Solved

Remove Manager Attribute via PS

Posted on 2014-10-31
8
327 Views
Last Modified: 2014-11-02
Hi experts,

I am trying to remove/delete manager information from the moved users OU, and the PS script is working for single user as below but while i am trying to search for moved OU in the domain, and try to remove manager information for all users those belong to that OU returning with error, could you please advise.

Working script

Set-ADUser ittest -manager $null

The below script is not working:

$Server = "dc01.test.com"
$SearchBase = "OU=Moved Users,DC=test,DC=com"
Get-ADUser -Identity * -Server $Server -SearchBase $SearchBase -Properties * |
Select-Object -Property | Set-ADUser -manager $null

ERROR:

Get-ADUser : Parameter set cannot be resolved using the specified named paramet
ers.
At line:1 char:11
+ Get-ADUser <<<<  -Identity * -Server $Server -SearchBase $SearchBase -Propert
ies * |
    + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ParameterBind
   ingException
    + FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.ActiveDirectory.
   Management.Commands.GetADUser
Could you please advise.
0
Comment
Question by:ipsec600
  • 3
  • 3
  • 2
8 Comments
 
LVL 16

Expert Comment

by:Rajitha Chimmani
ID: 40416317
Identity * will not work to get all users. You have to provide a filter to list all objects. Try this. I have not tested it though.

Get-ADUser -Server $Server -SearchBase $SearchBase -Properties * -Filter {ObjectType -eq "User"} | Set-ADUser -manager $null
0
 

Author Comment

by:ipsec600
ID: 40416375
Hi Rajitha,

Thank you for your reply, now the PS command become successful without returning any error but it is not removing Manager information for users, could you please advise.
0
 
LVL 16

Expert Comment

by:Rajitha Chimmani
ID: 40416383
Try this. I would recommend trying $null in double quotes for single user first.

Get-ADUser -Server $Server -SearchBase $SearchBase -Properties * -Filter {ObjectType -eq "User"} | Set-ADUser -manager "$null"
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 40416387
You can use the following.  There is no need to return all the properties as you aren't doing anything with them, and it will just slow the query down.
Get-ADUser -Filter * -Server $Server -SearchBase $SearchBase | Set-ADUser -Clear Manager
#this also works
Get-ADUser -Filter * -Server $Server -SearchBase $SearchBase | Set-ADUser -Manager $null

Open in new window

0
 
LVL 39

Expert Comment

by:footech
ID: 40416392
BTW, Rajitha's doesn't work because the filter is incorrect.  It should be {ObjectClass -eq "User"} but that's also unnecessary since all objects that Get-ADUser returns have an ObjectClass of User.
0
 
LVL 16

Expert Comment

by:Rajitha Chimmani
ID: 40416440
I agree that the filter is incorrect but -Filter is a required parameter for Get-ADUser. You might not be able to run it without providing some filter.
0
 
LVL 39

Expert Comment

by:footech
ID: 40416466
My example does provide a filter, "*", which is valid and works.
Get-ADUser requires one of the following parameters: -Identity, -Filter, or -LdapFilter
0
 

Author Closing Comment

by:ipsec600
ID: 40418753
Excellent!! The PS command works perfectly that I was expecting, Thank you footech. And also thanks to Rajitha!!
0

Join & Write a Comment

This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now