Apr 292010
 

Yesterday, I received a request to clear out a user attribute in Active Directory , specifically the ‘OtherTelephone’ attribute. Although I know you can do this with ldife, I wanted to do this with PowerShell. And although I’m not a PowerShell Guru I thought this would be a challenge.

Anyhow, before I could even start I needed to created some test accounts in my lab. For this I used the following script. It created 20 users for me.

1..20 | ForEach { New-QADUser -ParentContainer mylab.com/Test -Name ("Test" + $_)}

Then I had to set the OtherTelephone attribute. At first I did it manually, but what would be the fun of that? So I created another script and guess what? It worked. 🙂

get-QADuser –SearchRoot mylab.com/Test | foreach {Set-QADuser -identity $_.samaccountname -ObjectAttributes @{otherTelephone=(‘121312345’)}}

And then to do my main objective, I needed to clear OtherTelephone out. The script below worked for me. I don’t know if this is the best solutions but it worked. 🙂 Note that it will search all nested OU’s within the selected OU.

get-QADUser -SearchRoot mylab.com/Test | foreach {Set-QADUser –Identity $_.samaccountname -ObjectAttributes @{otherTelephone=@{Clear=@()}}}

The get-QADUser and other interesting AD related CMDlets are available from Quest. If you do a lot with AD, I really suggest you download those CMDlets. They are free of charge. 🙂