I'm trying to clear out all the exchange attributes for a specific user.

I know this works if you put each attribute name in:

set-aduser xxxxxxxx -clear msExchExtensionAttribute16,msExchExtensionAttribute17,msExchWhenMailboxCreated,...

But is there a way to do it with a wild card i.e. msExch* to not have to list all the attributes manually.

thanks.

You have to get all user's attributes where name like  "msExch*", then with a 'for-each' loop you clear each attribute.

Julien

Thanks for the help.  I wondered if it would have to go with something like that

For the first part.  I haven't found any examples trying the like on attributes.

Get-ADUser xxxxxxxxx | Where-Object {$_.Properties -like "*msExch*"} 

Figured that would work but that doesn't seem to pull anything.  

If you haven't figured...I'm a newbie to scripting.  Thanks for you help.

I'm trying to clear out all the exchange attributes for a specific user.

I know this works if you put each attribute name in:

set-aduser xxxxxxxx -clear msExchExtensionAttribute16,msExchExtensionAttribute17,msExchWhenMailboxCreated,...

But is there a way to do it with a wild card i.e. msExch* to not have to list all the attributes manually.

thanks.

Why?  What is the purpose for this? 

Set-AdUser -clear does not accept wildcards.  There are onlt 15 attributes 1- 15.  Just type them in once as an  array.

$exattr=@(
    'msExchExtensionAttribute1',
    'msExchExtensionAttribute2',
    'msExchExtensionAttribute3',
    'msExchExtensionAttribute4',
    'msExchExtensionAttribute5',
    'msExchExtensionAttribute6',
    'msExchExtensionAttribute7',
    'msExchExtensionAttribute8',
    'msExchExtensionAttribute9',
    'msExchExtensionAttribute10',
    'msExchExtensionAttribute11',
    'msExchExtensionAttribute12'
    'msExchExtensionAttribute13',
)
Set-AdUser userid -clear $exattr

It is as easy as that.

Here is how to do this:

$exattr=@(
    'ExtensionAttribute1',
    'ExtensionAttribute2',
    'ExtensionAttribute3',
    'ExtensionAttribute4',
    'ExtensionAttribute5',
    'ExtensionAttribute6',
    'ExtensionAttribute7',
    'ExtensionAttribute8',
    'ExtensionAttribute9',
    'ExtensionAttribute10',
    'ExtensionAttribute11',
    'ExtensionAttribute12'
    'ExtensionAttribute13'
)
Set-AdUser testuser01 -clear $exattr

With SP2 on 2010 we get 45 extension attributes. They are not named msExch in AD.  They are just ExtensionArttribute1-45

You can always clear them even if they are not set.

The following can only be cleared like this:

get-mailbox | set-mailbox -ExtensionCustomAttribute1 $null

There are 5 of these and all can take multiple values.  They can only be managed via Exchange CmdLets.

It wasn't just extension attributes that I needed cleared unfortunately, it's all that could start with 'msExch' we probably have 140+ attributes that start with that and although there are specific ones that seem to have info we don't want I'd like to be extra sure and clear all fields with exchange.

I haven't looked at the get-mailbox cmdlet.  I wonder now if that might be the better one to use.

Thanks

You cannot clear those.  They are owned by AD and Exchange. Why would you want to clear them?  This is how people break AD.

I'm only applying the script to people who have their account disabled and Mailboxes have already been removed.   The problem is we aren't able to remove the accounts in AD so at times if we re-hire an ex-employee there are fields that have stayed (even after removing the mailbox) and that causes issue with creating their new mailbox connecting to their old account.  

It's like discussed here: http://www.telnetport25.com/2009/09/forcing-the-removal-of-exchange-attributes-on-a-directory-user-the-removeexchangeattributes-tool%E2%80%A6/

But I'd rather not put someone's compiled program on an exchange server and do it through powershell.

Just create an array with all the attributes you want to remove and remove them in a loop and catch the errors so the loop can continue.

You will have to come up with the list of attributes.  You cannot get them with the AD CmdLets. You must know them in advance.

You can do this.

$dn=(get-aduser userid0).distinguishedName
[adsi]"LDAP://$dn"|select msexch*

[adsi]"LDAP://$dn"|select msexch*|gm -MemberType NoteProperty|%{$_.Name}

Check this thread

http://social.technet.microsoft.com/wiki/contents/articles/14347.remove-exchange-attributes-using-power-shell-exchange-2010.aspx

Im using this script quite often, without any problems.

Check this thread

http://social.technet.microsoft.com/wiki/contents/articles/14347.remove-exchange-attributes-using-power-shell-exchange-2010.aspx

Im using this script quite often, without any problems.

• Marked as answer by BBeer 16 hours 50 minutes ago

Check this thread

http://social.technet.microsoft.com/wiki/contents/articles/14347.remove-exchange-attributes-using-power-shell-exchange-2010.aspx

Im using this script quite often, without any problems.

• Marked as answer by BBeer Friday, June 05, 2015 2:20 PM

Check this thread

http://social.technet.microsoft.com/wiki/contents/articles/14347.remove-exchange-attributes-using-power-shell-exchange-2010.aspx

Im using this script quite often, without any problems.

• Marked as answer by BBeer Friday, June 05, 2015 2:20 PM

I think this is the route I'll go.  I'll just look through a bunch of the accounts and add other fields I see that are still populated.

Thanks for you help!  I haven't really looked at the ADSI Adapter yet, so I got some research to do.  But that looks like what I was wanting.  Didn't realize that most of the other commands wouldn't take wildcards for Attributes.