Author Posts

April 13, 2016 at 11:34 pm

I would like to Clear all the multible attributes for my AD users(reminiscence from Old Office Communication server installation):
I tried the following, but i can't seem to get past this error:

Get-ADUser : Error parsing query: '{(msRTCSIP-ArchivingEnabled -like "*") -or (msRTCSIP-FederationEnabled -like "*") -or (msRTCSIP-InternetAccessEnabled -like "*") -or (msRTCSIP-Lin
e -like "*") -or (msRTCSIP-LineServer -like "*") -or (msRTCSIP-OptionFlags -like "*") -or (msRTCSIP-OriginatorSid -like "*") -or (msRTCSIP-PrimaryHomeServer -like "*") -or (msRTCSIP
-PrimaryUserAddress -like "*") -or (msRTCSIP-TargetHomeServer -like "*") -or (msRTCSIP-UserEnabled -like "*") -or (msRTCSIP-UserExtension -like "*") -or (msRTCSIP-UserPolicy -like "
*")}' Error Message: 'syntax error' at position: '1'.
At C:\Users\XXXX\OneDrive\Build-Filter.ps1:32 char:1
+ Get-ADUser -Filter $Filter
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ParserError: (:) [Get-ADUser], ADFilterParsingException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

This is my code:

$exattr=@(
    'msRTCSIP-ArchivingEnabled',
    'msRTCSIP-FederationEnabled',
    'msRTCSIP-InternetAccessEnabled',
    'msRTCSIP-Line',
    'msRTCSIP-LineServer',
    'msRTCSIP-OptionFlags',
    'msRTCSIP-OriginatorSid',
    'msRTCSIP-PrimaryHomeServer',
    'msRTCSIP-PrimaryUserAddress',
    'msRTCSIP-TargetHomeServer',
    'msRTCSIP-UserEnabled',
    'msRTCSIP-UserExtension',
    'msRTCSIP-UserPolicy'
)

# Build -Filter String
$exattr | Foreach-Object -Begin {
    $Filter = "{"
} -Process {
    $Filter += "($_"
    $Filter += " -like "
    $Filter += '"*"'
    $Filter += ") "
    $Filter += "-or "

} -End {
    $Filter += "}"
}
$Filter=$Filter.Replace(" -or }","}") 
# Get AD users with attributes having content
Get-ADUser -Filter $Filter

If i write it all by hand, it works, but I rather like to do it smarter:

Get-ADUser -Filter {(msRTCSIP-PrimaryHomeServer -like "*") -or (msRTCSIP-PrimaryUserAddress -like "SIP:*") -or (msRTCSIP-UserEnabled -like "*")}

What am i doing wrong?

April 14, 2016 at 1:56 am

Actually you don't need to search first if user objects already have a value present or not. You can just null everything. Here's one approach to do this. I'm using splatting here to feed the parameters to the Set-ADUser Cmdlet:

$extraProperties = @(
  'msRTCSIP-ArchivingEnabled', 
  'msRTCSIP-FederationEnabled', 
  'msRTCSIP-InternetAccessEnabled', 
  'msRTCSIP-Line', 
  'msRTCSIP-LineServer', 
  'msRTCSIP-OptionFlags', 
  'msRTCSIP-OriginatorSid', 
  'msRTCSIP-PrimaryHomeServer', 
  'msRTCSIP-PrimaryUserAddress', 
  'msRTCSIP-TargetHomeServer', 
  'msRTCSIP-UserEnabled', 
  'msRTCSIP-UserExtension', 
  'msRTCSIP-UserPolicy'
)

$users = Get-ADUser -Filter * -Properties $extraProperties

foreach ( $user in $users) {

  $args = @{
    Identity 													= $($user.SamAccountName)
    'msRTCSIP-ArchivingEnabled'				= $null
    'msRTCSIP-FederationEnabled' 			= $null
    'msRTCSIP-InternetAccessEnabled'	= $null
    'msRTCSIP-Line' 									= $null
    'msRTCSIP-LineServer' 						= $null
    'msRTCSIP-OptionFlags' 						= $null
    'msRTCSIP-OriginatorSid' 					= $null
    'msRTCSIP-PrimaryHomeServer' 			= $null
    'msRTCSIP-PrimaryUserAddress' 		= $null
    'msRTCSIP-TargetHomeServer' 			= $null
    'msRTCSIP-UserEnabled' 						= $null
    'msRTCSIP-UserExtension' 					= $null
    'msRTCSIP-UserPolicy' 						= $null
  }

  Set-ADUser @args
  
}

April 14, 2016 at 3:13 am

When i run the code i get the following error:

Set-ADUser : A parameter cannot be found that matches parameter name 'msRTCSIP-OriginatorSid'.
At C:\Users\XXXX\OneDrive\ADUser-Clear-multi-Attribute-multi-users_exprimental.ps1:38 char:14
+   Set-ADUser @args -WhatIf
+              ~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Set-ADUser], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.SetADUser

April 14, 2016 at 3:24 am

Ah yes, sorry, those attributes don't have a named parameter in the Set-ADUser Cmdlet. So you need to use the -replace parameter. Try this:

$users = Get-ADuser -Filter * -Properties $extraProperties

foreach ( $user in $users ) 
{
  Set-ADUser -Identity $($user.SamAccountName) -Replace @{
    'msRTCSIP-ArchivingEnabled' = $null
    'msRTCSIP-FederationEnabled' = $null
    'msRTCSIP-InternetAccessEnabled' = $null
    'msRTCSIP-Line' = $null
    'msRTCSIP-LineServer' = $null
    'msRTCSIP-OptionFlags' = $null
    'msRTCSIP-OriginatorSid' = $null
    'msRTCSIP-PrimaryHomeServer' = $null
    'msRTCSIP-PrimaryUserAddress' = $null
    'msRTCSIP-TargetHomeServer'	= $null
    'msRTCSIP-UserEnabled' = $null
    'msRTCSIP-UserExtension' = $null
    'msRTCSIP-UserPolicy' = $null
  }
}

April 14, 2016 at 5:08 am

I tried it, but now i get this errer:

Set-ADUser : Cannot validate argument on parameter 'Replace'. The argument is null or an element of the argument collection contains a null value.
At C:\Users\XXXX\OneDrive - JP-Politikens Hus\Work\PS\SfB\ADUser-Clear-multi-Attribute-multi-users_exprimental.ps1:21 char:57
+   Set-ADUser -Identity $($user.SamAccountName) -Replace @{
+                                                         ~~
    + CategoryInfo          : InvalidData: (:) [Set-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.SetADUser

April 14, 2016 at 5:45 am

Try to execute it in PowerShell ISE.

May 3, 2017 at 4:42 am

You can't set AD attribute to "null" in that way – it must be "cleared". Also, I found that in our environment, the msRTCSIP attributes have quite different names.

My preferred method was to simply find all the msRTCSIP attributes in the account (since they all have the same prefix, why not) and clear them. It's hitting AD three times rather than just twice, but the first is just to compile the user list – intelligent filters will help.

The only tricky part was that the attributes are "NoteProperty" types – all we wanted was the attribute names and not the values.

$users = Get-ADUser -Filter * -SearchBase "OU=Disabled Users..."
foreach ( $u in $users) {
    $RTCprops = (Get-ADUser $u | Select "msRTCSIP*").psobject.properties | select -expandproperty name
    Set-ADUser $u -Clear @($RTCprops)
}