Link to home
Start Free TrialLog in
Avatar of ntr2def
ntr2def

asked on

Clearing users with certain UPN

Currently I have a list of users with a certain upn @oldomain.com. However the list also contains users with the new UPN @NewDomain1.com, @NewDomain2.com and @newDomain3.com

What i Want to do is import that list any user with @OldDomain.com i want to clear the attribute completly. However any user with the @newdomain1,2 and 3.com to leave it alone. The other portion of my problem is these users are on the 3 different domains. so I want it to cycle through. I'm also using QAD Cmdlets, this is what i have so far

add-pssnapin quest.activeroles.admanagement

$Domains = @(  
'newdomain1.com'
'newdomain2.com'
'newdomain3.com'
)

$Domains |%{ $domain = $_

import-csv .\Test.csv | foreach-object{Get-QADUser -service $_ -Identity {$_.samaccountname} | where {$_.userprincipalName -like '*@oldomain.com'} |`
set-qaduser -objectAttributes @{userPrincipalName=$null}}

}

Open in new window


The error i receive is:
Get-QADUser : Cannot evaluate parameter 'Identity' because its argument is
specified as a script block and there is no input. A script block cannot be
evaluated without input.
At C:\Users\user1\Documents\UpdateUserUPNv2.ps1:16 char:50
+ foreach-object{Get-QADUser -service $_ -Identity {$_.samaccountname} | where
{$_ ...
+                                                  ~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : MetadataError: (:) [Get-QADUser], ParameterBindi
   ngException
    + FullyQualifiedErrorId : ScriptBlockArgumentNoInput,Quest.ActiveRoles.Ars
   PowerShellSnapIn.Powershell.Cmdlets.GetUserCmdlet
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image
Why not try something like below...
Import-Module activedirectory
$FindUPN = Import-Csv "c:\test.csv"
ForEach ($User in $FindUPN) 
        {
            
            Get-ADUser -Identity $User.UPN -Properties sAMAccountName, UserPrincipalName

        If ($User.UserPrincipalName -like "*@olddomain.com") 

        {

            Set-ADUser -Identity $User.sAMAccountName -UserPrincipalName $null

     } else {

            Write-Output "$User.UPN has NOT been modified"   

     }



}

Open in new window


The CSV needs to have a Column Heading titled UPN for the above script to work. Run this in a test lab first or with a single user, as i have not tested this myself.

Will.
Avatar of ntr2def
ntr2def

ASKER

well its a multi-domain environment and needs to cycle through the domains to find the users, so this will not work
ASKER CERTIFIED SOLUTION
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ntr2def
ntr2def

ASKER

Sorry i meant multi forest, they have a trust between each root domain.