Monthly Archive

Categories

Processing NULL AD values

Back in this post https://richardspowershellblog.wordpress.com/2012/12/09/bulk-modifications-using-set-aduser/

I showed how to perform a bulk change to a number of AD accounts using a CSV file to input the data

I was recently asked what happens if one of the input values is null.

£> Set-ADUser -Identity fgreen  -Division 'Test'
£> Get-ADUser -Identity fgreen  -Properties Division

DistinguishedName : CN=Fred Green,OU=Testing,DC=Manticore,DC=org
Division          : Test
Enabled           : False
GivenName         : Fred
Name              : Fred Green
ObjectClass       : user
ObjectGUID        : 8cf64233-9a87-43dc-8ce1-4f26bf78e12d
SamAccountName    : fgreen
SID               : S-1-5-21-195014076-723736408-1406369008-1112
Surname           : Green
UserPrincipalName : fgreen@Manticore.org

 

£> $div = $null
£> Set-ADUser -Identity fgreen  -Division $div
£> Get-ADUser -Identity fgreen  -Properties Division

DistinguishedName : CN=Fred Green,OU=Testing,DC=Manticore,DC=org
Division          :
Enabled           : False
GivenName         : Fred
Name              : Fred Green
ObjectClass       : user
ObjectGUID        : 8cf64233-9a87-43dc-8ce1-4f26bf78e12d
SamAccountName    : fgreen
SID               : S-1-5-21-195014076-723736408-1406369008-1112
Surname           : Green
UserPrincipalName : fgreen@Manticore.org

 

If the value is already set – a NULL value will effectively clear it

 

If a value isn’t set – nothing happens

£> $div = $null
£> Get-ADUser -Identity dbrown  -Properties Division

DistinguishedName : CN=Dave Brown,OU=Testing,DC=Manticore,DC=org
Division          :
Enabled           : False
GivenName         : Dave
Name              : Dave Brown
ObjectClass       : user
ObjectGUID        : 346649f7-6f69-4f20-985f-b2b08674b942
SamAccountName    : dbrown
SID               : S-1-5-21-195014076-723736408-1406369008-1109
Surname           : Brown
UserPrincipalName : dbrown@Manticore.org

 

£> Set-ADUser -Identity dbrown  -Division $div
£> Get-ADUser -Identity dbrown  -Properties Division

DistinguishedName : CN=Dave Brown,OU=Testing,DC=Manticore,DC=org
Division          :
Enabled           : False
GivenName         : Dave
Name              : Dave Brown
ObjectClass       : user
ObjectGUID        : 346649f7-6f69-4f20-985f-b2b08674b942
SamAccountName    : dbrown
SID               : S-1-5-21-195014076-723736408-1406369008-1109
Surname           : Brown
UserPrincipalName : dbrown@Manticore.org

 

An empty string on the otherhand

$div = ''
Set-ADUser -Identity dbrown  -Division $div

 

Set-ADUser : replace
At line:1 char:1
+ Set-ADUser -Identity dbrown  -Division $div
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (dbrown:ADUser) [Set-ADUser], ADInvalidOperationException
    + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser

 

Causes an error

 

Bottom line – if you’re passing in a CSV file check that the values in it aren’t NUL or empty – either by validating the parameters in your function or by writing extra code. The first way is much preferred

Comments are closed.