Set-ADUser

This is the built-in help made by Microsoft for the command 'Set-ADUser', in PowerShell version 3 - as retrieved from Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Modifies an Active Directory user.

SYNTAX

Set-ADUser [-Identity] <ADUser> [-AccountExpirationDate <DateTime>] [-AccountNotDelegated <Boolean>] [-Add <Hashtable>]
[-AllowReversiblePasswordEncryption <Boolean>] [-AuthType <ADAuthType>] [-CannotChangePassword <Boolean>] [-Certificates <Hashtable>]
[-ChangePasswordAtLogon <Boolean>] [-City <String>] [-Clear <String[]>] [-Company <String>] [-CompoundIdentitySupported <Boolean>] [-Country
<String>] [-Credential <PSCredential>] [-Department <String>] [-Description <String>] [-DisplayName <String>] [-Division <String>]
[-EmailAddress <String>] [-EmployeeID <String>] [-EmployeeNumber <String>] [-Enabled <Boolean>] [-Fax <String>] [-GivenName <String>]
[-HomeDirectory <String>] [-HomeDrive <String>] [-HomePage <String>] [-HomePhone <String>] [-Initials <String>] [-KerberosEncryptionType
<ADKerberosEncryptionType>] [-LogonWorkstations <String>] [-Manager <ADUser>] [-MobilePhone <String>] [-Office <String>] [-OfficePhone
<String>] [-Organization <String>] [-OtherName <String>] [-Partition <String>] [-PassThru [<SwitchParameter>]] [-PasswordNeverExpires
<Boolean>] [-PasswordNotRequired <Boolean>] [-POBox <String>] [-PostalCode <String>] [-PrincipalsAllowedToDelegateToAccount <ADPrincipal[]>]
[-ProfilePath <String>] [-Remove <Hashtable>] [-Replace <Hashtable>] [-SamAccountName <String>] [-ScriptPath <String>] [-Server <String>]
[-ServicePrincipalNames <Hashtable>] [-SmartcardLogonRequired <Boolean>] [-State <String>] [-StreetAddress <String>] [-Surname <String>]
[-Title <String>] [-TrustedForDelegation <Boolean>] [-UserPrincipalName <String>] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]
Set-ADUser [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-PassThru [<SwitchParameter>]] [-SamAccountName <String>] [-Server <String>]
-Instance <ADUser> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]

Search powershellhelp.space

DESCRIPTION

The Set-ADUser cmdlet modifies the properties of an Active Directory user. You can modify commonly used property values by using the cmdlet
parameters. Property values that are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear and Remove
parameters.


The Identity parameter specifies the Active Directory user to modify. You can identify a user by its distinguished name (DN), GUID, security
identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the Identity parameter to an object variable such as
$<localUserObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADUser cmdlet
to retrieve a user object and then pass the object through the pipeline to the Set-ADUser cmdlet.


The Instance parameter provides a way to update a user object by applying the changes made to a copy of the object. When you set the Instance
parameter to a copy of an Active Directory user object that has been modified, the Set-ADUser cmdlet makes the same changes to the original
user object. To get a copy of the object to modify, use the Get-ADUser object. The Identity parameter is not allowed when you use the Instance
parameter. For more information about the Instance parameter, see the Instance parameter description. For more information about how the
Instance concept is used in Active Directory cmdlets, see about_ActiveDirectory_Instance.


Accounts created with the New-ADUser cmdlet will be disabled if no password is provided.


The following examples show how to modify the Manager property of a user object by using three methods:


-By specifying the Identity and the Manager parameters


-By passing a user object through the pipeline and specifying the Manager parameter


-By specifying the Instance parameter.


Method 1: Modify the Manager property for the "saraDavis" user by using the Identity and Manager parameters.


Set-ADUser -Identity "saraDavis" -Manager "JimCorbin"


Method 2: Modify the Manager property for the "saraDavis" user by passing the "saraDavis" user through the pipeline and specifying the Manager
parameter.


Get-ADUser -Identity "saraDavis" | Set-ADUser -Manager "JimCorbin"


Method 3: Modify the Manager property for the "saraDavis" user by using the Windows PowerShell command line to modify a local instance of the
"saraDavis" user. Then set the Instance parameter to the local instance.


$user = Get-ADUser -Identity "saraDavis"


$user.Manager = "JimCorbin"


Set-ADUser -Instance $user.


For AD LDS environments, the Partition parameter must be specified except in the following two conditions:


-The cmdlet is run from an Active Directory provider drive.


-A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment,
set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.

<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkID=219345
Get-ADUser
New-ADUser
Remove-ADUser
Set-ADAccountControl

REMARKS

<

Examples