set-aduser 属性不同于 AD 属性？

Question

当我在 PowerShell 命令行中键入 help set-aduser 时，我会得到下面列出的信息。我有兴趣改变的财产是办公室。

根据下面列出的信息，该属性指定为-office。但是AD名为office中没有属性，其实是physicalDeliveryOfficeName。它们是否都引用 AD 中的相同属性？为什么会这样，我认为我可以只指定 LDAP 名称？

NAME
    Set-ADUser

SYNOPSIS
    Modifies an Active Directory user.

SYNTAX
    Set-ADUser [-Identity] <ADUser> 
    [-AccountExpirationDate <System.Nullable[System.DateTime]>] 
    [-AccountNotDelegated <System.Nullable[bool]>] [-Add <hashtable>] 
    [-AllowReversiblePasswordEncryption <System.Nullable[bool]>] 
    [-CannotChangePassword <System.Nullable[bool]>] [-Certificates <hashtable>] 
    [-ChangePasswordAtLogon <System.Nullable[bool]>] [-City <string>] 
    [-Clear <string[]>] [-Company <string>] [-Country <string>] [-Department <string>] 
    [-Description <string>] [-DisplayName <string>] [-Division <string>] 
    [-EmailAddress <string>] [-EmployeeID <string>] [-EmployeeNumber <string>] 
    [-Enabled <System.Nullable[bool]>] [-Fax <string>] [-GivenName <string>] 
    [-HomeDirectory <string>] [-HomeDrive <string>] [-HomePage <string>] 
    [-HomePhone <string>] [-Initials <string>] [-LogonWorkstations <string>] 
    [-Manager <ADUser>] [-MobilePhone <string>] [-Office <string>] 
    [-OfficePhone <string>] [-Organization <string>] [-OtherName <string>] 
    [-PasswordNeverExpires <System.Nullable[bool]>] 
    [-PasswordNotRequired <System.Nullable[bool]>] [-POBox <string>] 
    [-PostalCode <string>] [-ProfilePath <string>] 
    [-Remove <hashtable>] [-Replace <hashtable>] [-SamAccountName <string>] 
    [-ScriptPath <string>] [-ServicePrincipalNames <hashtable>] 
    [-SmartcardLogonRequired <System.Nullable[bool]>] [-State <string>] 
    [-StreetAddress <string>] [-Surname <string>] [-Title <string>] 
    [-TrustedForDelegation <System.Nullable[bool]>] 
    [-UserPrincipalName <string>] [-AuthType {Negotiate | Basic}] 
    [-Credential <PSCredential>] [-Partition <string>] [-PassThru <switch>] 
    [-Server <string>] [-Confirm] [-WhatIf] [<CommonParameters>]

    Set-ADUser -Instance <ADUser> [-SamAccountName <string>] [-AuthType {Negotiate | Basic}] [-Credential <PSCredential
    >] [-Partition <string>] [-PassThru <switch>] [-Server <string>] [-Confirm] [-WhatIf] [<CommonParameters>]

Answer 1

如果您更喜欢 LDAP 名称，可以将它们与 -Remove、-Add、-Replace 或 -Clear 参数一起使用，而不是任何不同于 LDAP 名称的常规参数。将属性和值放在哈希表中，用分号分隔多个属性，用逗号分隔多个值。

Set-ADUser -Identity CitizenRon -Replace @{physicalDeliveryOfficeName=Downtown;mail=citizenron@somewhere.com;telephoneNumber=888-888-8888;otherTelephone=999-999-9999,777-777-7777}

Answer 2

它们是一回事。有关可通过 powershell 活动目录 cmdlet 获得的扩展属性列表，以及它们各自引用的 lDAPDisplayName，您可以参考： http://social.technet.microsoft.com/wiki/contents/articles/12037.active-directory-get-aduser-default-and-extended-properties.aspx

为了方便起见，我假设他们提供“办公室”而不是 LDAP 名称，因为它要短得多。

Answer 3

以下命令行：

Set-ADUser admInst1 -Office "##OFFICE##"

设置physicalDeliveryOfficeName 属性。

如您所见：

Answer 4

我使用 DistinquiishedName 按名称查找经理。您必须找到 ADUser 而不是将 distinquiishedName 字符串注入 Set-AdUser

$manager_user=Get-ADUser -Filter "DistinguishedName -eq '$manager'" -SearchBase "ou=ChildOU,ou=ParentOU,dc=abc,dc=corp,dc=com" 
                        Set-AdUser -Identity $user.SID -Credential $credential -Manager $manager_user -Server DC2.abc.corp.com