Just yesterday a colleague of mine asked me how to undo an Active Directory object property change from the value he erroneously put back to <not set>. It turned out that I never actually blogged about that – so here you go. 🙂
Clearing AD attributes us actually as easy as just setting the value to $null. For example, here’s how you do it for properties which we have exposed in Set- cmdlets parameters:
Set-QADUser 'Amy Hardy' -City $null
Or for more internal attributes:
Set-QADUser 'Amy Hardy' -ObjectAttributes @{adminDescription=$null}
Hope that helps!
Advertisements
Subscribe by email
Finally figured out how to do this without the Quest extensions.
$userobj = [ADSI]”LDAP://cn=myname.OU=People.DC=example,DC=com”
$userobj.put(“description”,@())
$userobj.SetInfo()
The empty array is necessary to clear the description without error, not sure why, but I believe it is because @() actually generates a null array object. $null does not work; it gives you errors.
how to do this for multiple users
Pipeline results from Get-QADUser that retrieves the users that you need updated
thanks a lot!! it really helped me.. i used the following..
Get-QADUser -ObjectAttributes @{extensionAttribute10=’*’} | Set-QADUser -ObjectAttributes @{extensionAttribute10=$null}
Again Dmitry saves the day!