Adding Custom User Attributes with PowerShell

Written by Cassa Niedringhaus on February 23, 2020

Share This Article

IT admins are responsible for a number of provisioning tasks — not just provisioning new users to their resources but also provisioning existing users to new resources, like a new application the organization has decided to use.

Each SaaS app requires a unique set of user attributes to create accounts, and user attributes should ideally be populated from the central directory to the requisite app via single sign-on (SSO) connectors. But what happens when the app requires a custom user attribute that’s not already stored in the core directory?

Admins have a few options for adding custom attributes to their directory, depending on which directory they use. One of those options is PowerShell, an automation management language. 

Adding a Custom Attribute in Active Directory

Admins managing an Active Directory® (AD) instance can modify the AD schema via tools like Windows Registry, but this process requires careful consideration and execution. There’s a thorough step-by-step guide here — though admins should consider testing schema changes before implementing them on production domain controllers.

Once an admin has added the custom attribute to the schema, they can then modify the attribute for an individual user with the Set-ADUser cmdlet in PowerShell or in bulk through a CSV import into AD. 

However, various challenges exist in this process, and updating your AD schema is not a task to be taken lightly, as there’s no straightforward way to undo the changes should you need to for any reason. Beyond that, AD does not federate core identities to SaaS apps natively. Instead, admins will need to seek a third-party SSO solution to extend their user identities to cloud resources.

Adding a Custom Attribute in JumpCloud

JumpCloud’s Directory-as-a-Service® has an integrated PowerShell module for automation and bulk tasks. JumpCloud serves as a full-suite directory in the cloud, and admins can choose whether to control the directory from the web-based UI console or various other options, like the PowerShell module. 

The module allows admins to add and modify custom user attributes at scale. You can accomplish this by uploading a CSV with the new attributes to JumpCloud. You represent custom attributes by adding two columns for each attribute: one column to signify the attribute name and one column to signify the attribute value. 

This is all achieved via PowerShell, the attribute is then reflected for each user in the JumpCloud console.

This process is streamlined and far more efficient than modifying custom attributes one by one, particularly if you have more than a handful of employees. You can also use the PowerShell module to import AD users into JumpCloud, preserve their AD attributes, and add any custom attributes necessary during their import, as well. JumpCloud offers a catalog of hundreds of pre-configured SSO connectors to popular SaaS apps, as well as a generic SAML connector for apps outside the catalog.

From JumpCloud, you can then provision users to their systems (Mac®, Window®, and Linux®), apps, networks, and file servers — and virtually any other IT resource — via cloud LDAP, cloud RADIUS, and SAML. 

Learn about other provisioning use cases where the JumpCloud PowerShell module is particularly useful, or take a look at JumpCloud engineer Scott Reed’s advanced import tutorial below:

Continue Learning with our Newsletter