Solved

Powershell help

Posted on 2014-11-03
7
114 Views
Last Modified: 2014-11-04
Looking for a short script to do the following:

Search AD object for the following attributes: info which would be set to 'no sync' and flags set to '1'.  If found null both values and possible report back the accounts found with either of those two attributes set.
0
Comment
Question by:Ben Hart
  • 4
  • 2
7 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 40421124
Just use an LDAP filter when you're requesting it the users.
(&(objectClass=user)(objectCategory=person)(info=no sync)(flags=1))

Open in new window

I assume you've extended the schema since neither info or flags exist in the schema by default. If you have not extended the schema you're going to have to explain which attributes you're looking for.

Chris
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40421853
Well the functional level is 2008.. is there an extension that I have missed thats separate?
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40421885
Ok so yeah. I'm missing something here.  Those two attributes exist under Advanced Features but that query returns nothing.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 40

Expert Comment

by:footech
ID: 40422031
Try this.
get-adobject -filter {info -eq "no sync" -and flags -eq "1"}

Open in new window

It's a little odd, according to this link which shows all AD attributes, flags is on the list, but not info.
http://msdn.microsoft.com/en-us/library/ms675090(v=vs.85).aspx
I have "info" in my AD as well when I look at an object and I haven't extended my schema except for the installation of Exchange.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40422054
Same here.. Exchange 2010 would have been the last schema change that I know of.

What I am trying to do is remove all attribute data that's currently blocking an unknown amount of objects from syncing via FIM.  Our parent company set all the FIM (PCNS) stuff up and we could use either flags = 1 or info = no sync to block syncing.
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 40422300
You would probably want to limit your search to specific OUs using the -searchbase parameter of Get-ADObject.  Examine the returned results to verify that there aren't some objects which should be excluded.  I know in my environment, I have some Group Policy objects that have flags set to 1.  Couldn't tell you what it means though.
Get-ADObject -filter {info -eq "no sync" -or flags -eq "1"} | Set-ADObject -Clear info,flags -WhatIf

Open in new window

0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40422399
Beautiful.  Worked like a pack mule.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this previous article (https://oddytee.wordpress.com/2016/05/05/provision-new-office-365-user-and-mailbox-from-exchange-hybrid-via-powershell/), we made basic license assignments to users in O365. When I say basic, the method is the simplest way …
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question