Removing AD Attributes

All those Set-* cmdlets are great at changing an attribute in AD, but how do you remove an attribute completely?

The answer is really straight-forward – you just set it to $null.

For example, to remove my City attribute I could use something like:

Set-QADUser "Dmitry Sotnikov" -City $null

In the general case of any attribute and any object use this syntax:
Set-QADObject identity –ObjectAttribute @{attributeName=$null}

Where identity is anything that can identify the object: samAccountName, DN, GUID, SID, canonical name; and attributeName is the name of the attribute you want to remove.

I guess this is one of those cases when the solution is so obvious you just forget to blog about it (until you get an IM from someone like xaegr asking ;))

2 Responses to “Removing AD Attributes”

Feed for this Entry Trackback Address

1 Owen February 9, 2016 at 1:55 pm

Hi Dimitri,
Love your blog. How can I modify the command to use wildcards for example to remove mobile attribute, can I change this:

Set-QADObject identity –ObjectAttribute @{attributeName=$null}

to the following:

Set-QADObject mobile –ObjectAttribute @{attributeName=$null}

and would this remove mobile from all of the AD users because that’s what I want to do.

Thanks.
Owen

- 2 Dmitry Sotnikov February 11, 2016 at 3:46 am
  
  Owen,
  
  If ‘mobile’ is the name of the attribute – use it instead of the attributeName. And use samAccountName or another identifier of the account instead of identity.
  
  Dmitry

M	T	W	T	F	S	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

Dmitry's Blog: Cloud, PowerShell and beyond