Command to search out all inactive users in Active Directory and remove the OfficePhone in AD

Pardon the newbiness of this question:

But I’m looking for a Powershell command that is going to pour through AD, pull the inactive users, and remove the OfficePhone from each account.

I know the following will pull inactive users:

Search-ADAccount –AccountInactive –UsersOnly

And if I use get-aduser “user” -Properties OfficePhone, I can see theOfficePhone properties of that AD profile listed with the number “9999999999”:

DistinguishedName : CN=UserName,OU=users,OU=it,OU=department,OU=headquarters,OU=locations,OU=day_wireless_systems,OU=companies,DC=cd,DC=local
Enabled : True
GivenName : User
Name : User Name
ObjectClass : user
ObjectGUID : 4173ab52-a121-4764-93b0-408f90d011ef
OfficePhone : 9999999999
SamAccountName : cpiazza
SID : S-1-5-21-3855776420-861545424-2636607927-57485
Surname : Piazza
UserPrincipalName : cpiazza@daywireless.com

My boss wants me to push a command that will both pull all inactive users in AD and then automatically empty that OfficePhone field.

Anyone know how to accomplish this?

Thanks to all who respond!

Regards,
Corey Piazza

Hi Corey,

Welcome! Not to be a stickler, but we do ask that you format your code to help us read it easier: How to format code on PowerShell.org.

Have you tried Setting your inactive users to a variable, and using that to loop? I’ve not used Search-ADAccount so I don’t know what kind of object it spits out, but at the very least, you should be able to get some unique information from each user you get back to use with Set-ADUser: Set-ADUser (ActiveDirectory) | Microsoft Learn. However, the AD Module is extremely well built so I would expect it to output a Microsoft.ActiveDirectory.Management.ADAccount object. If that’s the case, you likely can just feed it directly into Set-ADUser via the PowerShell pipeline directly into Set-ADUser like this:

$InactiveUsers = Search-ADAccount -AccountInactive -UsersOnly
$InactiveUsers | Set-ADUser -OfficePhone $Null

Set-ADUser will allow you to update the Office phone. I am pretty sure it will accept $null and null that field out. You don’t have to set it equal to a variable, but I personally do, so I can go look at what accounts are scope prior to actually making a change. On that topic a couple words of caution:

1. Test. Test. Test. This is pretty low stakes probably, but test! If you have a whole test environment, that’s a great way to do it against a lot of accounts. However, If you have a test account, try it on that first. I’ve seen people get bit by an ask and they think it does one thing and it does another. Again ,this seems pretty low stakes but it’s a good practice to do it anyway!
2. Definitely look through the output of Search-ADAccount to make sure it’s what you expect.
3. Try this on one or a small subset of users first to ensure it works as expected. Again this is just a another level of testing. You can access a single object by using the index . $InactiveUsers[0] would access the first ‘object’ that is returned.

Thank you, dotnVo. I will definitely format the code in future posts. Thank you and I will give your suggestion a shot!