Script to Clear AD Attributes

This topic contains 2 replies, has 3 voices, and was last updated by Profile photo of Dave Wyatt Dave Wyatt 2 years ago.

  • Author
    Posts
  • #20472
    Profile photo of Allen Rohl
    Allen Rohl
    Participant

    Hello,

    I have the following lines in a powershell script to search for the # and then remove it from the AD record (thus setting the field to in ADSI Edit):

    $iUsers1 = Get-QADUser -SearchRoot $OU -SizeLimit 0 -objectAttributes @{extensionAttribute13 = "#"} | Set-QADUser -objectAttributes @{extensionAttribute13=@{Clear=@()}}
    $iUsers2 = Get-QADUser -SearchRoot $OU -SizeLimit 0 -homePhone = "#" | Set-QADUser -homePhone = $null

    The extensionAttribute13 field is successfully cleared. The -homePhone field is not and I receive the following error:

    Set-QADUser : Cannot validate argument on parameter 'Identity'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
    At C:\Remove_hash_2.ps1:15 char:84
    + $iUsers13 = Get-QADUser -SearchRoot $OU -SizeLimit 0 -homePhone = "#" | Set-QADUser <<<< -homePhone = $null + CategoryInfo : InvalidData: (:) [Set-QADUser], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationError,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.SetUserCmdlet To make sure I had the correct syntax, I did the following from the ActiveRoles AD shell: Set-QADUser 'username' -homePhone $null And that worked. I would appreciate any guidance with this. Thank you.

  • #20481
    Profile photo of Matt McNabb
    Matt McNabb
    Participant

    A couple of things:

    If you read the error closely you'll see exactly what the problem is. If you just run the first half of your pipeline you'll probably see that no users are returned. This means that the Set-QADUser does not receive any objects to act on. I'm not very familiar with the Quest cmdlets but I don't believe your argument to the -HomePhone parameter of Get-QADUser will work since you are using the '=' operator which is for assignments. From their documentation it looks like you could specify -HomePhone '#*'.

    Also, why are you saving the results of the Set-QADUser cmdlet to a variable? This isn't really necessary, but I don't think that's your problem.

  • #20483
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    The problem is an extra = sign in your code, which you didn't type when you tried the command at a shell:

    
    Set-QADUser -homePhone = $null
    
    # Should just be
    
    Set-QADUser -homePhone $null
    
    

You must be logged in to reply to this topic.