PowerShell Logo Small

Set-ADUser



This is the built-in help made by Microsoft for the command 'Set-ADUser', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Modifies an Active Directory user.

SYNTAX


Set-ADUser [-Identity] <ADUser> [-AccountExpirationDate <DateTime>] [-AccountNotDelegated <Boolean>] [-Add <Hashtable>] [-AllowReversiblePasswordEncryption <Boolean>]
[-AuthenticationPolicy <ADAuthenticationPolicy>] [-AuthenticationPolicySilo <ADAuthenticationPolicySilo>] [-AuthType {Negotiate | Basic}] [-CannotChangePassword <Boolean>]
[-Certificates <Hashtable>] [-ChangePasswordAtLogon <Boolean>] [-City <String>] [-Clear <String[]>] [-Company <String>] [-CompoundIdentitySupported <Boolean>] [-Country
<String>] [-Credential <PSCredential>] [-Department <String>] [-Description <String>] [-DisplayName <String>] [-Division <String>] [-EmailAddress <String>] [-EmployeeID
<String>] [-EmployeeNumber <String>] [-Enabled <Boolean>] [-Fax <String>] [-GivenName <String>] [-HomeDirectory <String>] [-HomeDrive <String>] [-HomePage <String>]
[-HomePhone <String>] [-Initials <String>] [-KerberosEncryptionType {None | DES | RC4 | AES128 | AES256}] [-LogonWorkstations <String>] [-Manager <ADUser>] [-MobilePhone
<String>] [-Office <String>] [-OfficePhone <String>] [-Organization <String>] [-OtherName <String>] [-Partition <String>] [-PassThru] [-PasswordNeverExpires <Boolean>]
[-PasswordNotRequired <Boolean>] [-POBox <String>] [-PostalCode <String>] [-PrincipalsAllowedToDelegateToAccount <ADPrincipal[]>] [-ProfilePath <String>] [-Remove
<Hashtable>] [-Replace <Hashtable>] [-SamAccountName <String>] [-ScriptPath <String>] [-Server <String>] [-ServicePrincipalNames <Hashtable>] [-SmartcardLogonRequired
<Boolean>] [-State <String>] [-StreetAddress <String>] [-Surname <String>] [-Title <String>] [-TrustedForDelegation <Boolean>] [-UserPrincipalName <String>] [-Confirm]
[-WhatIf] [<CommonParameters>]
Set-ADUser [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-PassThru] [-SamAccountName <String>] [-Server <String>] -Instance <ADUser> [-Confirm] [-WhatIf]
[<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-ADUser cmdlet modifies the properties of an Active Directory user. You can modify commonly used property values by using the cmdlet parameters. Property values that
are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear, and Remove parameters.


The Identity parameter specifies the Active Directory user to modify. You can identify a user by its distinguished name (DN), GUID, security identifier (SID) or Security
Accounts Manager (SAM) account name. You can also set the Identity parameter to an object variable such as $<localUserObject>, or you can pass an object through the pipeline
to the Identity parameter. For example, you can use the Get-ADUser cmdlet to retrieve a user object and then pass the object through the pipeline to the Set-ADUser cmdlet.


The Instance parameter provides a way to update a user object by applying the changes made to a copy of the object. When you set the Instance parameter to a copy of an
Active Directory user object that has been modified, the Set-ADUser cmdlet makes the same changes to the original user object. To get a copy of the object to modify, use the
Get-ADUser object. The Identity parameter is not allowed when you use the Instance parameter. For more information about the Instance parameter, see the Instance parameter
description. For more information about how the Instance concept is used in Active Directory cmdlets, type Get-Help about_ActiveDirectory_Instance.


Accounts created with the New-ADUser cmdlet will be disabled if no password is provided.


For AD LDS environments, the Partition parameter must be specified except in the following two conditions:

-- The cmdlet is run from an Active Directory provider drive.
-- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the
msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=291132
Get-ADUser
New-ADUser
Remove-ADUser
Set-ADAccountControl

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

PS C:\>Set-ADUser -Identity AntonioAl -HomePage 'http://fabrikam.com/employees/AntonioAl' -LogonWorkstations 'AntonioAl-DSKTOP,AntonioAl-LPTOP'



This command sets the user with samAccountName AntonioAL's property homepage to http://fabrikam.com/employees/AntonioAl and the LogonWorkstations property to
AntonioAl-DSKTOP,AntonioAl-LPTOP.




-------------------------- EXAMPLE 2 --------------------------

PS C:\>Get-ADUser -Filter 'Name -like "*"' -SearchBase 'OU=HumanResources,OU=UserAccounts,DC=FABRIKAM,DC=COM' -Properties DisplayName | % {Set-ADUser $_ -DisplayName
($_.Surname + ' ' + $_.GivenName)}



This command gets all the users in the directory that are located underneath the OU=HumanResources,OU=UserAccounts,DC=FABRIKAM,DC=COM organizationalUnit. The command sets
the DisplayName property on these user objects to the concatentation of the Surname property and the GivenName property.




-------------------------- EXAMPLE 3 --------------------------

PS C:\>Set-ADUser -Identity GlenJohn -Replace @{title="director";mail="glenjohn@fabrikam.com"}



This command sets the user with samAccountNAme GlenJohn's property title to director and property mail to glenjohn@fabrikam.com.




-------------------------- EXAMPLE 4 --------------------------

PS C:\>Set-ADUser -Identity GlenJohn -Remove @{otherMailbox="glen.john"} -Add @{url="fabrikam.com"} -Replace @{title="manager"} -Clear description



This command modifies the user with samAccountName GlenJohn's object by removing glen.john from the otherMailbox property, adding fabrikam.com to the url property, replacing
the title property with manager and clearing the description property.




-------------------------- EXAMPLE 5 --------------------------

PS C:\>$user = Get-ADUser -Identity GlenJohn -Properties mail,department
PS C:\> $user.mail = "glen@fabrikam.com"
PS C:\> $user.department = "Accounting"
PS C:\> Set-ADUser -Instance $user



This example sets the mail and department properties on the user object with samAccountName GlenJohn by using the Instance parameter.




-------------------------- EXAMPLE 6 --------------------------

PS C:\>$hours = New-Object byte[] 21
PS C:\> $hours[5] = 255; $hours[8] = 255; $hours[11] = 255; $hours[14] = 255; $hours[17] = 255;
PS C:\> $hours[6] = 1; $hours[9] = 1; $hours[12] = 1; $hours[15] = 1; $hours[18] = 1;
PS C:\> $replaceHashTable = New-Object HashTable
PS C:\> $replaceHashTable.Add("logonHours", $hours)
PS C:\> $replaceHashTable.Add("description", "Sarah Davis can only logon from Monday through Friday from 8:00 AM to 5:00 PM")
PS C:\> Set-ADUser -Identity "SarahDavis" -Replace $replaceHashTable



This example sets the user logon hours to Monday through Friday from 8:00 AM to 5:00 PM and adds a description. It updates the logonHours attribute with the specified byte
array and the description attribute with the specified string.




-------------------------- EXAMPLE 7 --------------------------

PS C:\>$manager = Get-ADUser -Identity GlenJohn -Server Corp-DC01
PS C:\> Set-ADUser -Identity AntonioAl -Manager $manager -Server Branch-DC02



This example sets the Manager property for user with samAccountName of AntonioAL where the manager, GlenJohn, is a user in another domain.




-------------------------- EXAMPLE 8 --------------------------

PS C:\>Get-ADUser -Identity " DavidChew" | Set-ADUser -Manager "ElisaDaugherty"



This command modifies the Manager property for the DavidChew user. The command uses the Get-ADUser cmdlet to get DavidChew user, and then passes the object to the current
cmdlet by using the pipeline operator.