Clear multi attribute with content for AD users

This topic contains 5 replies, has 2 voices, and was last updated by Profile photo of Richard Diphoorn Richard Diphoorn 7 months, 3 weeks ago.

  • Author
    Posts
  • #37718
    Profile photo of Jan Mikkelsen
    Jan Mikkelsen
    Participant

    I would like to Clear all the multible attributes for my AD users(reminiscence from Old Office Communication server installation):
    I tried the following, but i can't seem to get past this error:

    Get-ADUser : Error parsing query: '{(msRTCSIP-ArchivingEnabled -like "*") -or (msRTCSIP-FederationEnabled -like "*") -or (msRTCSIP-InternetAccessEnabled -like "*") -or (msRTCSIP-Lin
    e -like "*") -or (msRTCSIP-LineServer -like "*") -or (msRTCSIP-OptionFlags -like "*") -or (msRTCSIP-OriginatorSid -like "*") -or (msRTCSIP-PrimaryHomeServer -like "*") -or (msRTCSIP
    -PrimaryUserAddress -like "*") -or (msRTCSIP-TargetHomeServer -like "*") -or (msRTCSIP-UserEnabled -like "*") -or (msRTCSIP-UserExtension -like "*") -or (msRTCSIP-UserPolicy -like "
    *")}' Error Message: 'syntax error' at position: '1'.
    At C:\Users\XXXX\OneDrive\Build-Filter.ps1:32 char:1
    + Get-ADUser -Filter $Filter
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ParserError: (:) [Get-ADUser], ADFilterParsingException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
    

    This is my code:

    $exattr=@(
        'msRTCSIP-ArchivingEnabled',
        'msRTCSIP-FederationEnabled',
        'msRTCSIP-InternetAccessEnabled',
        'msRTCSIP-Line',
        'msRTCSIP-LineServer',
        'msRTCSIP-OptionFlags',
        'msRTCSIP-OriginatorSid',
        'msRTCSIP-PrimaryHomeServer',
        'msRTCSIP-PrimaryUserAddress',
        'msRTCSIP-TargetHomeServer',
        'msRTCSIP-UserEnabled',
        'msRTCSIP-UserExtension',
        'msRTCSIP-UserPolicy'
    )
    
    # Build -Filter String
    $exattr | Foreach-Object -Begin {
        $Filter = "{"
    } -Process {
        $Filter += "($_"
        $Filter += " -like "
        $Filter += '"*"'
        $Filter += ") "
        $Filter += "-or "
    
    } -End {
        $Filter += "}"
    }
    $Filter=$Filter.Replace(" -or }","}") 
    # Get AD users with attributes having content
    Get-ADUser -Filter $Filter
    

    If i write it all by hand, it works, but I rather like to do it smarter:

    Get-ADUser -Filter {(msRTCSIP-PrimaryHomeServer -like "*") -or (msRTCSIP-PrimaryUserAddress -like "SIP:*") -or (msRTCSIP-UserEnabled -like "*")}
    

    What am i doing wrong?

  • #37727
    Profile photo of Richard Diphoorn
    Richard Diphoorn
    Participant

    Actually you don't need to search first if user objects already have a value present or not. You can just null everything. Here's one approach to do this. I'm using splatting here to feed the parameters to the Set-ADUser Cmdlet:

    $extraProperties = @(
      'msRTCSIP-ArchivingEnabled', 
      'msRTCSIP-FederationEnabled', 
      'msRTCSIP-InternetAccessEnabled', 
      'msRTCSIP-Line', 
      'msRTCSIP-LineServer', 
      'msRTCSIP-OptionFlags', 
      'msRTCSIP-OriginatorSid', 
      'msRTCSIP-PrimaryHomeServer', 
      'msRTCSIP-PrimaryUserAddress', 
      'msRTCSIP-TargetHomeServer', 
      'msRTCSIP-UserEnabled', 
      'msRTCSIP-UserExtension', 
      'msRTCSIP-UserPolicy'
    )
    
    $users = Get-ADUser -Filter * -Properties $extraProperties
    
    foreach ( $user in $users) {
    
      $args = @{
        Identity 													= $($user.SamAccountName)
        'msRTCSIP-ArchivingEnabled'				= $null
        'msRTCSIP-FederationEnabled' 			= $null
        'msRTCSIP-InternetAccessEnabled'	= $null
        'msRTCSIP-Line' 									= $null
        'msRTCSIP-LineServer' 						= $null
        'msRTCSIP-OptionFlags' 						= $null
        'msRTCSIP-OriginatorSid' 					= $null
        'msRTCSIP-PrimaryHomeServer' 			= $null
        'msRTCSIP-PrimaryUserAddress' 		= $null
        'msRTCSIP-TargetHomeServer' 			= $null
        'msRTCSIP-UserEnabled' 						= $null
        'msRTCSIP-UserExtension' 					= $null
        'msRTCSIP-UserPolicy' 						= $null
      }
    
      Set-ADUser @args
      
    }
    
  • #37733
    Profile photo of Jan Mikkelsen
    Jan Mikkelsen
    Participant

    When i run the code i get the following error:

    Set-ADUser : A parameter cannot be found that matches parameter name 'msRTCSIP-OriginatorSid'.
    At C:\Users\XXXX\OneDrive\ADUser-Clear-multi-Attribute-multi-users_exprimental.ps1:38 char:14
    +   Set-ADUser @args -WhatIf
    +              ~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Set-ADUser], ParameterBindingException
        + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.SetADUser
    
  • #37736
    Profile photo of Richard Diphoorn
    Richard Diphoorn
    Participant

    Ah yes, sorry, those attributes don't have a named parameter in the Set-ADUser Cmdlet. So you need to use the -replace parameter. Try this:

    $users = Get-ADuser -Filter * -Properties $extraProperties
    
    foreach ( $user in $users ) 
    {
      Set-ADUser -Identity $($user.SamAccountName) -Replace @{
        'msRTCSIP-ArchivingEnabled' = $null
        'msRTCSIP-FederationEnabled' = $null
        'msRTCSIP-InternetAccessEnabled' = $null
        'msRTCSIP-Line' = $null
        'msRTCSIP-LineServer' = $null
        'msRTCSIP-OptionFlags' = $null
        'msRTCSIP-OriginatorSid' = $null
        'msRTCSIP-PrimaryHomeServer' = $null
        'msRTCSIP-PrimaryUserAddress' = $null
        'msRTCSIP-TargetHomeServer'	= $null
        'msRTCSIP-UserEnabled' = $null
        'msRTCSIP-UserExtension' = $null
        'msRTCSIP-UserPolicy' = $null
      }
    }
    
  • #37753
    Profile photo of Jan Mikkelsen
    Jan Mikkelsen
    Participant

    I tried it, but now i get this errer:

    Set-ADUser : Cannot validate argument on parameter 'Replace'. The argument is null or an element of the argument collection contains a null value.
    At C:\Users\XXXX\OneDrive - JP-Politikens Hus\Work\PS\SfB\ADUser-Clear-multi-Attribute-multi-users_exprimental.ps1:21 char:57
    +   Set-ADUser -Identity $($user.SamAccountName) -Replace @{
    +                                                         ~~
        + CategoryInfo          : InvalidData: (:) [Set-ADUser], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.SetADUser
    
  • #37759
    Profile photo of Richard Diphoorn
    Richard Diphoorn
    Participant

    Try to execute it in PowerShell ISE.

You must be logged in to reply to this topic.