I have any account in Windows Active Directory that i have to activate the tab UNIX Attribute in powershell.

 

When I activate the manually, the other fields can be updated. I write a script in powershell that set the Fields: NIS Domain, Login Shell, Home Directory and Primary group name/GID

 

Whe i set the NIS Domain manually, with GUI, the other fields can be appear. I notice that the fiels uid, uidnumber, unixUserPassword and msSFUName are updated too with the interface GUI.

 

I need to update the uidnumber, but i dont want passa anything? How the GUI updated this and how i need to do for my script do similar.

 

Bests regards,

I do not think that you need to update per user for the unix attribute.

Please look at this http://support.microsoft.com/kb/921913.

Once this is enabled the ADSI value should be available via powershell to edit. 

A simple way would be to use the following script. 

$DOMAIN = "dc=domain,dc=com"
$username = "user"
$uidnumber = "uidnumber"
$ads = New-Object System.DirectoryServices.DirectorySearcher([ADSI]"LDAP://$domain")
$ads.filter = "(&(objectClass=Person)(samAccountName=$username))"
$s = $ads.FindOne()
$dn = $s.GetDirectoryEntry().DistinguishedName
#Search ADSI for user
$ouser = [adsi]"LDAP://$dn"
$ouser.psbase.InvokeSet("uidNumber",$uidnumber) 
$ouser.psbase.CommitChanges() 

Hi Mickey,

The user account before update:

If I selecte NIS Domain, the image is updated to:

Anything is realized with GUI, I notice that the GUI also updated the fields: uid, uidnumber, unixUserPassword and msSFUName

But if I used powershell to set another fields, this listed fields do not updated. It seem like anything that is executed (SelectedIndexChange on the combobox NIS Domain ou event in a OK button), that update the fields uid, uidnumber, unixUserPassword and msSFUName.

This is the code that I used.

Clear-Host
Remove-Variable -Name * -Force -ErrorAction SilentlyContinue
Import-Module ActiveDirectory

Write-Host "$(get-date) Start of script"

$usuarios = Get-ADUser -Filter * -SearchBase "OU=Users,OU=City,OU=Region,DC=domain,DC=com"
 -Properties:*
foreach($usr in $usuarios)
{
    # NIS Domain        
    if ($usr.mssfu30nisdomain -eq $null)
    {
        Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{mssfu30nisdomain = "domain"}
        Write-Host "$(get-date) Alter user ($($usr.SamAccountName)) [NIS Domain] from 'NULL' to domain"
    }
   
    # Login Shell                
    if ($usr.loginshell -eq $null)
    {
        Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{loginshell="/bin/ksh"} 
        Write-Host "$(get-date) Alter user ($($usr.SamAccountName)) [Login Shell] from $($usr.loginshell) to /bin/ksh"
    }
    
    # Home Directory
    if ($usr.unixhomedirectory -eq $null)
    {
        Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{unixhomedirectory="/home/$($usr.SamAccountName.ToLower())"} 
        Write-Host "$(get-date) Alter user ($($usr.SamAccountName)) [Home Directory] from 'NULL' to /home/$($usr.SamAccountName.ToLower())"
    }
    
    # Primary group name/GID
    if ($usr.gidnumber -ne $null)
    {
        if ($usr.gidnumber -ne 200)
        {
            Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{gidnumber="200"} 
            Write-Host "$(get-date) Alter user ($($usr.SamAccountName)) [Primary group name/GID] from $($usr.gidnumber) to 200"
        }
    }
    else
    {
        Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{gidnumber="200"} 
        Write-Host "$(get-date) Alter user ($($usr.SamAccountName)) [Primary group name/GID] from 'NULL' to 200"
    }
}    
Write-Host "$(get-date) End of script"

The field uidnumber is the most importante to mee, but I don't know the value that is stored in the Active Directory, and I can't see the value in the powershell properties.

So if you follow my method you can modify the UID number.

Put my code into a foreach statement and it will work.  I have tested it here and it updates the field.  Let me know if you need help with the code and I will try and write something up for you.  You will need to change it a little bit but for the most part, it will work fine.

Hi Mickey,

I know modify the uidnumber, in your case you are passing uidnumber as "uidnumber".

I don't have the value of uidnumber, I need to use anything, function, like the GUI of ActiveDirectory use to generate the uidnumber when I select NIS Domain.

Do you know what function or algorithm that the GUI use to generate this ?

In GUI of Active Directory do this, but set the value of NIS Domain don't generate the uidnumber.

Best regards

The UID number is incremented on GUI of Active Directory and the value is stored at:

So i modify the script to:

1. Get the next value o UID number

$NIS = Get-ADObject "CN=domai,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,dc=domain,dc=com" -Properties:*

2. Set the value to uidnumber attribute

Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{uidnumber = "$($NIS.msSFU30MaxUidNumber)"}   

3. Increment the value of the next UID number

Set-ADObject $NIS -Replace @{msSFU30MaxUidNumber = "$($NIS.msSFU30MaxUidNumber + 1)"}

This work fine and solve my problem.

Best regards,

Italo, one of the most helpful posts I've ever seen. Thank you!

A question for you or anyone else following this topic. 

This "msSFU30DomainInfo" object has both the msSFU30MaxUidNumber & msSFU30MaxGidNumber counters in it's properties. In my domain they are only 3 digits apart.

How do I keep from applying a used GidNumber to a UidNumber? Or does it matter?
For most of our NIS groups we are using a "User Private Groups" setup that is supposed to have the same value for both the GID and the UID, but I'm still curious. 

I put that in my script but all it did was increment the UID by one but they all still have the same UID, they need to have different UID's, how can i make that happen?