Script to Clear AD Attributes

Hello,

I have the following lines in a powershell script to search for the # and then remove it from the AD record (thus setting the field to in ADSI Edit):

$iUsers1 = Get-QADUser -SearchRoot $OU -SizeLimit 0 -objectAttributes @{extensionAttribute13 = “#”} | Set-QADUser -objectAttributes @{extensionAttribute13=@{Clear=@()}}
$iUsers2 = Get-QADUser -SearchRoot $OU -SizeLimit 0 -homePhone = “#” | Set-QADUser -homePhone = $null

The extensionAttribute13 field is successfully cleared. The -homePhone field is not and I receive the following error:

Set-QADUser : Cannot validate argument on parameter ‘Identity’. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
At C:\Remove_hash_2.ps1:15 char:84

  • $iUsers13 = Get-QADUser -SearchRoot $OU -SizeLimit 0 -homePhone = “#” | Set-QADUser <<<< -homePhone = $null
    • CategoryInfo : InvalidData: (:slight_smile: [Set-QADUser], ParameterBindingValidationException
    • FullyQualifiedErrorId : ParameterArgumentValidationError,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.SetUserCmdlet

To make sure I had the correct syntax, I did the following from the ActiveRoles AD shell:

Set-QADUser 'username' -homePhone $null

And that worked.

I would appreciate any guidance with this.

Thank you.

A couple of things:

If you read the error closely you’ll see exactly what the problem is. If you just run the first half of your pipeline you’ll probably see that no users are returned. This means that the Set-QADUser does not receive any objects to act on. I’m not very familiar with the Quest cmdlets but I don’t believe your argument to the -HomePhone parameter of Get-QADUser will work since you are using the ‘=’ operator which is for assignments. From their documentation it looks like you could specify -HomePhone ‘#*’.

Also, why are you saving the results of the Set-QADUser cmdlet to a variable? This isn’t really necessary, but I don’t think that’s your problem.

The problem is an extra = sign in your code, which you didn’t type when you tried the command at a shell:

Set-QADUser -homePhone = $null

# Should just be

Set-QADUser -homePhone $null