I've based a small amount of Powershell code off the code I've found here: http://halfloaded.com/blog/powershell-using-posh-to-search-across-multiple-domains-in-forest/
The function enumerates the domains in the forest, matches one if it finds the keyword "giraffe" then attempts to clear extensionAttribute8. The issue looks to be a mismatch in object types but I can't figure out how to fix it.
Please help!
cls # Find forest $objForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() # Find Domains $DomainList = @($objForest.Domains | Select-Object Name) # Split into full domain names $Domains = $DomainList | foreach {$_.Name} # Act on each domain foreach($Domain in ($Domains)) { $ADsPath = [ADSI]"LDAP://$Domain" $objSearcher = New-Object System.DirectoryServices.DirectorySearcher($ADsPath) # Filter based on LDAP syntx $objSearcher.Filter = "SamAccountName=davetestuser" $objSearcher.SearchScope = "Subtree" $colResults = $objSearcher.FindAll() foreach ($objResult in $colResults) { $userDomain = $objResult.GetDirectoryEntry() if ($userDomain.DistinguishedName -match "giraffe"){ Set-ADUser -identity "$userDomain.DistinguishedName" -clear extensionAttribute8 errorvariable SetADUserClearArchiveCodeErr } } }
It errrors with:
Set-ADUser : Cannot find an object with identity: 'System.DirectoryServices.DirectoryEntry.DistinguishedName' under:'DC=giraffe,DC=co,DC=uk'.
At C:\tempLoopingThroughDomains.ps1:26 char:9
+ Set-ADUser -identity "$userDomain.DistinguishedName" -clear extensionAtt ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (System.Director...stinguishedName:ADUser) [Set-ADUser], ADIdentityNotFoundException
+ FullyQualifiedErrorId : Cannot find an object with identity: 'System.DirectoryServices.DirectoryEntry.DistinguishedName' under: ''DC=giraffe,DC=co,DC=uk''.,Microsoft.ActiveDirectory.Management.Commands.SetADUser