I am trying to remove some unwanted values from peoples AD accounts due to a botched migration of user data from Server 2003 32bit to Server 2008 64bit.
(I am afraid I don't currently have answers for how or what was used to migrate the user data as consultants were brought in for the whole job)
I am using ADModify.net v.2.1
I have used AdModify.net in the past to successfully bulk modify AD records but I am not having any luck with this task on the new servers.
I am doing a custom query for the value 'dn' which has polluted the 'ipPhone' attribute of peoples AD records. It is successfully returning all the expected accounts but when I try to remove the value but putting a tick in the box next to the ipPhone attribute, leaving the value field blank and update the changes, I get the following error with every user account I have selected to modify.
<user message="ADMODIFY.ERR - The attribute syntax specified to the directory service is invalid. " attribute="ipPhone" type="Failure" UserDN="LDAP://CN=Joe Blogss,OU=Staff,OU=Domain Users,DC=company,DC=local"/>
I cant have a blank 'ipPhone' attribute??
Or is there some other security restriction I am not aware of that is preventing ADModify from making the changes?