Clear multi attribute with content for AD users

Welcome Forums General PowerShell Q&A Clear multi attribute with content for AD users

This topic contains 6 replies, has 3 voices, and was last updated by

 
Participant
1 year, 8 months ago.

  • Author
    Posts
  • #37718

    Participant
    Points: 0
    Rank: Member

    I would like to Clear all the multible attributes for my AD users(reminiscence from Old Office Communication server installation):
    I tried the following, but i can't seem to get past this error:

    Get-ADUser : Error parsing query: '{(msRTCSIP-ArchivingEnabled -like "*") -or (msRTCSIP-FederationEnabled -like "*") -or (msRTCSIP-InternetAccessEnabled -like "*") -or (msRTCSIP-Lin
    e -like "*") -or (msRTCSIP-LineServer -like "*") -or (msRTCSIP-OptionFlags -like "*") -or (msRTCSIP-OriginatorSid -like "*") -or (msRTCSIP-PrimaryHomeServer -like "*") -or (msRTCSIP
    -PrimaryUserAddress -like "*") -or (msRTCSIP-TargetHomeServer -like "*") -or (msRTCSIP-UserEnabled -like "*") -or (msRTCSIP-UserExtension -like "*") -or (msRTCSIP-UserPolicy -like "
    *")}' Error Message: 'syntax error' at position: '1'.
    At C:\Users\XXXX\OneDrive\Build-Filter.ps1:32 char:1
    + Get-ADUser -Filter $Filter
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ParserError: (:) [Get-ADUser], ADFilterParsingException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
    

    This is my code:

    $exattr=@(
        'msRTCSIP-ArchivingEnabled',
        'msRTCSIP-FederationEnabled',
        'msRTCSIP-InternetAccessEnabled',
        'msRTCSIP-Line',
        'msRTCSIP-LineServer',
        'msRTCSIP-OptionFlags',
        'msRTCSIP-OriginatorSid',
        'msRTCSIP-PrimaryHomeServer',
        'msRTCSIP-PrimaryUserAddress',
        'msRTCSIP-TargetHomeServer',
        'msRTCSIP-UserEnabled',
        'msRTCSIP-UserExtension',
        'msRTCSIP-UserPolicy'
    )
    
    # Build -Filter String
    $exattr | Foreach-Object -Begin {
        $Filter = "{"
    } -Process {
        $Filter += "($_"
        $Filter += " -like "
        $Filter += '"*"'
        $Filter += ") "
        $Filter += "-or "
    
    } -End {
        $Filter += "}"
    }
    $Filter=$Filter.Replace(" -or }","}") 
    # Get AD users with attributes having content
    Get-ADUser -Filter $Filter
    

    If i write it all by hand, it works, but I rather like to do it smarter:

    Get-ADUser -Filter {(msRTCSIP-PrimaryHomeServer -like "*") -or (msRTCSIP-PrimaryUserAddress -like "SIP:*") -or (msRTCSIP-UserEnabled -like "*")}
    

    What am i doing wrong?

  • #37727

    Participant
    Points: 26
    Rank: Member

    Actually you don't need to search first if user objects already have a value present or not. You can just null everything. Here's one approach to do this. I'm using splatting here to feed the parameters to the Set-ADUser Cmdlet:

    $extraProperties = @(
      'msRTCSIP-ArchivingEnabled', 
      'msRTCSIP-FederationEnabled', 
      'msRTCSIP-InternetAccessEnabled', 
      'msRTCSIP-Line', 
      'msRTCSIP-LineServer', 
      'msRTCSIP-OptionFlags', 
      'msRTCSIP-OriginatorSid', 
      'msRTCSIP-PrimaryHomeServer', 
      'msRTCSIP-PrimaryUserAddress', 
      'msRTCSIP-TargetHomeServer', 
      'msRTCSIP-UserEnabled', 
      'msRTCSIP-UserExtension', 
      'msRTCSIP-UserPolicy'
    )
    
    $users = Get-ADUser -Filter * -Properties $extraProperties
    
    foreach ( $user in $users) {
    
      $args = @{
        Identity 													= $($user.SamAccountName)
        'msRTCSIP-ArchivingEnabled'				= $null
        'msRTCSIP-FederationEnabled' 			= $null
        'msRTCSIP-InternetAccessEnabled'	= $null
        'msRTCSIP-Line' 									= $null
        'msRTCSIP-LineServer' 						= $null
        'msRTCSIP-OptionFlags' 						= $null
        'msRTCSIP-OriginatorSid' 					= $null
        'msRTCSIP-PrimaryHomeServer' 			= $null
        'msRTCSIP-PrimaryUserAddress' 		= $null
        'msRTCSIP-TargetHomeServer' 			= $null
        'msRTCSIP-UserEnabled' 						= $null
        'msRTCSIP-UserExtension' 					= $null
        'msRTCSIP-UserPolicy' 						= $null
      }
    
      Set-ADUser @args
      
    }
    
  • #37733

    Participant
    Points: 0
    Rank: Member

    When i run the code i get the following error:

    Set-ADUser : A parameter cannot be found that matches parameter name 'msRTCSIP-OriginatorSid'.
    At C:\Users\XXXX\OneDrive\ADUser-Clear-multi-Attribute-multi-users_exprimental.ps1:38 char:14
    +   Set-ADUser @args -WhatIf
    +              ~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Set-ADUser], ParameterBindingException
        + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.SetADUser
    
  • #37736

    Participant
    Points: 26
    Rank: Member

    Ah yes, sorry, those attributes don't have a named parameter in the Set-ADUser Cmdlet. So you need to use the -replace parameter. Try this:

    $users = Get-ADuser -Filter * -Properties $extraProperties
    
    foreach ( $user in $users ) 
    {
      Set-ADUser -Identity $($user.SamAccountName) -Replace @{
        'msRTCSIP-ArchivingEnabled' = $null
        'msRTCSIP-FederationEnabled' = $null
        'msRTCSIP-InternetAccessEnabled' = $null
        'msRTCSIP-Line' = $null
        'msRTCSIP-LineServer' = $null
        'msRTCSIP-OptionFlags' = $null
        'msRTCSIP-OriginatorSid' = $null
        'msRTCSIP-PrimaryHomeServer' = $null
        'msRTCSIP-PrimaryUserAddress' = $null
        'msRTCSIP-TargetHomeServer'	= $null
        'msRTCSIP-UserEnabled' = $null
        'msRTCSIP-UserExtension' = $null
        'msRTCSIP-UserPolicy' = $null
      }
    }
    
  • #37753

    Participant
    Points: 0
    Rank: Member

    I tried it, but now i get this errer:

    Set-ADUser : Cannot validate argument on parameter 'Replace'. The argument is null or an element of the argument collection contains a null value.
    At C:\Users\XXXX\OneDrive - JP-Politikens Hus\Work\PS\SfB\ADUser-Clear-multi-Attribute-multi-users_exprimental.ps1:21 char:57
    +   Set-ADUser -Identity $($user.SamAccountName) -Replace @{
    +                                                         ~~
        + CategoryInfo          : InvalidData: (:) [Set-ADUser], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.SetADUser
    
  • #37759

    Participant
    Points: 26
    Rank: Member

    Try to execute it in PowerShell ISE.

  • #69985

    Participant
    Points: 1
    Rank: Member

    You can't set AD attribute to "null" in that way – it must be "cleared". Also, I found that in our environment, the msRTCSIP attributes have quite different names.

    My preferred method was to simply find all the msRTCSIP attributes in the account (since they all have the same prefix, why not) and clear them. It's hitting AD three times rather than just twice, but the first is just to compile the user list – intelligent filters will help.

    The only tricky part was that the attributes are "NoteProperty" types – all we wanted was the attribute names and not the values.

    $users = Get-ADUser -Filter * -SearchBase "OU=Disabled Users..."
    foreach ( $u in $users) {
        $RTCprops = (Get-ADUser $u | Select "msRTCSIP*").psobject.properties | select -expandproperty name
        Set-ADUser $u -Clear @($RTCprops)
    }
    

The topic ‘Clear multi attribute with content for AD users’ is closed to new replies.