• State Verified Answer
  • Replies 9 replies
  • Subscribers 62 subscribers
  • Views 1298 views
  • Users 0 members are here
Options
Related

Read Only Attribute

craig mcfarlane
over 1 year ago

Hi Team. 

I am trying to blank \ remove the value in the edsvaAzureObjectId attribute. I am able to do this via the MMC but when i try via Powershell i get the error below. Ultimately i need to run this command on all user accounts as it fixing a problem with the backsync. 

Any ideas? 

WARNING: Attributes edsvaAzureObjectId/edsvaAzureOffice365Enabled are read only. Cannot be modified.

Connect-QADService -Service "SERVER-FQDN" -Proxy
Set-QADUser -IncludedProperties 'edsvaAzureObjectId' -Identity SamAccountName-Here -ObjectAttributes @{"edsvaAzureObjectId"=" "}

Parents
  • 0 over 1 year ago

    Looks like you need to use the ADSI provider...

    $adObject = [adsi]"EDMS://cn=YourUserDistinguishedNameHere"
$null = $adObject.Properties["edsvaAzureObjectId"].Clear()
$null = $adObject.CommitChanges()

  • 0 over 1 year ago in reply to Shawn.Ferrier

    Thanks mate. This does work. I am not to familiar with ADSI 

    I need to run that against 400+ accounts. Any idea on passing $adObject = [adsi]"EDMS://cn=YourUserDistinguishedNameHere"the info from a CSV file? 

  • 0 over 1 year ago in reply to craig mcfarlane

    Was thinking something like this to start just passing the CN path like this. If that worked moving it to a CSV. However running this is get 

    Cannot index into a null array.

    $DN = (Get-ADUser -Identity SamAccountName-Here).DistinguishedName
 
$adObject = [adsi]"EDMS://$DN"
$null = $adObject.Properties["edsvaAzureObjectId"].Clear()
$null = $adObject.CommitChanges()

    ** Update. actually that has worked. Closing my PS console down and opening fresh has done the trick. Now just need to try and get a CSV file working

  • 0 over 1 year ago in reply to craig mcfarlane

    This seems to work. 

    Maybe not the greatest script but works. 

    $CSVImport = "Path-To.csv"

Connect-QADService -Service "ARS-Server-FQDN" -Proxy
Import-Csv $CSVImport | ForEach-Object {

$DN = (Get-ADUser -Identity $_.SamAccountName).DistinguishedName
write-host $DN
    
    $adObject = [adsi]"EDMS://$DN"
    $null = $adObject.Properties["edsvaAzureObjectId"].Clear()
    $null = $adObject.CommitChanges()
}

  • 0 over 1 year ago in reply to craig mcfarlane

    Actually this has not worked. I was sure it was clearing the value

    Anyone got any suggestions on how to clear this on all accounts that have the  value set? 

  • +1 over 1 year ago in reply to craig mcfarlane

    In following with the spirit of using the ADSI provider instead of the QAD cmdlets, the following should work:

    $searcher = [adsisearcher]::new()
$searcher.SearchRoot = [adsi]("EDMS://CN=Active Directory")
$searcher.SearchScope = "Subtree"
$searcher.Filter = '(&(objectClass=user)(edsvaAzureObjectId=*))'
$searcher.PageSize = 1000
$results = $searcher.FindAll()
@(
    "objectGuid",
    "distinguishedName"
).ForEach{
    $null = $searcher.PropertiesToLoad.Add($_)
}

$results.ForEach{
    $adUser = [adsi]("EDMS://<GUID=" + ([guid]$_.Properties.Item("objectGuid")[0]).Guid + ">")

    if ($null -ne $adUser.NativeGuid) {
        $null = $adUser.Properties["edsvaAzureObjectId"].Clear()
        $null = $adUser.CommitChanges()

        $null = $adUser.Dispose()
    }
}

Reply
  • +1 over 1 year ago in reply to craig mcfarlane

    In following with the spirit of using the ADSI provider instead of the QAD cmdlets, the following should work:

    $searcher = [adsisearcher]::new()
$searcher.SearchRoot = [adsi]("EDMS://CN=Active Directory")
$searcher.SearchScope = "Subtree"
$searcher.Filter = '(&(objectClass=user)(edsvaAzureObjectId=*))'
$searcher.PageSize = 1000
$results = $searcher.FindAll()
@(
    "objectGuid",
    "distinguishedName"
).ForEach{
    $null = $searcher.PropertiesToLoad.Add($_)
}

$results.ForEach{
    $adUser = [adsi]("EDMS://<GUID=" + ([guid]$_.Properties.Item("objectGuid")[0]).Guid + ">")

    if ($null -ne $adUser.NativeGuid) {
        $null = $adUser.Properties["edsvaAzureObjectId"].Clear()
        $null = $adUser.CommitChanges()

        $null = $adUser.Dispose()
    }
}

Children