You want to modify one or more attribute s of an object.
The following examples set the last name (sn) attribute for the jsmith user object.
Open ADSI Edit.
If an entry for the naming context you want to browse is not already displayed, do the following:
Right-click on ADSI Edit in the right pane and click Connect to . . .
Fill in the information for the naming context, container, or OU you want to add an object to. Click on the Advanced button if you need to enter alternate credentials.
In the left pane, browse to the container or OU that contains the object you want to modify. Once you've found the object, right-click on it and select Properties.
Edit the sn attribute.
Enter Smith and click OK.
Click Apply.
Create an LDIF file called modify_object.ldf with the following contents:
dn: cn=jsmith,cn=users,dc=rallencorp,dc=com changetype: modify add: givenName givenName: Jim -
then run the following command:
> ldifde -v -i -f modify_object.ldf
You can modify a limited number of object types with the dsmod command. Run dsmod /? from a command line for more details.
strObjectDN = "cn=jsmith,cn=users,dc=rallencorp,dc=com" set objUser = GetObject("LDAP://" & strObjectDN) objUser.Put "sn", "Smith" objUser.SetInfo
If the parent container of the object you want to modify has a lot of objects in it, you may want to add a new connection entry for the DN of the target object. This will be easier than trying to hunt through a container full of objects. You can do this by right-clicking ADSI Edit and selecting Connect to. Under Connection Point, select Distinguished Name and enter the DN of the object.
For more on ldifde, see Recipe 4.25.
As of the publication of this book, the only types of objects you can modify with dsmod are computer, contact, group, ou, server, quota and user.
If you need to do anything more than simple assignment or replacement of a value for an attribute, you'll need to use the PutEx method instead of Put. PutEx allows for greater control of assigning multiple values, deleting specific values, and appending values.
PutEx requires three parameters: update flag, attribute name, and an array of values to set or unset. The update flags are defined by the ADS_PROPERTY_OPERATION_ENUM collection and listed in Table 4-3. Finally, SetInfo commits the change. If SetInfo is not called, the creation will not get committed to the domain controller.
Name |
Value |
Description |
---|---|---|
ADS_PROPERTY_CLEAR |
1 |
Remove all value(s) of the attribute. |
ADS_PROPERTY_UPDATE |
2 |
Replace the current values of the attribute with the ones passed in. This will clear any previously set values. |
ADS_PROPERTY_APPEND |
3 |
Add the values passed into the set of existing values of the attribute. |
ADS_PROPERTY_DELETE |
4 |
Delete the values passed in. |
In the following example, each update flag is used while setting the otherTelephoneNumber attribute:
strObjectDN = "cn=jsmith,cn=users,dc=rallencorp,dc=com" const ADS_PROPERTY_CLEAR = 1 const ADS_PROPERTY_UPDATE = 2 const ADS_PROPERTY_APPEND = 3 const ADS_PROPERTY_DELETE = 4 set objUser = GetObject("LDAP://" & strObjectDN) ' Add/Append two values objUser.PutEx ADS_PROPERTY_APPEND, "otherTelephoneNumber", _ Array("555-1212", "555-1213") objUser.SetInfo ' Now otherTelephoneNumber = 555-1212, 555-1213 ' Delete one of the values objUser.PutEx ADS_PROPERTY_DELETE, "otherTelephoneNumber", Array("555-1213") objUser.SetInfo ' Now otherTelephoneNumber = 555-1212 ' Change values objUser.PutEx ADS_PROPERTY_UPDATE, "otherTelephoneNumber", Array("555-1214") objUser.SetInfo ' Now otherTelephoneNumber = 555-1214 ' Clear all values objUser.PutEx ADS_PROPERTY_CLEAR, "otherTelephoneNumber", vbNullString objUser.SetInfo ' Now otherTelephoneNumber = <empty>
MSDN: IADs::Put, MSDN: IADs::PutEx, MSDN: IADs::SetInfo, and MSDN: ADS_PROPERTY_OPERATION_ENUM