1

HI All

so i updated all my users fields in AD using a cool script but for some reason 1 field wont update and its driving me nuts! The field that will not update is manager. whats even worse, is if something is in the field already and we are wanting to change it, it removes whats in there and doesn’t replace it with anything!!! Please help :frowning:

so here’s my script

Import-module ActiveDirectory
$users = Import-Csv "C:\test\ChangesTest.csv"
foreach ($user in $users) {
    $props = @{
    
        identity    = $user.samaccountname
        
        givenName                       = if($user.givenName                      ){$user.givenName                      }else{$null}
        surname                         = if($user.surname                        ){$user.surname                        }else{$null}
        office                          = if($user.Office                         ){$user.Office                         }else{$null}
        department                      = if($user.Department                     ){$user.Department                     }else{$null}
	manager				= if($user.manager			  ){$user.manager                        }else{$null}	
        company				= if($user.GradeName			  ){$user.GradeName			 }else{$null}
        Title                           = if($user.Title                          ){$user.Title	 			 }else{$null}
		
    }
    set-aduser @props -verbose 
}

heres the fields i have in the CSV:

grab.png
grab.png718×26 1.46 KB

any ideas??

3 Spice ups
2

What value is stored in the Manager field in the csv? I use the manager’s sAMAccountName, if you are using a different value perhaps the script is unable to interpret/apply that value correctly.

In light of the next two responses I’m going to clarify a little. I query the manager’s AD account and store that as an object $Supervisor, then apply $Supervisor.sAMAccountName to the employee’s Manager field.

1 Spice up
3

Manager is not entered as a standard string. You need to update it with the DistinguishedName value of the Manager ADUser if I am not mistaken. When you enter this in the GUI, you select a manager, not type one as plain text like most of the other GUI fields.

1 Spice up
4

I used the managers samaccountname in the actual field it wouldn’t let me import it as firstname surname it errorered… so i figured when it didnt error samaccount must be what it wanted. Im not a wiz kid when it comes to powershell so your going to have to bear with me here… Im not sure how to store something as an object in a script :confused:

distinguished name Brian do you mean the attribute? Manager is the attribute i already checked that. when your entering it into ad manually its under manager : name…

sorry guys any other suggestions?

5

Have you tried something like

Get-aduser -identity testuser -properties manager

to see if it displays information. You can pipe that into something like | GM and it should help you figure out how to write the manager field back with set-aduser

*written from mobile so I was not able to test my code it could be completely borked.

6

what if you try to set the manager?

Import-module ActiveDirectory
$users = Import-Csv "C:\test\ChangesTest.csv"
foreach ($user in $users)
 {
 Try{
 $ErrorActionPreference='stop'
    set-aduser $user.samaccountname -manager $user.manager -whatif
    } 
    Catch{
    Write-Warning "$error[0] $_"
    }
}
7

You cannot populate the ADUser Manager field with a SamAccountName. It has to be the DistinguishedName.

$Manager = Get-ADUser $ManagerSamAccountName | Select -ExpandProperty DistinguishedName
Set-ADUser $User -Manager $Manager
8

I think to fit this into your code without updating manager outside of your existing code, it would look like this:
Replace:

{$user.manager                        }

With:

{(Get-ADUser $user.manager | Select -ExpandProperty DistinguishedName)                     }
9

Sorry but unless there’s a bug I’m not aware of the help docs disagree with you…

SetADUser.png
SetADUser.png800×374 92.2 KB
1 Spice up
10

ah ok thanks Brian I will give that a go tomorrow and let you know how i get on Thank you!

11

Also, check your csv file for something silly like superfluous spaces before or after the value. This is much more likely if you’re using Excel to manage your .csv file than if you’re using a text editor like Notepad++. I can’t tell you how many times scripts fail to produce the desired result because the source data is bad.

Here is a trimmed excerpt from my create new user script. As part of the input I am asking the operator to provide the name of the new user’s manager, and I use that value in a Get-ADUser call and store the object as $Supervisor. Later on I use that object to return the manager’s sAMAccountName and write it to the new employee’s Manager field.

$Supervisor = Get-ADUser $SupervisorIDTextBox.Text -Properties Mail,Name

New-ADUser -Manager $Supervisor.sAMAccountName -SamAccountName $UserID
12

Maybe it was an issue in the past? Not trying to be nasty or anything but I did literally test it on an account a minute ago and it 100% works for me…

$Me = Get-ADUser -Identity "fhagyard"
Set-ADUser -Identity "testuser" -Manager $Me.SamAccountName
13

I just figured out exactly why I always used DistinguishedName. If you are just running set-aduser $user -Manager bob.smith then it will work. But, if you run set-aduser $user -Replace @{“manager”=“bob.smith”} it will fail because -Replace wants the DistinguishedName. If you are replacing values, then this is why the SamAccountName fails.

14

I just tested this, too. It is when you use -Replace that you have to use the DistinguishedName. When you use -Manager and specify the SamAccountName, it resolves that SamAccountName to a DistinguishedName and updates the value (if I am paraphrasing that correctly). I am not sure what method the original poster is using, but I suspect it is -Replace or some other method that does not resolve the SamAccountName to a DistinguishedName.

More info here:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/73f1013c-daf0-484e-a5c6-19ce7697c7a2/unable-to-update-manager-ad-attribute?forum=winserverDS

15

What is the error message? What format is the manager in the CSV ?

You should be able to set the manager with samaccountname (i just tried and it works for me)

Set-ADUSer $user -manager $SamaccountnameOfManager
1 Spice up
16

thank you! would you credit it i edited my CSV file in notepad++ and low and behold there was a dam space after manager! DOH!

@kirkireton

1 Spice up
17

Nice! Sometimes you need to go back to the starting point and verify all your assumptions. Been stuck there myself many times.

Something I put into all my scripts is a little function I call TrimSpaces()
I don’t have the exact code right now, but in essence I loop through the input string continuously and replace any instance of two spaces with a single space, until there are no more double spaces. Then I do a left trim and a right trim to remove any leading or trailing spaces too. This let’s me be reasonably assured my input data is clear if extra spaces.
I have two common uses for it: 1) any time I accept direct user input, and 2) a database query that returns a value with trailing spaces.