Script to Clear AD Attributes

This topic contains 2 replies, has 3 voices, and was last updated by  Dave Wyatt 2 years, 9 months ago.

  • Author
  • #20472

    Allen Rohl


    I have the following lines in a powershell script to search for the # and then remove it from the AD record (thus setting the field to in ADSI Edit):

    $iUsers1 = Get-QADUser -SearchRoot $OU -SizeLimit 0 -objectAttributes @{extensionAttribute13 = "#"} | Set-QADUser -objectAttributes @{extensionAttribute13=@{Clear=@()}}
    $iUsers2 = Get-QADUser -SearchRoot $OU -SizeLimit 0 -homePhone = "#" | Set-QADUser -homePhone = $null

    The extensionAttribute13 field is successfully cleared. The -homePhone field is not and I receive the following error:

    Set-QADUser : Cannot validate argument on parameter 'Identity'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
    At C:\Remove_hash_2.ps1:15 char:84
    + $iUsers13 = Get-QADUser -SearchRoot $OU -SizeLimit 0 -homePhone = "#" | Set-QADUser <<<< -homePhone = $null + CategoryInfo : InvalidData: (:) [Set-QADUser], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationError,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.SetUserCmdlet To make sure I had the correct syntax, I did the following from the ActiveRoles AD shell: Set-QADUser 'username' -homePhone $null And that worked. I would appreciate any guidance with this. Thank you.

  • #20481

    Matt McNabb

    A couple of things:

    If you read the error closely you'll see exactly what the problem is. If you just run the first half of your pipeline you'll probably see that no users are returned. This means that the Set-QADUser does not receive any objects to act on. I'm not very familiar with the Quest cmdlets but I don't believe your argument to the -HomePhone parameter of Get-QADUser will work since you are using the '=' operator which is for assignments. From their documentation it looks like you could specify -HomePhone '#*'.

    Also, why are you saving the results of the Set-QADUser cmdlet to a variable? This isn't really necessary, but I don't think that's your problem.

  • #20483

    Dave Wyatt

    The problem is an extra = sign in your code, which you didn't type when you tried the command at a shell:

    Set-QADUser -homePhone = $null
    # Should just be
    Set-QADUser -homePhone $null

You must be logged in to reply to this topic.