Modify AccountExpDate to Null

by dastock at 2012-10-29 09:54:49

I’m fairly new to Powershell and am banging my head with this seemingly simple issue. I am scanning AD for users who have an EmployeeID and AccountExpirationDate. When I find them I want to set the AEDate to $null. Problem seems to be piping the output from my search to the Set-aduser cmdlet. I’ve tried a few different ways. Any help is appreciated. I’ve tried foreach, set-aduser

Import-Module ActiveDirectory
$users = Get-ADUser -Filter * -SearchBase ‘OU=users,DC=domain,DC=Com’ -properties AccountExpirationDate, EmployeeID | `
Where-Object{ $.AccountExpirationDate -ne $null -and $.EmployeeID -ne $null | select-object name, samaccountname,
AccountExpirationDate, EmployeeID | ForEach-Object ( $user in $users ) { Set-ADUser $.AccountExpirationDate = $null }

Error from above script :(Unexpected token ‘in’ in expression or statement. At line:4 char:61)

This piece works for modifying the property to null, I just can’t seem to feed it a var that works. If I use this in above script instead of the ForEach loop, I get an Identity undefined error.
Get-ADUser -Identity "username"
$user.AccountExpirationDate = $null
Set-ADUser -Instance $user
by coderaven at 2012-10-29 12:05:06
First off, I want to tell you that filtering as soon as possible is of great benefit!

Here is what I came up with
Get-ADUser -Filter {employeeid -like "" -AND AccountExpirationDate -like ""} | Set-ADUser -AccountExpirationDate $Null
I learned LDAP filtering in the past which helps. This filter is just asking if there is a value or not. It seem a little heavy for a filter but works.
by dastock at 2012-10-29 14:23:38
Thanks Allan. That did work for me, I had tried using Set-Aduser $.AccountExpirationDate = $null.

When I filter at the beginning it doesn’t seem to like when I search for $.EmployeeID -ne $null, that’s how I ended up with the Where-Object line. Is there a way to search for employeeid -ne $null?

Also when I add multiple ands I can’t seem to contract them: Ex.
Where-Object{ $
.AccountExpirationDate -ne $null -and $.EmployeeID -ne ‘Consultant’ -and $.EmployeeID -ne ‘TBD’ -and $.EmployeeID -ne ‘*SYS’ -and $.EmployeeID -ne $null }

I would think I could shorten to Where-Object {$.AccountExpirationDate -ne $null -and $.EmployeeID -ne {‘TBD’, ‘Contractor’, ‘*SYS’,$null}

The stuff I think should be easy is taking way too long. Maybe I overthink it.

Thanks again!!
by coderaven at 2012-10-30 06:10:22
Glad it works.

Using – Set-ADUser $.AccoutnExperationDate = $null – does not work for 2 reasons.
1. Set-ADUser in my example is getting the current user form the pipe or if running the command alone you specify the user via the Identity parameter.
2. You don’t need the = in the statement

Filtering at the beginning does not require the $
because you are not passed anything yet, as you can see in my example, I do not use the $_ in the Get-ADUser.

Filtering can get complex. If you are going to get all the data once and run one filter to do X then another filter to do Y and so on. Using the Where is a good choice after you get all objects. In your shortened Where statement that just would not work because you are using different test. ‘TBD’ and ‘Contractor’ are things that would match the incoming value; *SYS is a -Like type match; etc.
by dastock at 2012-10-30 07:47:16
Great! Thanks for the added input Allan!!! Helps a lot. Reading and seeing examples don’t always explain the actual behind the scenes workings. Learning to visualize the process will help.
I’ll try the -Like and work with the filtering a lot more to perfect my statement. Right now it’s working for what I want but as usual one is rarely satisfied when it comes to scripting and programming, always a tweak or two to make it better.