powershell script to remove IPphone from AD

hi all

i need to clear the IPphone field from our disabled users OU in active directory.
the disabled Accounts OU lives inside the Users OU.

our AD structure looks like this

domain.com
 -Asia
  --Australia
    --Sydney
      --Users (all active users are here)
           -----Disabled Accounts (need to remove IPphone details from here only)
           -----Another OU
           -----and one more

i have created the following script but im unsure if the OU setting is correct...

can somebody please confirm if the following code looks correct?



Const ADS_PROPERTY_CLEAR = 1

Set objUser = GetObject _
   ("LDAP://cn=USERNAME, ou=/ASIA/Australia/Sydney/Users/Disabled Accounts, dc=domain, dc=com")
 
objUser.PutEx ADS_PROPERTY_CLEAR, "IPphone", 0
objUser.SetInfo
BakerSydAsked:
Who is Participating?
 
SubsunConnect With a Mentor Commented:
is there a reason why you have 2 ou=Users in your code?
it's a typo.. Only one ou=Users is required..

am i missing something from my script?
The code you posted is for a vbscript..

If you want to use PowerShell to update the attribute then you can use the Quest AD PowerShell module..
http://www.quest.com/powershell/activeroles-server.aspx

For clearing ipphone attribute for single user, run the following command..
Set-QADuser username -objectAttributes @{ipphone=$null}

Open in new window


For all users in the disabled OU
Get-QADUser -SearchRoot "ou=Disabled Accounts, ou=Users, ou=Sydney, ou=Australia, ou=Asia, dc=domain, dc=com" | Set-QADuser -objectAttributes @{ipphone=$null}

Open in new window


If you have Win 2008 R2 Active Directory then you can use the Set-ADuser command from AD powershell..
0
 
SubsunCommented:
It should be the distinguishedname of user..
Set objUser = GetObject(“LDAP://cn=USERNAME,ou=Disabled Accounts,ou=Users,ou=Users,ou=Sydney,ou=Australia,ou=Asia,dc=domain, dc=com”)

Open in new window

0
 
BakerSydAuthor Commented:
ahhh ok, that makes sense
is there a reason why you have 2 ou=Users in your code?


i have updated my script, and it looks like this

Const ADS_PROPERTY_CLEAR = 1

Set objUser = GetObject _
("LDAP://cn=AUSJB1, ou=Disabled Accounts, ou=Users, ou=Sydney, ou=Australia, ou=Asia, dc=domain, dc=com")
 
objUser.PutEx ADS_PROPERTY_CLEAR, "IPphone", 0
objUser.SetInfo

 


when i try to run this script it fails and gives me a lot of errors.


PS C:\users\ausamj\Desktop\Scripts> & '.\Remove IP Phone.ps1'
The term 'Const' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spell
ing of the name, or if a path was included, verify that the path is correct and try again.
At C:\users\ausamj\Desktop\Scripts\Remove IP Phone.ps1:1 char:6
+ Const <<<<  ADS_PROPERTY_CLEAR = 1
    + CategoryInfo          : ObjectNotFound: (Const:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Set-Variable : A positional parameter cannot be found that accepts argument 'GetObject'.
At C:\users\ausamj\Desktop\Scripts\Remove IP Phone.ps1:3 char:4
+ Set <<<<  objUser = GetObject _
    + CategoryInfo          : InvalidArgument: (:) [Set-Variable], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SetVariableCommand

LDAP://cn=AUSJB1, ou=Disabled Accounts, ou=Users, ou=Sydney, ou=Australia, ou=Asia, dc=bakernet, dc=com
The term 'objUser.PutEx' is not recognized as the name of a cmdlet, function, script file, or operable program. Check t
he spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\users\ausamj\Desktop\Scripts\Remove IP Phone.ps1:6 char:14
+ objUser.PutEx <<<<  ADS_PROPERTY_CLEAR, "IPphone", 0
    + CategoryInfo          : ObjectNotFound: (objUser.PutEx:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

The term 'objUser.SetInfo' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
 the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\users\ausamj\Desktop\Scripts\Remove IP Phone.ps1:7 char:16
+ objUser.SetInfo <<<<
    + CategoryInfo          : ObjectNotFound: (objUser.SetInfo:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException



im a complete noob in powershell scripting so forgive me for any stupid mistakes that ive done...

am i missing something from my script?
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
BakerSydAuthor Commented:
hi

thanks for the information, i had no idea that i was doing a vbscript... the site that i was looking at kept mentioning powershell.

cheers for clearing that up.


with the powershell scripts that you created for me, do i need to run that via the Quest AD Powershell Module?
i already have the Active Directory Module for Windows Powershell ... will that do the same thing?

appreciate the scripts
i will most certainly have to remove all the ipphone details from all the disabled users.

i am trying to run the single user script you provided me, but its giving me an error.

PS C:\Windows\system32> Set-QADuser AUSJB1 -objectAttributes @{ipphone=$null}
Set-QADUser : Access is denied.
At line:1 char:12
+ Set-QADuser <<<<  AUSJB1 -objectAttributes @{ipphone=$null}
    + CategoryInfo          : NotSpecified: (:) [Set-QADUser], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdl
   ets.SetUserCmdlet

PS C:\Windows\system32>



could this be a permissions issue?
0
 
SubsunCommented:
Active Directory Module for Windows PowerShell have *AD* commands.. like Set-ADUser, Get-ADUser

To clear IPPhone attribute for single user
Set-ADUser UserName -Clear ipphone

If you already have Quest AD PowerShell Module then you can use the code from my previous post..

Error says Access is denied, does your account have permission to modify the user attribute?
0
 
BakerSydAuthor Commented:
yes my admin account has modify access for all OU's within the Australian OU...
my standard account does not.

standard: ausamj
admin: ausamj-a

i may need to run windows powershell with my admin account instead the local administrator account... maybe its not liking the local admin account

i installed quest AD Powershell Module as well, so i guess i can use both options...


i will give this a shot tomorrow when i get back into work and ill post back to let you know how i went.


thanks again!
0
 
SubsunCommented:
yes.. you need to use your admin account to run PowerShell..
0
 
BakerSydAuthor Commented:
yes it worked!

as a test i ran the Get-QADUser commands to delete a single users iphone details.. and it worked...
so i then ran the script you gave me to delete from all users in the disabled accounts, and that worked perfectly as well.


thanks for your help!


cheers
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.