PowerShell 1 min read

Set Unix Attributes LoginShell from Active Directory with PowerShell

Michael Wu ·

This post demonstrates how to update Unix Properties (specifically LoginShell) in an Active Directory object using PowerShell.

Prerequisites

If the UNIX Attributes tab isn’t visible in AD Object Properties, you’ll need to install Identity Management for UNIX Components.

The PowerShell Function

<#
.Synopsis
   Set UNIX attributes LoginShell in AD object
.DESCRIPTION
   Set UNIX attributes in AD object
.EXAMPLE
   PS C:\> Set-ADLoginShell -searchBase "OU=FacStaff,OU=Campus,DC=mike,dc=com" -value "/bin/bash"
#>
function Set-ADLoginShell {
    [CmdletBinding()]
    [OutputType([int])]
    Param(
        # Set LoginShell value
        [Parameter(Mandatory = $true,
            ValueFromPipelineByPropertyName = $true,
            Position = 0)]
        [string]$value,

        # OU searchbase
        [string]$searchBase
    )

    Process {
        Get-ADUser -Filter * -SearchBase $searchBase -Properties loginshell |
            Set-ADUser -Replace @{loginshell = $value} -Verbose
    }
}

Usage

The function accepts two parameters:

  • $searchBase: The Organization Unit path for targeting specific users
  • $value: The desired login shell value (e.g., /bin/bash)

The loginshell attribute on line 31 can be replaced with other Unix properties such as NIS Domain, UID Home Directory, or GID.

Result

Once executed, the changes are immediately reflected in the AD Object properties.

#Active Directory #Unix
← Back to all posts