Solved

powershell script to remove IPphone from AD

Posted on 2013-01-28
8
3,088 Views
Last Modified: 2013-01-30
hi all

i need to clear the IPphone field from our disabled users OU in active directory.
the disabled Accounts OU lives inside the Users OU.

our AD structure looks like this

domain.com
 -Asia
  --Australia
    --Sydney
      --Users (all active users are here)
           -----Disabled Accounts (need to remove IPphone details from here only)
           -----Another OU
           -----and one more

i have created the following script but im unsure if the OU setting is correct...

can somebody please confirm if the following code looks correct?



Const ADS_PROPERTY_CLEAR = 1

Set objUser = GetObject _
   ("LDAP://cn=USERNAME, ou=/ASIA/Australia/Sydney/Users/Disabled Accounts, dc=domain, dc=com")
 
objUser.PutEx ADS_PROPERTY_CLEAR, "IPphone", 0
objUser.SetInfo
0
Comment
Question by:BakerSyd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 38829906
It should be the distinguishedname of user..
Set objUser = GetObject(“LDAP://cn=USERNAME,ou=Disabled Accounts,ou=Users,ou=Users,ou=Sydney,ou=Australia,ou=Asia,dc=domain, dc=com”)

Open in new window

0
 

Author Comment

by:BakerSyd
ID: 38833094
ahhh ok, that makes sense
is there a reason why you have 2 ou=Users in your code?


i have updated my script, and it looks like this

Const ADS_PROPERTY_CLEAR = 1

Set objUser = GetObject _
("LDAP://cn=AUSJB1, ou=Disabled Accounts, ou=Users, ou=Sydney, ou=Australia, ou=Asia, dc=domain, dc=com")
 
objUser.PutEx ADS_PROPERTY_CLEAR, "IPphone", 0
objUser.SetInfo

 


when i try to run this script it fails and gives me a lot of errors.


PS C:\users\ausamj\Desktop\Scripts> & '.\Remove IP Phone.ps1'
The term 'Const' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spell
ing of the name, or if a path was included, verify that the path is correct and try again.
At C:\users\ausamj\Desktop\Scripts\Remove IP Phone.ps1:1 char:6
+ Const <<<<  ADS_PROPERTY_CLEAR = 1
    + CategoryInfo          : ObjectNotFound: (Const:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Set-Variable : A positional parameter cannot be found that accepts argument 'GetObject'.
At C:\users\ausamj\Desktop\Scripts\Remove IP Phone.ps1:3 char:4
+ Set <<<<  objUser = GetObject _
    + CategoryInfo          : InvalidArgument: (:) [Set-Variable], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SetVariableCommand

LDAP://cn=AUSJB1, ou=Disabled Accounts, ou=Users, ou=Sydney, ou=Australia, ou=Asia, dc=bakernet, dc=com
The term 'objUser.PutEx' is not recognized as the name of a cmdlet, function, script file, or operable program. Check t
he spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\users\ausamj\Desktop\Scripts\Remove IP Phone.ps1:6 char:14
+ objUser.PutEx <<<<  ADS_PROPERTY_CLEAR, "IPphone", 0
    + CategoryInfo          : ObjectNotFound: (objUser.PutEx:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

The term 'objUser.SetInfo' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
 the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\users\ausamj\Desktop\Scripts\Remove IP Phone.ps1:7 char:16
+ objUser.SetInfo <<<<
    + CategoryInfo          : ObjectNotFound: (objUser.SetInfo:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException



im a complete noob in powershell scripting so forgive me for any stupid mistakes that ive done...

am i missing something from my script?
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 38833946
is there a reason why you have 2 ou=Users in your code?
it's a typo.. Only one ou=Users is required..

am i missing something from my script?
The code you posted is for a vbscript..

If you want to use PowerShell to update the attribute then you can use the Quest AD PowerShell module..
http://www.quest.com/powershell/activeroles-server.aspx

For clearing ipphone attribute for single user, run the following command..
Set-QADuser username -objectAttributes @{ipphone=$null}

Open in new window


For all users in the disabled OU
Get-QADUser -SearchRoot "ou=Disabled Accounts, ou=Users, ou=Sydney, ou=Australia, ou=Asia, dc=domain, dc=com" | Set-QADuser -objectAttributes @{ipphone=$null}

Open in new window


If you have Win 2008 R2 Active Directory then you can use the Set-ADuser command from AD powershell..
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:BakerSyd
ID: 38833999
hi

thanks for the information, i had no idea that i was doing a vbscript... the site that i was looking at kept mentioning powershell.

cheers for clearing that up.


with the powershell scripts that you created for me, do i need to run that via the Quest AD Powershell Module?
i already have the Active Directory Module for Windows Powershell ... will that do the same thing?

appreciate the scripts
i will most certainly have to remove all the ipphone details from all the disabled users.

i am trying to run the single user script you provided me, but its giving me an error.

PS C:\Windows\system32> Set-QADuser AUSJB1 -objectAttributes @{ipphone=$null}
Set-QADUser : Access is denied.
At line:1 char:12
+ Set-QADuser <<<<  AUSJB1 -objectAttributes @{ipphone=$null}
    + CategoryInfo          : NotSpecified: (:) [Set-QADUser], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdl
   ets.SetUserCmdlet

PS C:\Windows\system32>



could this be a permissions issue?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38834012
Active Directory Module for Windows PowerShell have *AD* commands.. like Set-ADUser, Get-ADUser

To clear IPPhone attribute for single user
Set-ADUser UserName -Clear ipphone

If you already have Quest AD PowerShell Module then you can use the code from my previous post..

Error says Access is denied, does your account have permission to modify the user attribute?
0
 

Author Comment

by:BakerSyd
ID: 38834119
yes my admin account has modify access for all OU's within the Australian OU...
my standard account does not.

standard: ausamj
admin: ausamj-a

i may need to run windows powershell with my admin account instead the local administrator account... maybe its not liking the local admin account

i installed quest AD Powershell Module as well, so i guess i can use both options...


i will give this a shot tomorrow when i get back into work and ill post back to let you know how i went.


thanks again!
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38834132
yes.. you need to use your admin account to run PowerShell..
0
 

Author Comment

by:BakerSyd
ID: 38837642
yes it worked!

as a test i ran the Get-QADUser commands to delete a single users iphone details.. and it worked...
so i then ran the script you gave me to delete from all users in the disabled accounts, and that worked perfectly as well.


thanks for your help!


cheers
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question