Inventorying what extensionAttributes are used in your Active Directory Environment

Posted on July 10, 2023 by mell9185

Recently we my team was asked what extensionAttributes were in use in my company’s Active Directory environment so I wrote this quick PowerShell script to search for any filled in extensionAttribute and compile a list of that objects

Name
ObjectClass
The name of the filled in extenstionAttribute
That attributes value

Then compile a summary list of all filled in attributes that provides

The name of the filled in extensionAttribute
How many objects it was found filled in on
The total unique filled in values found
The most frequent filled in value

as well as a list of extensionAttibutes not filled in

PowerShell Script

#Load the Active Directory Module
#This could be done with ADSI accelrator as well, but this is much easier to work with
Import-Module ActiveDirectory -ErrorAction Stop

#Table of known attrbitues
$AttributeTable = @{
    extensionAttribute = 1..15
    msExchExtensionAttribute = 16..45
    msExchExtensionCustomAttribute = 1..5
}

#Array to hold unused attributes
$EmptyList = @()

#Array list to hold all objects with at least one attibute filled in
$ExtensionEntries = [System.Collections.ArrayList]@()

foreach ($Attribute in $AttributeTable.GetEnumerator()) {
    [String]$AttributeBase = $Attribute.Name
    $Attribute.value |
        ForEach-Object {
            $CurrenntAttribute = "$AttributeBase$_"
            [array]$current = Get-ADObject -Filter "$CurrenntAttribute -like '*'" -Properties $CurrenntAttribute |
                Select-object Name, ObjectClass, @{N='AttributeName';E={$CurrenntAttribute}}, @{N='AttributeValue';E={$_.$CurrenntAttribute}}
            if ($current.count -ne 0) {
                $ExtensionEntries.AddRange($current)
            }
            Else {
                $EmptyList+=$CurrenntAttribute
            }
        }
}

Write-output "--Currently used Attributes--"
$ExtensionEntries |
    Group-Object AttributeName |
    Sort-Object Count -Descending |
    Select-Object Name, Count, @{N = 'TotalUniqueValues'; E = { ($_.Group.AttributeValue | Sort-Object -Unique).count } }, @{N = 'MostFrequentValue'; E = { ($_.Group.AttributeValue | Group-Object | Sort-Object Count -Descending | Select-Object -First 1).Name}}

Write-output "`n--Unused Attributes--"
$EmptyList | Sort-object

Example Output

--Currently used Attributes--

Name                            Count TotalUniqueValues MostFrequentValue
----                            ----- ----------------- -----------------
msExchExtensionAttribute16      18849              6007 {...
extensionAttribute1              1194               226 Dell Inc.
extensionAttribute3              1015               713 4 Seats
extensionAttribute2               934                71 Precision Tower 3420
extensionAttribute4               875               607 No Asset Tag
extensionAttribute10              721               310 CONTOSO
extensionAttribute5               687               389 20221119
extensionAttribute14              224               151 06/17/2010
extensionAttribute15              120                 8 PreDefault
msExchExtensionAttribute17         83                 1 False
extensionAttribute9                60                23 USA
extensionAttribute12               51                 1 MimeCastUSA
extensionAttribute13               17                 4 USR
msExchExtensionCustomAttribute1     3               989 moore
msExchExtensionAttribute45          1                 1 {"Account Name":"ScriptRunner","Account Type":"task","Description":"Run various automations","Application Name":"n/a","Windows Service Name":"n/a","Servers Windows Service will ru...

--Unused Attributes--
extensionAttribute11
extensionAttribute6
extensionAttribute7
extensionAttribute8
msExchExtensionAttribute18
msExchExtensionAttribute19
msExchExtensionAttribute20
msExchExtensionAttribute21
msExchExtensionAttribute22
msExchExtensionAttribute23
msExchExtensionAttribute24
msExchExtensionAttribute25
msExchExtensionAttribute26
msExchExtensionAttribute27
msExchExtensionAttribute28
msExchExtensionAttribute29
msExchExtensionAttribute30
msExchExtensionAttribute31
msExchExtensionAttribute32
msExchExtensionAttribute33
msExchExtensionAttribute34
msExchExtensionAttribute35
msExchExtensionAttribute36
msExchExtensionAttribute37
msExchExtensionAttribute38
msExchExtensionAttribute39
msExchExtensionAttribute40
msExchExtensionAttribute41
msExchExtensionAttribute42
msExchExtensionAttribute43
msExchExtensionAttribute44
msExchExtensionCustomAttribute2
msExchExtensionCustomAttribute3
msExchExtensionCustomAttribute4
msExchExtensionCustomAttribute5

Related

About mell9185

IT proffesional. Tech, video game, anime, and punk aficionado.

View all posts by mell9185 →

This entry was posted in Active Directory, Exchange, PowerShell. Bookmark the permalink.

Leave a ReplyCancel reply