Using Custom Attribute - PowerShell

feaths10 · August 28, 2025, 1:52pm

Hello,

Hoping someone can help as I’m a bit lost on how to do what I need to do.

Basically we have a leaver script that pulls from a HR file but the only source of 100% truth is a column headed ‘clockNumber’ This is a custom attribute in AD so I’m a bit lost on how I can get the script to look at the ‘clockNumber’ column in the csv and find the AD account associated with that ‘clockNumber’ then list the properties to filter out the SAMAccountName and then place the SAMAccountName into a variable called $Username that the script would then use for the remainder of the leaver script.

I hae the script working currently using the SAMAccountName as the $Username but as I said it is not 100% accurate so there are some missed leavers.

Any help or advice would be appreciated.

Thank you.

Josh-J-Spiceworks · August 28, 2025, 1:57pm

What is the actual field? Is it a truly custom attribute you’ve added, or is it using an ExtensionAttribute, or something similar?

If it’s the latter, you can easily pull that data using PowerShell, and I believe you can even filter Get-ADUser by them.

Neally · August 28, 2025, 2:22pm

You should be able to retrieve it like any other attribute.

get-aduser -filter "clockNumber -eq '123'" -properties clockNumber

The caveat is, some attributes are hidden / protected, so you might have to run powershell as admin or a specific user to be able to retrieve them, but that depends on how exactly that attribute was added to the AD schema / user object and the security settings.

anonymousUIL · August 28, 2025, 2:30pm

Are you asking about Get-Date? Like Josh J said we need more information to help. Neally is also on point if that is what you are looking for. To chime off Neally you can also use this method. The ? is Where-Object if you are newer to PowerShell.

Get-ADUser -Properties * | ?{$_.ClockNumber -eq "123"} $Time = Get-Date Set-ADUser -Identity $Username -extensionAttribute1 $Time

feaths10 · August 28, 2025, 3:43pm

Hi Josh,

It’s an actual custom attribute and not an extension attribute. Below is the commands I have but it errors (error below too). It seems to be taking the heading but I only want the samaccount name.

$ClockNumber = $User.ClockNo (This pulls the clock number from the csv)

$GetUser = Get-ADUser -Filter {clockNumber -eq $ClockNumber} (This get’s the user associated with that clock number)

$Username = $GetUser | select samAccountName (This is the sername variable that the script then uses)

The username then shows with the sam account name heading which AD obvilsy doesn’t recognice. How can I put just the samaccountname into the variable?

Thanks

anonymousUIL · August 28, 2025, 4:09pm

You need to add the -ExpandProperty to accomplish that.

$ClockNumber = $User.ClockNo $GetUser = Get-ADUser -Filter {clockNumber -eq $ClockNumber} $Username = $GetUser | select -ExpandProperty samAccountName

Neally · August 28, 2025, 4:15pm

You have to tell PowerShell to get the attribute, like in the sample I showed.

get-aduser -filter "clockNumber -eq '$clockNumber'" -properties clockNumber

ClockNumber is not a default attribute, so you have to specifically tell it to get it.

Neally · August 28, 2025, 4:19pm

You’d use dot notation or the -expandproperty parameter.

$ADUser = get-aduser -filter "clockNumber -eq '$clockNumber'" $ADUser.samaccountname $ADUser | select-object -expandproperty samaccountname

And then you can assign that a new variable as needed.

$ADUser = get-aduser -filter "clockNumber -eq '$clockNumber'" $sam = $ADUser.samaccountname $sam

anonymousUIL · August 28, 2025, 4:28pm

Another piece of advice is use Visual Studio Code to debug your script. It will show the value of the variable. So if one is blank/error you know that is the problem one.

Thank you Neally I forgot the -Properties as well like in my first script example.

Neally · August 28, 2025, 4:35pm

Yeah, don’t do that in a production script.
You tell it to get ALL AD users and ALL their properties.
If you have a large AD that’s a yuge waste and takes a long time.

anonymousUIL · August 28, 2025, 4:49pm

That is very true Neally

Feathers if they don’t normally show an attribute with a Get-ADUser use this method with -Properties.

Get-ADUser -Identity $GetUser -Properties clockNumber,extensionAttribute1

This is just an example so you don’t use more lines. To be honest your $GetUser and $Username could probably just be one line. Not sure how the rest of your script is written is why I say probably.

Hope that helps

Topic		Replies	Views
Getting a customAttribute(2) from AD and updating it w/out Exchange commands Programming & Development powershell , question	11	540	September 9, 2022
AD Attribute to Powershell Attribute Table? Programming & Development powershell , active-directory-gpo , question	16	1376	May 9, 2018
Updating custom attributes for a user via powershell Programming & Development powershell , question	9	3064	August 23, 2014
Powershell Get-ADuser Company and different Attributes to CSV Programming & Development powershell , question	5	3954	June 25, 2019
Trying to pull AD Attributes attached to Variable Programming & Development powershell , question	4	855	August 21, 2018

Using Custom Attribute - PowerShell

Related topics