Posted in : Intune, Microsoft, Powershell By Tobias Sandberg

1 year ago

It is common to have one or multiple extensionAttributes in an Azure AD environment for use with Intune for example. These extensionAttributes can be handled in a couple of different ways when it comes to managing the values set for each of those. For simplicity I’ve created a Powershell script that can add values to multiple predefined extensionAttributes via a CSV file. This makes it more easy to import values on a larger group of users at any specific time or change a value afterwards.

The requirements to run this script is to have the following things ready before using the script:

  1. Created a Azure AD Application beforehand that can store the extenstionAttributes. Please read Microsofts documentation.
  2. Created (at least) one Azure AD Application Extension Property. Please read Microsofts documentation.
  3. The name of the Azure AD Application which we will use in the script (or as a parameter when executing the script).
  4. Created a CSV file which contains the username, extensionAttributeName and extensionAttributeValue of your choice. Please note that the extensionAttributeName must exist in the Azure AD Application. See my CSV template picture below.

Script explanation:
Execute the script as following:

.\Add-extensionAttributeValue.ps1 -csvPath "PATH TO CSV\CSV.csv”

or (if you want to define your Applicationname directly here instead inside the script)

.\Add-extensionAttributeValue.ps1 -csvPath "PATH TO CSV\CSV.csv” -Application "APPLICATIONNAME"

Logs will be written to C:\Windows\Temp\Add-extensionAttributeValue.log and look like the example below:

The script will also write the output directly on screen from where it’s executed:

Down below you will find the code for the script:

        Adding a extensionAttributeValue to a extensionAttributeName for a predefined Application
        This script will import a CSV file and loop through all users and add the following values that are defined.
        PLEASE NOTE!
        CSV must be in a specific format:
        Author: Tobias Sandberg
        Date published: 2019-06-17
        Current version: 1.0
Välkommen till Xenit
.EXAMPLE Add-extensionAttributeValue.ps1 #> [CmdletBinding()] Param( [string]$csvPath = "PATH TO CSV", [string]$LogFilePath = "C:\Windows\Temp\extenstionAttribute.log", [string]$applicationName = "XXXX", [string]$userName = "", [string]$extensionAttributeName = "" ) Begin{ function Write-Log { param ( [Parameter(Mandatory)] [string]$Message, [Parameter()] [ValidateSet('1','2','3')] [int]$Severity = 1 ## Default to a low severity. Otherwise, override ) $line = [pscustomobject]@{ 'DateTime' = (Get-Date) 'Message' = $Message 'Severity' = $Severity } if (-not (Test-Path "$LogfilePath")) { New-Item $LogfilePath -Force } if (((Get-Item -Path $LogfilePath).Length) -gt 3000000) { ## Create a new log file with a date timestamp for the name Remove-Item $LogFilePath -Force } ## Ensure that $LogFilePath is set to a global variable at the top of script $line | Export-Csv -Path $LogFilePath -Append -NoTypeInformation } Write-Log -Message "Logging into AzureAD" #Connect-AzureAD # Import CSV Write-Log -Message "Importing CSV" $csv = Import-Csv -Path $csvPath -Delimiter ';' } Process{ Try { $applicationID = (Get-AzureADApplication -SearchString $applicationName).AppId $applicationID = $applicationID.Replace('-','') # Script to apply a value on a attribute for an existing user foreach($user in $csv) { $userName = $user.Username $extensionAttributeName = $user.extensionAttributeName $extensionAttributeValue = $user.extensionAttributeValue $oldExtensionAttributeValue = (Get-AzureADUserExtension -ObjectId $UserId -ErrorAction SilentlyContinue).get_item("extension_$($applicationID)_$($extensionAttributeName)") if ($oldExtensionAttributeValue -ne $null) { Write-Host "ExtensionAttributeValue <$($oldExtensionAttributeValue)> is already set for ExtensionAttributeName <$($extensionAttributeName)> for user $($user.Username)" -ForegroundColor red -BackgroundColor black Write-Log -Message "ExtensionAttributeValue <$($oldExtensionAttributeValue)> is alreday set for ExtensionAttributeName <$($extensionAttributeName)> for user $($user.Username)" } Write-Host "Adding extensionAttribute <$($extensionAttributeValue)> for user $($user.Username)" -ForegroundColor green -BackgroundColor black Write-Log -Message "Adding extensionAttribute <$($extensionAttributeValue)> for user $($user.Username)" $userId = (Get-AzureADUser -ObjectId $userName).ObjectId Set-AzureADUserExtension -ObjectId $userId -ExtensionName "extension_$($applicationID)_$($extensionAttributeName)" -ExtensionValue $extensionAttributeValue } } catch { Write-Error "ERROR: $($Error[0])" Write-Log -Message $_.Exception.Message -Severity 3 Exit $LASTEXITCODE } } End{ Write-Log -Message "Script is done" }

The script is highly adoptable and can be changed in a lot of ways to fit your environment. So feel free to use it as you want.

If you have any questions, feel free to email me at or comment down below. I will try to answer you as soon as possible.

Tags : AAD, CSV, extensionAttributes, Intune, Microsoft Intune, PowerShell

Add comment

Your comment will be revised by the site if needed.