Wildcards..

This topic contains 5 replies, has 3 voices, and was last updated by Profile photo of Adam Nichols Adam Nichols 2 years, 4 months ago.

  • Author
    Posts
  • #17305
    Profile photo of Adam Nichols
    Adam Nichols
    Participant

    Hi All,

    So i've just finished the MVP Powershell course and figure i should put it too good use. Nothing better than practise, right?

    We've moved our Exchnage services to O365 and i've been tasked with removing X500 / x500 (both are present) values from the "proxyAddresses" attribute for all users.

    So, I've been able to remove an individual value from an individual AD Account using this;

    Set-ADUser -Identity "username" -Remove @{proxyAddresses="x500Value"}

    However, their are two values for each user. So i'd like to say;

    Set-ADUser -Identity * -Remove @{proxyAddresses="*500*"}

    This does run without error but doesn't remove anything. I'm assuming that this is because it's recognising the 'wildcard' (in proxyAddresses value) as a character instead of a 'wildcard' in the value but i've no idea what to do about it.

    All help much appreciated.

    Adam

  • #17306
    Profile photo of Don Jones
    Don Jones
    Keymaster

    AD itself doesn't recognize wild cards, and it's the one processing the operation. There's nothing you can do about it; it's a limitation of the technology.

    • #17307
      Profile photo of Adam Nichols
      Adam Nichols
      Participant

      Hi Don,

      Thanks for your response. Please don't take this as anything other than my attempt to understand (i've a long curve ahead of me i think). 🙂

      If i enter PSSession with DC and run;

      Get-ADUser *

      = This outputs every user object in my environment which would indicate it had recognised the 'wildcard'? Or is something else processing this?

      Thanks,
      Adam

  • #17308
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Certain parameters support wildcards. That * that you passed to Get-ADUser happens to be assigned to its "Filter" parameter, which does.

    However, you can't just stick wildcards anywhere you like. The -Identity parameter to Set-ADUser and the values in the hashtable that you pass to -Remove probably don't do any sort of wildcard matching (though I haven't tested that myself.) That doesn't mean that you can't conceptually make this work, just that it takes more work on your part. You need to have a script which fetches one or more users, looks through their proxyAddresses attribute for matching values, and removes them explicitly. Something like this (again, not tested; I don't have an AD environment up on my home lab at the moment. Remove the -WhatIf parameter from the Set-ADUser command once you're confident it's doing the right thing.)

    $users = Get-ADUser * -Properties proxyAddresses
    foreach ($user in $users)
    {
        $addressesToRemove = @($user.proxyAddresses) -like '*500*'
        if ($addressesToRemove.Count -gt 0)
        {
            Set-ADUser -Identity $user.DistinguishedName -Remove @{proxyAddresses = $addressesToRemove} -WhatIf
        }
    }
    

    Note: It may be possible to speed this up by filtering the Get-ADUser command with something like -Filter 'ProxyAddresses -like "*500*"' , but since I can't test that at the moment, I went something that I was confident should work.

    • #17309
      Profile photo of Adam Nichols
      Adam Nichols
      Participant

      Hi Dave,

      Thank you for taking the time to respond to the question, scary stuff this PowerShell and there's only so much you can pull from Google and Help files.. 🙂

      I shall test this (and break down the function so i understand a bit better) and will post back here to let you know how i get on. Assuming you're interested!

      Thanks Again,
      Adam

  • #17361
    Profile photo of Adam Nichols
    Adam Nichols
    Participant

    Hi Guys,

    As promised, I got back in to the office today and tried this out.

    Dave – Thanks very much, did the trick. The only change i had to make, ironically, is that i had to specify "*" as a '-Filter'!

    So workable script turned out as;

     $users = Get-ADUser -Filter * -Properties proxyAddresses
    foreach ($user in $users)
    {
        $addressesToRemove = @($user.proxyAddresses) -like '*500*'
        if ($addressesToRemove.Count -gt 0)
        {
            Set-ADUser -Identity $user.DistinguishedName -Remove @{proxyAddresses = $addressesToRemove}
        }
    } 

    Thanks for all your help! Much appreciated.

    Adam

You must be logged in to reply to this topic.