Copying data from one attribute to another attribute in Active Directory

We often have customers that want to allow their users to use their mobile device as an identity service for our self-service solutions.

By default, we use the ‘mobile’ attribute in AD as it automatically enrolls a user into the service if their mobile number exists in AD. Usually the attribute is pre-populated with company provided mobile numbers. However, some customers do not want this field populated with personal mobile numbers as it may end up in signatures, the corporate address book, or another business directory.

In this scenario, we recommend that they make use of the Custom Mobile Attribute option as described on our support pages.

Specops uReset

https://specopssoft.com/support-docs/specops-ureset/administration/administrator-configurations/

Specops Authentication

https://specopssoft.com/support-docs/specops-authentication/administration/authentication-web/

Specops Password Reset

https://specopssoft.com/support-docs/specops-password-reset/reference-material/modifying-the-user-attributes-used-by-the-system/

Unfortunately, this means that ALL users will need to enroll with their mobile device. This is undesirable as they will lose the benefit of auto enrollment for all the corporate device users.

Fortunately, we have PowerShell to save the day! By running one line of PowerShell we can copy the data from the mobile AD attribute to another. In my example I’m using the pager attribute as the target.

Get-ADUser -LDAPFilter ‘(mobile=*)’ -Properties mobile, pager |Select-Object * | ForEach-Object {Set-ADObject –Identity $_.DistinguishedName ` -Replace @{Pager=$($_.mobile)}}

Of course this does assume that your mobile numbers are in the correct E164 format i.e. +44123412345, you might have do some further coding to make that happen.

(Last updated on August 9, 2023)

Tags:

darren james

Written by

Darren James

Darren James is a Senior Product Manager at Specops Software, an Outpost24 company. Darren is a seasoned cybersecurity professional with more than 20 years of experience in the IT industry. He has worked as a consultant across various organizations and sectors, including central and local governments, retail and energy. His areas of specialization include identity and access management, Active Directory, and Azure AD. Darren has been with Specops Software for more than 12 years and brings his expertise to the support and development of world-class password security and authentication solutions. 

Back to Blog