Hi ,

We have a request from customer to remove all OCS 2007 attributes from all active directory users. OCS server has been decommissioned but "unprep" was not executed. OCS server is not available. Please let me know if there is a way to remove only OCS 2007 attributes from all user accounts in active directory. AD is windows 2008 R2.

Thanks,

Umesh.S.K

If you are looking to remove attributes from AD Schema, that is not possible.  You can only disable them.

If you want their values set to null, that is a different story.

If attributes can't be removed, atleast could you please let me know how to disable them?

Thanks,

Umesh.S.K

You have to go to the AD Schema, and for each one, right click --> Disable.

To open AD SChema, open ADSIEDIT as Domain Admin

Select Schema

Browse to the attributes you need and disable them

Can you tell me why you want to do this though? I am not sure I see a reason behind it.

Hi Nosh,

Thanks for the reply. Customer wants to use Jabber communicator. It is getting conflict with OCS 2007 attributes.So want to cleanup this.

However, one question, can I disable these attributes globally which should apply for all users?

Regards,

Umesh.S.K

• Edited by Umesh S K 16 hours 13 minutes ago

I don't know much about jabber, but I don't see the point of removing the attributes.

Can you provide a little more information, what is conflicting, errors, etc.

Hi Nosh,

I am not sure what error messages customer is getting. And more over, OCS or Jabber not managed by us. Request is to remove or disble those attributes for all users in domain.

As you suggested, I will see if disabling attributes in schema will be applied for all users in domain.

Thanks,

Umesh.S.K

Before making any changes to AD, I would ask the third party to get better results on the failures, etc.

Hi Nosh,

Thanks for the reply. Customer wants to use Jabber communicator. It is getting conflict with OCS 2007 attributes.So want to cleanup this.

However, one question, can I disable these attributes globally which should apply for all users?

Regards,

Umesh.S.K

• Edited by Umesh S K Thursday, May 21, 2015 3:18 PM

Hi,

When I tried to disable (by setting isdefunct = True) for one of the schema attribute of OCS, I am getting the below error message.

I do know how to fix this.

1. It seems that the attributes have values and by definition you cannot disable an attribute if it has values.

So you need to set the attribute to NULL for everyone in the AD.  A VB or Powershell script would do.

There are plenty of samples on the web. I don't want to put a link here, because I cannot vet on something I pickled up on the web. But it is quiet easy.  Look for script to update an AD Attribute.

2. After that, you can try disabling the attribute again.

Hi Nosh,

I don't know how to write script. If you can provide me couple of links for sample scripts which makes these OCS attributes to null, it would be of great help.

Thanks,

Umesh.S.K

Please modify the script to match your environment and test in a NON-PROD environment.

You have to understand that there will not be anything 100% READY TO USE, Plug and play and you have to do a little work.

Here is an example:

http://blogs.technet.com/b/heyscriptingguy/archive/2010/10/14/use-powershell-and-active-directory-cmdlets-to-update-users-in-active-directory.aspx