• State Verified Answer
  • Replies 9 replies
  • Subscribers 62 subscribers
  • Views 1293 views
  • Users 0 members are here
Options
Related

Read Only Attribute

craig mcfarlane
over 1 year ago

Hi Team. 

I am trying to blank \ remove the value in the edsvaAzureObjectId attribute. I am able to do this via the MMC but when i try via Powershell i get the error below. Ultimately i need to run this command on all user accounts as it fixing a problem with the backsync. 

Any ideas? 

WARNING: Attributes edsvaAzureObjectId/edsvaAzureOffice365Enabled are read only. Cannot be modified.

Connect-QADService -Service "SERVER-FQDN" -Proxy
Set-QADUser -IncludedProperties 'edsvaAzureObjectId' -Identity SamAccountName-Here -ObjectAttributes @{"edsvaAzureObjectId"=" "}

Parents
  • 0 over 1 year ago

    Looks like you need to use the ADSI provider...

    $adObject = [adsi]"EDMS://cn=YourUserDistinguishedNameHere"
$null = $adObject.Properties["edsvaAzureObjectId"].Clear()
$null = $adObject.CommitChanges()

  • 0 over 1 year ago in reply to Shawn.Ferrier

    Thanks mate. This does work. I am not to familiar with ADSI 

    I need to run that against 400+ accounts. Any idea on passing $adObject = [adsi]"EDMS://cn=YourUserDistinguishedNameHere"the info from a CSV file? 

  • 0 over 1 year ago in reply to craig mcfarlane

    Was thinking something like this to start just passing the CN path like this. If that worked moving it to a CSV. However running this is get 

    Cannot index into a null array.

    $DN = (Get-ADUser -Identity SamAccountName-Here).DistinguishedName
 
$adObject = [adsi]"EDMS://$DN"
$null = $adObject.Properties["edsvaAzureObjectId"].Clear()
$null = $adObject.CommitChanges()

    ** Update. actually that has worked. Closing my PS console down and opening fresh has done the trick. Now just need to try and get a CSV file working

  • 0 over 1 year ago in reply to craig mcfarlane

    This seems to work. 

    Maybe not the greatest script but works. 

    $CSVImport = "Path-To.csv"

Connect-QADService -Service "ARS-Server-FQDN" -Proxy
Import-Csv $CSVImport | ForEach-Object {

$DN = (Get-ADUser -Identity $_.SamAccountName).DistinguishedName
write-host $DN
    
    $adObject = [adsi]"EDMS://$DN"
    $null = $adObject.Properties["edsvaAzureObjectId"].Clear()
    $null = $adObject.CommitChanges()
}

  • 0 over 1 year ago in reply to craig mcfarlane

    Actually this has not worked. I was sure it was clearing the value

    Anyone got any suggestions on how to clear this on all accounts that have the  value set? 

  • +1 over 1 year ago in reply to craig mcfarlane

    In following with the spirit of using the ADSI provider instead of the QAD cmdlets, the following should work:

    $searcher = [adsisearcher]::new()
$searcher.SearchRoot = [adsi]("EDMS://CN=Active Directory")
$searcher.SearchScope = "Subtree"
$searcher.Filter = '(&(objectClass=user)(edsvaAzureObjectId=*))'
$searcher.PageSize = 1000
$results = $searcher.FindAll()
@(
    "objectGuid",
    "distinguishedName"
).ForEach{
    $null = $searcher.PropertiesToLoad.Add($_)
}

$results.ForEach{
    $adUser = [adsi]("EDMS://<GUID=" + ([guid]$_.Properties.Item("objectGuid")[0]).Guid + ">")

    if ($null -ne $adUser.NativeGuid) {
        $null = $adUser.Properties["edsvaAzureObjectId"].Clear()
        $null = $adUser.CommitChanges()

        $null = $adUser.Dispose()
    }
}

  • 0 over 1 year ago in reply to Shawn.Ferrier

    Thank you Shawn. Really appreciate that. It did work in the end using my original method. The issue was that there was something going on with our DB since version 8.1 and i guess its one of a few reasons as to why Quest have removed 8.1 for the time being. 

Reply Children
No Data