Processing NULL AD values

Back in this post https://richardspowershellblog.wordpress.com/2012/12/09/bulk-modifications-using-set-aduser/

I showed how to perform a bulk change to a number of AD accounts using a CSV file to input the data

I was recently asked what happens if one of the input values is null.

£> Set-ADUser -Identity fgreen  -Division ‘Test’
£> Get-ADUser -Identity fgreen  -Properties Division

DistinguishedName : CN=Fred Green,OU=Testing,DC=Manticore,DC=org
Division          : Test
Enabled           : False
GivenName         : Fred
Name              : Fred Green
ObjectClass       : user
ObjectGUID        : 8cf64233-9a87-43dc-8ce1-4f26bf78e12d
SamAccountName    : fgreen
SID               : S-1-5-21-195014076-723736408-1406369008-1112
Surname           : Green
UserPrincipalName : fgreen@Manticore.org

£> $div = $null
£> Set-ADUser -Identity fgreen  -Division $div
£> Get-ADUser -Identity fgreen  -Properties Division

DistinguishedName : CN=Fred Green,OU=Testing,DC=Manticore,DC=org
Division          :
Enabled           : False
GivenName         : Fred
Name              : Fred Green
ObjectClass       : user
ObjectGUID        : 8cf64233-9a87-43dc-8ce1-4f26bf78e12d
SamAccountName    : fgreen
SID               : S-1-5-21-195014076-723736408-1406369008-1112
Surname           : Green
UserPrincipalName : fgreen@Manticore.org

 

If the value is already set – a NULL value will effectively clear it

If a value isn’t set – nothing happens

£> $div = $null
£> Get-ADUser -Identity dbrown  -Properties Division

DistinguishedName : CN=Dave Brown,OU=Testing,DC=Manticore,DC=org
Division          :
Enabled           : False
GivenName         : Dave
Name              : Dave Brown
ObjectClass       : user
ObjectGUID        : 346649f7-6f69-4f20-985f-b2b08674b942
SamAccountName    : dbrown
SID               : S-1-5-21-195014076-723736408-1406369008-1109
Surname           : Brown
UserPrincipalName : dbrown@Manticore.org

 

£> Set-ADUser -Identity dbrown  -Division $div
£> Get-ADUser -Identity dbrown  -Properties Division

DistinguishedName : CN=Dave Brown,OU=Testing,DC=Manticore,DC=org
Division          :
Enabled           : False
GivenName         : Dave
Name              : Dave Brown
ObjectClass       : user
ObjectGUID        : 346649f7-6f69-4f20-985f-b2b08674b942
SamAccountName    : dbrown
SID               : S-1-5-21-195014076-723736408-1406369008-1109
Surname           : Brown
UserPrincipalName : dbrown@Manticore.org

 

An empty string on the otherhand

$div = ”
Set-ADUser -Identity dbrown  -Division $div

Set-ADUser : replace
At line:1 char:1
+ Set-ADUser -Identity dbrown  -Division $div
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (dbrown:ADUser) [Set-ADUser], ADInvalidOperationException
    + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser

Causes an error

Bottom line – if you’re passing in a CSV file check that the values in it aren’t NUL or empty – either by validating the parameters in your function or by writing extra code. The first way is much preferred

Advertisements
This entry was posted in PowerShell and Active Directory. Bookmark the permalink.

3 Responses to Processing NULL AD values

  1. erntsnst says:

    hey richard. in an earlier post, you mentioned using the -clear switch. any reason you aren’t using that here? does -clear not write a null value where it’s appropriate?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s