process is the default parameter of the Foreach-Object cmdlet and is commonly omitted from the command itself), I use the if statement to see if the array of inconsistent titles contains the current user's title. The contains operator is case-insensitive and will, therefore, match both Sr NetEng as well as SR NETENG. What would not be matched is SENIOR NETWORK ENGINEER, but my previous command revealed that was not a possibility, and, therefore, I decided to do a case-insensitive search instead of a case-sensitive search. This portion of the code is shown here.

Foreach-Object {

    if ($title -contains $_.title) 

If a match occurs, I use the Set-ADUser cmdlet to assign the new title stored in the $newtitle variable to both the title and to the description attributes in Active Directory. Luckily, both of these attributes are settable through a direct parameter, and, therefore, the process is simple. This line of code is shown here.

Set-ADUser -identity $_ -Title $newtitle -Description $newtitle

The complete SetStandardADTitle.ps1 script is shown here.

# -----------------------------------------------------------------------------

# Script: SetStandardADTitle.ps1

# Author: ed wilson, msft

# Date: 10/30/2012 11:54:48

# Keywords: Active Directory, User Accounts

# comments:

# HSG-11-1-2012

# -----------------------------------------------------------------------------

$title = @(

 'Sr. NetEng',

 'SR. NetEng',

 'Senior NetEng',

 'Sr. Network Engineer',

 'sr. network engineer',

 'sr. neteng',

 'Sr. Net Eng',

 'SR NET ENG',

 'SR. NETENG')

 

$newtitle = 'Senior Network Engineer'

Import-Module ActiveDirectory

Get-ADUser -SearchBase 'ou=testou,dc=iammred,dc=net' -Filter * `

   -Properties Title, Description |

   Foreach-Object {

    if ($title -contains $_.title)

       {

        Set-ADUser -identity $_ -Title $newtitle -Description $newtitle

       }

   }

Finally, I use the up arrow from the Windows PowerShell ISE command/output window to recall my previous command and ensure the script worked as desired.

PS C:\> Get-ADUser -SearchBase 'ou=testou,dc=iammred,dc=net' -Filter * -Properties title | group title -NoElement

Count Name                    

----- ----                    

  100 Senior Network Engineer 

I see it worked. Cool …

Active Directory week will continue tomorrow when I will talk about setting user location information with Windows PowerShell.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy