Read Only Attribute

Hi Team.

I am trying to blank \ remove the value in the edsvaAzureObjectId attribute. I am able to do this via the MMC but when i try via Powershell i get the error below. Ultimately i need to run this command on all user accounts as it fixing a problem with the backsync.

Any ideas?

WARNING: Attributes edsvaAzureObjectId/edsvaAzureOffice365Enabled are read only. Cannot be modified.

Connect-QADService -Service "SERVER-FQDN" -Proxy
Set-QADUser -IncludedProperties 'edsvaAzureObjectId' -Identity SamAccountName-Here -ObjectAttributes @{"edsvaAzureObjectId"=" "}

Top Replies

Shawn.Ferrier over 1 year ago in reply to craig mcfarlane +1 verified
In following with the spirit of using the ADSI provider instead of the QAD cmdlets, the following should work:
```
$searcher = [adsisearcher]::new()
$searcher.SearchRoot = [adsi]("EDMS://CN=Active Directory…
```

Parents

0 Shawn.Ferrier over 1 year ago

Looks like you need to use the ADSI provider...

$adObject = [adsi]"EDMS://cn=YourUserDistinguishedNameHere"
$null = $adObject.Properties["edsvaAzureObjectId"].Clear()
$null = $adObject.CommitChanges()

0 craig mcfarlane over 1 year ago in reply to Shawn.Ferrier

Thanks mate. This does work. I am not to familiar with ADSI

I need to run that against 400+ accounts. Any idea on passing $adObject = [adsi]"EDMS://cn=YourUserDistinguishedNameHere"the info from a CSV file?
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 craig mcfarlane over 1 year ago in reply to craig mcfarlane
Was thinking something like this to start just passing the CN path like this. If that worked moving it to a CSV. However running this is get

Cannot index into a null array.

$DN = (Get-ADUser -Identity SamAccountName-Here).DistinguishedName $adObject = [adsi]"EDMS://$DN" $null = $adObject.Properties["edsvaAzureObjectId"].Clear() $null = $adObject.CommitChanges()

** Update. actually that has worked. Closing my PS console down and opening fresh has done the trick. Now just need to try and get a CSV file working
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

0 craig mcfarlane over 1 year ago in reply to craig mcfarlane

This seems to work.

Maybe not the greatest script but works.

$CSVImport = "Path-To.csv"

Connect-QADService -Service "ARS-Server-FQDN" -Proxy
Import-Csv $CSVImport | ForEach-Object {

$DN = (Get-ADUser -Identity $_.SamAccountName).DistinguishedName
write-host $DN
    
    $adObject = [adsi]"EDMS://$DN"
    $null = $adObject.Properties["edsvaAzureObjectId"].Clear()
    $null = $adObject.CommitChanges()
}

0 craig mcfarlane over 1 year ago in reply to craig mcfarlane

Actually this has not worked. I was sure it was clearing the value

Anyone got any suggestions on how to clear this on all accounts that have the value set?
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Reply

0 craig mcfarlane over 1 year ago in reply to craig mcfarlane

Actually this has not worked. I was sure it was clearing the value

Anyone got any suggestions on how to clear this on all accounts that have the value set?
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Children

+1 Shawn.Ferrier over 1 year ago in reply to craig mcfarlane

In following with the spirit of using the ADSI provider instead of the QAD cmdlets, the following should work:

$searcher = [adsisearcher]::new()
$searcher.SearchRoot = [adsi]("EDMS://CN=Active Directory")
$searcher.SearchScope = "Subtree"
$searcher.Filter = '(&(objectClass=user)(edsvaAzureObjectId=*))'
$searcher.PageSize = 1000
$results = $searcher.FindAll()
@(
    "objectGuid",
    "distinguishedName"
).ForEach{
    $null = $searcher.PropertiesToLoad.Add($_)
}

$results.ForEach{
    $adUser = [adsi]("EDMS://<GUID=" + ([guid]$_.Properties.Item("objectGuid")[0]).Guid + ">")

    if ($null -ne $adUser.NativeGuid) {
        $null = $adUser.Properties["edsvaAzureObjectId"].Clear()
        $null = $adUser.CommitChanges()

        $null = $adUser.Dispose()
    }
}

0 craig mcfarlane over 1 year ago in reply to Shawn.Ferrier

Thank you Shawn. Really appreciate that. It did work in the end using my original method. The issue was that there was something going on with our DB since version 8.1 and i guess its one of a few reasons as to why Quest have removed 8.1 for the time being.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel