Set-QADGroup
From PowerGUI Wiki
Modify attributes of a group in Active Directory. Supported are both Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS).
Contents |
Syntax
Set-QADGroup [-Identity] <IdentityParameter> [-ManagedBy <IdentityParameter>] [-Notes <String>] [-Email <String>] [-GroupType <GroupType>] [-GroupScope <GroupScope>] [-SamAccountName <String>] [-ObjectAttributes <ObjectAttributesParameter>] [-Description <String>] [-DisplayName <String>] [-ExcludedProperties <String[]>] [-IncludedProperties <String[]>] [-DeserializeValues] [-UseDefaultExcludedProperties [<Boolean>]] [-UseDefaultExcludedPropertiesExcept <String[]>] [-Proxy] [-Service <String>] [-ConnectionAccount <String>] [-ConnectionPassword <SecureString>] [-Credential <PSCredential>] [-Connection <ArsConnection>] [-UseGlobalCatalog] [-WhatIf] [-Confirm] [<CommonParameters>]
Detailed Description
Use this cmdlet to change or remove values of attributes of a group in Active Directory.
The cmdlet takes a series of optional, attribute-specific parameters allowing you to make changes to attributes in Active Directory. Thus, to modify the value of the 'description' or 'displayName' attribute, you can use the -Description or -DisplayName parameter, respectively.
If a given attribute is referred to by both the ObjectAttributes array and an attribute-specific parameter, the ObjectAttributes setting has no effect on that attribute. The cmdlet sets the attribute to the value specified by the attribute-specific parameter.
The cmdlet has optional parameters that determine the server and the security context for the operation. Normally, the connection parameters could be omitted so far as a connection to a server is established prior to using the cmdlet. In this case, the server and the security context are determined by the Connect-QADService cmdlet.
If you do not use Connect-QADService and have no connection established prior to using a cmdlet, then the connection settings, including the server and the security context, are determined by the connection parameters of the first cmdlet you use. Subsequent cmdlets will use those settings by default.
Related Commands
Parameters
| Name | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|
| Identity | Specify the DN, SID, GUID, or Domain\Name of the group you want to modify.
This parameter is optional since you can pipe into this cmdlet the object returned by the Get-QADGroup cmdlet, to have that object identify the group to act upon. The first argument on the cmdlet is assumed to be the value of the -Identity parameter when no parameter name is specified. | true | true (ByValue) | |
| ManagedBy | Set or clear the 'managedBy' attribute. Parameter value can be the DN, SID, GUID, UPN or Domain\Name of a user or group. | false | false | |
| Notes | Set or clear the 'info' attribute. | false | false | |
| Set or clear the 'mail' attribute. | false | false | ||
| GroupType | Set the group type. Valid parameter values are: 'Security'; 'Distribution'. | false | false | |
| GroupScope | Set the group scope. Valid parameter values are: 'Global'; 'Universal'; 'DomainLocal'. | false | false | |
| SamAccountName | Set or clear the 'sAMAccountName' attribute. | false | true (ByPropertyName) | |
| ObjectAttributes | Specify an associative array that defines the attributes to set. The array syntax:
@{attr1='val1';attr2='val2';...} In this syntax, each of the key-value pairs is the LDAP display name and the value of an attribute to set. Thus, passing the @{info='Associates';extensionAttribute2='Paris'} array to the ObjectAttributes parameter causes the cmdlet to set 'Notes' to 'Associates' and 'Custom Attribute 2' to 'Paris' on the group. For information about associative arrays, type the following command at the PowerShell command-prompt: help about_associative_array | false | true (ByValue, ByPropertyName) | |
| Description | Set or clear the 'description' attribute. | false | false | |
| DisplayName | Set or clear the 'displayName' attribute. | false | false | |
| ExcludedProperties | Use this parameter to specify the attributes that you do not want the cmdlet to update in the directory. Supply a list of the attribute LDAP display names as the parameter value. You could use this parameter when importing attribute values from a text file, in order to prevent some attributes found in the file from being set in the directory. | false | false | |
| IncludedProperties | Use this parameter to specify explicitly the attributes that you want the cmdlet to update in the directory. Supply a list of the attribute LDAP display names as the parameter value. When used together with UseDefaultExcludedProperties, this parameter allows you to have the cmdlet update some attributes that would not be updated otherwise.
Note: If a particular attribute is listed in both ExcludedProperties and IncludedProperties, the cmdlet does not set the value of that attribute the directory. | false | false | |
| DeserializeValues | Supply this parameter on the command line if the input you pass to the cmdlet contains serialized attribute values (for instance, when importing a directory object from a text file that was created using the Serialize parameter). For examples of how to export and import an object, see help on the Get-QADUser cmdlet. | false | false | |
| UseDefaultExcludedProperties | When set to 'true', this parameter causes the cmdlet not to update a certain pre-defined set of attributes in the directory. This pre-defined set of attributes (referred to as "default excluded properties") can be viewed or modified by using the Get-QADPSSnapinSettings or Set-QADPSSnapinSettings cmdlet, respectively. | false | true (ByPropertyName) | false |
| UseDefaultExcludedPropertiesExcept | This parameter is deprecated, and has no effect. | false | true (ByPropertyName) | |
| Proxy | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Service | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionAccount | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionPassword | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Credential | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Connection | For parameter description, see help on the Connect-QADService cmdlet. | false | true (ByValue) | |
| UseGlobalCatalog | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| WhatIf | Describes what would happen if you executed the command, without actually executing the command. | false | false | |
| Confirm | Prompts you for confirmation before executing the command. | false | false |
Examples
Example 1
set-QADGroup 'MyDomain\AMS Managers' -description 'Amsterdam Managers'
Connect to any available domain controller with the credentials of the locally logged on user, bind to a specific group by Domain\Name, and modify the description of the group.
Example 2
set-QADGroup '<DN of group object>' -Service 'server.domain.local:389' -description 'My AD LDS group object'
Connect to the AD LDS instance on 'server.domain.local:389' with the credentials of the locally logged on user, bind to a specific AD LDS group object by DN, and modify the description of the AD LDS group object.
Example 3
get-QADGroup MyTestGroup | set-QADGroup -samaccountname {$_.samaccountname + "New"}
Pipe the get-QADGroup output into the setQADGroup cmdlet to change the pre-Windows 2000 group name (add the "New" suffix to the name of the group returned by getQADGroup).
Example 4
set-QADGroup 'CN=TestGroup,OU=Groups,DC=domain,DC=company,DC=com' -samaccountname 'My Test Group'
Bind to the group by distinguished name and set the group name (pre-Windows 2000).
