How do I set a boolean virtual attribute from set-qaduser

Hello.

I've created a custom virtual attribute of type boolean in ARS that I would like to set using the set-qaduser commandlet.  It doesn't seem to work though

If I use the following command.

Set-QADUser -Proxy -Identity 'bob.dobbsn@example.com' -ObjectAttributes @{'edsva-NA-myvirtualattribute'=$false} -Control @{'OperationReason'="Set by script"}

This executes without error but it doesn't actually set the virtual attribute.  Is it actually possible to set a custom boolean virtual attribute from set-qaduser?

Any help would be appreciated.

Craig.

Parents
  • A few things I would initially check:

    - Is the VA set to be stored in the Active Roles database?

    - Do the values for the CN and LDAP Display Name for the VA match? When setting the VA use the LDAP Display Name value in the Set-QADUser cmdlet if they don't match.

    - You can also try using 0 and 1 instead of $false and $true.

    - Manually set the VA to true or false in one of the other interfaces (MMC/Web) and see if you can query it from the Management Shell.

  • Hello.  Thank you for the response.

    • The VA is set to be stored in the Active Roles database.
    • The CN and LDAP Display Name don't match but I have been using the LDAP Display Name
    • I tried using 0 and 1 but that didn't make the difference.  I also tried using 'FALSE' and 'False'
    • I did manually trying setting the VA to a value using the ARS MMC.  I was able to query it from the management shell after doing that I just can't set it.  Also to make sure my basic pattern was correct I tried setting a different custom VA I have created of type DirectoryString and was able to get it and set it from the management shell without problems.  It just seems to be Boolean's that are the problem.

    Do you have any other thoughts?

Reply
  • Hello.  Thank you for the response.

    • The VA is set to be stored in the Active Roles database.
    • The CN and LDAP Display Name don't match but I have been using the LDAP Display Name
    • I tried using 0 and 1 but that didn't make the difference.  I also tried using 'FALSE' and 'False'
    • I did manually trying setting the VA to a value using the ARS MMC.  I was able to query it from the management shell after doing that I just can't set it.  Also to make sure my basic pattern was correct I tried setting a different custom VA I have created of type DirectoryString and was able to get it and set it from the management shell without problems.  It just seems to be Boolean's that are the problem.

    Do you have any other thoughts?

Children
  • Permissions could possibly be an issue. Is the account that is running the PowerShell cmdlets a member of the Active Roles Admin group (DSAdministrators)? This would help rule out any permissions that may be applied via Access Templates.

    I am able to run the code snippet you provided, including setting the OperationReason. If the permissions are not an issue, I would look into getting product support involved.