Solved

powershell script to remove IPphone from AD

Posted on 2013-01-28
8
3,043 Views
Last Modified: 2013-01-30
hi all

i need to clear the IPphone field from our disabled users OU in active directory.
the disabled Accounts OU lives inside the Users OU.

our AD structure looks like this

domain.com
 -Asia
  --Australia
    --Sydney
      --Users (all active users are here)
           -----Disabled Accounts (need to remove IPphone details from here only)
           -----Another OU
           -----and one more

i have created the following script but im unsure if the OU setting is correct...

can somebody please confirm if the following code looks correct?



Const ADS_PROPERTY_CLEAR = 1

Set objUser = GetObject _
   ("LDAP://cn=USERNAME, ou=/ASIA/Australia/Sydney/Users/Disabled Accounts, dc=domain, dc=com")
 
objUser.PutEx ADS_PROPERTY_CLEAR, "IPphone", 0
objUser.SetInfo
0
Comment
Question by:BakerSyd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 38829906
It should be the distinguishedname of user..
Set objUser = GetObject(“LDAP://cn=USERNAME,ou=Disabled Accounts,ou=Users,ou=Users,ou=Sydney,ou=Australia,ou=Asia,dc=domain, dc=com”)

Open in new window

0
 

Author Comment

by:BakerSyd
ID: 38833094
ahhh ok, that makes sense
is there a reason why you have 2 ou=Users in your code?


i have updated my script, and it looks like this

Const ADS_PROPERTY_CLEAR = 1

Set objUser = GetObject _
("LDAP://cn=AUSJB1, ou=Disabled Accounts, ou=Users, ou=Sydney, ou=Australia, ou=Asia, dc=domain, dc=com")
 
objUser.PutEx ADS_PROPERTY_CLEAR, "IPphone", 0
objUser.SetInfo

 


when i try to run this script it fails and gives me a lot of errors.


PS C:\users\ausamj\Desktop\Scripts> & '.\Remove IP Phone.ps1'
The term 'Const' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spell
ing of the name, or if a path was included, verify that the path is correct and try again.
At C:\users\ausamj\Desktop\Scripts\Remove IP Phone.ps1:1 char:6
+ Const <<<<  ADS_PROPERTY_CLEAR = 1
    + CategoryInfo          : ObjectNotFound: (Const:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Set-Variable : A positional parameter cannot be found that accepts argument 'GetObject'.
At C:\users\ausamj\Desktop\Scripts\Remove IP Phone.ps1:3 char:4
+ Set <<<<  objUser = GetObject _
    + CategoryInfo          : InvalidArgument: (:) [Set-Variable], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SetVariableCommand

LDAP://cn=AUSJB1, ou=Disabled Accounts, ou=Users, ou=Sydney, ou=Australia, ou=Asia, dc=bakernet, dc=com
The term 'objUser.PutEx' is not recognized as the name of a cmdlet, function, script file, or operable program. Check t
he spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\users\ausamj\Desktop\Scripts\Remove IP Phone.ps1:6 char:14
+ objUser.PutEx <<<<  ADS_PROPERTY_CLEAR, "IPphone", 0
    + CategoryInfo          : ObjectNotFound: (objUser.PutEx:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

The term 'objUser.SetInfo' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
 the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\users\ausamj\Desktop\Scripts\Remove IP Phone.ps1:7 char:16
+ objUser.SetInfo <<<<
    + CategoryInfo          : ObjectNotFound: (objUser.SetInfo:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException



im a complete noob in powershell scripting so forgive me for any stupid mistakes that ive done...

am i missing something from my script?
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 38833946
is there a reason why you have 2 ou=Users in your code?
it's a typo.. Only one ou=Users is required..

am i missing something from my script?
The code you posted is for a vbscript..

If you want to use PowerShell to update the attribute then you can use the Quest AD PowerShell module..
http://www.quest.com/powershell/activeroles-server.aspx

For clearing ipphone attribute for single user, run the following command..
Set-QADuser username -objectAttributes @{ipphone=$null}

Open in new window


For all users in the disabled OU
Get-QADUser -SearchRoot "ou=Disabled Accounts, ou=Users, ou=Sydney, ou=Australia, ou=Asia, dc=domain, dc=com" | Set-QADuser -objectAttributes @{ipphone=$null}

Open in new window


If you have Win 2008 R2 Active Directory then you can use the Set-ADuser command from AD powershell..
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:BakerSyd
ID: 38833999
hi

thanks for the information, i had no idea that i was doing a vbscript... the site that i was looking at kept mentioning powershell.

cheers for clearing that up.


with the powershell scripts that you created for me, do i need to run that via the Quest AD Powershell Module?
i already have the Active Directory Module for Windows Powershell ... will that do the same thing?

appreciate the scripts
i will most certainly have to remove all the ipphone details from all the disabled users.

i am trying to run the single user script you provided me, but its giving me an error.

PS C:\Windows\system32> Set-QADuser AUSJB1 -objectAttributes @{ipphone=$null}
Set-QADUser : Access is denied.
At line:1 char:12
+ Set-QADuser <<<<  AUSJB1 -objectAttributes @{ipphone=$null}
    + CategoryInfo          : NotSpecified: (:) [Set-QADUser], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdl
   ets.SetUserCmdlet

PS C:\Windows\system32>



could this be a permissions issue?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38834012
Active Directory Module for Windows PowerShell have *AD* commands.. like Set-ADUser, Get-ADUser

To clear IPPhone attribute for single user
Set-ADUser UserName -Clear ipphone

If you already have Quest AD PowerShell Module then you can use the code from my previous post..

Error says Access is denied, does your account have permission to modify the user attribute?
0
 

Author Comment

by:BakerSyd
ID: 38834119
yes my admin account has modify access for all OU's within the Australian OU...
my standard account does not.

standard: ausamj
admin: ausamj-a

i may need to run windows powershell with my admin account instead the local administrator account... maybe its not liking the local admin account

i installed quest AD Powershell Module as well, so i guess i can use both options...


i will give this a shot tomorrow when i get back into work and ill post back to let you know how i went.


thanks again!
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38834132
yes.. you need to use your admin account to run PowerShell..
0
 

Author Comment

by:BakerSyd
ID: 38837642
yes it worked!

as a test i ran the Get-QADUser commands to delete a single users iphone details.. and it worked...
so i then ran the script you gave me to delete from all users in the disabled accounts, and that worked perfectly as well.


thanks for your help!


cheers
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question