PowerShell的 - 无法清除后恢复Active Directory属性 [英] Powershell - Unable to retrieve active directory attribute after clearing it

问题描述

我清除了计算机的AD属性。 然后，我尝试在属性更改为某个值。然而，属性似乎当我在看的属性为AD对象不再存在：

I am clearing an AD attribute for a computer. I then try to change that attribute to some value. However the attribute seems to no longer exist when I look at the properties for that AD object:

function clearAttribute
{
    $directorySearcher = New-Object System.DirectoryServices.DirectorySearcher
    $directorySearcher.PageSize = 100
    $directorySearcher.SearchScope = [System.DirectoryServices.SearchScope]::Subtree
    $directorySearcher.Filter = "(&(objectCategory=computer)(cn=computerName1))"
    $result = $directorySearcher.FindOne()
    if ($result.Properties.Contains("netbootmachinefilepath"))
    {
        $directoryEntry = $result.GetDirectoryEntry()
        $directoryEntry.Properties["netbootmachinefilepath"].Clear()
        $directoryEntry.CommitChanges()
    }
}

function setAttribute
{
    $directorySearcher = New-Object System.DirectoryServices.DirectorySearcher
    $directorySearcher.PageSize = 100
    $directorySearcher.SearchScope = [System.DirectoryServices.SearchScope]::Subtree
    $directorySearcher.Filter = "(&(objectCategory=computer)(cn=computerName1))"
    $result = $directorySearcher.FindOne()
    if ($result.Properties.Contains("netbootmachinefilepath")) ###THIS IS FALSE!###
    {
        $directoryEntry = $result.GetDirectoryEntry()
        $directoryEntry.Properties["netbootmachinefilepath"].Value = "someValue"
        $directoryEntry.CommitChanges()
    }
}
clearAttribute
setAttribute

编辑：事实证明这个属性可以是一个非空或删除（不能为空）。经过清理了，它必须重新创建，如果你要更新的价值。

Turns out this attribute can be either non blank or deleted (it can't be blank). After "clearing" it, it will have to be recreated if you want to update the value.

推荐答案

原来我错误地认为这是不可能的设置属性的值，如果$ result.Properties.Contains（netbootmachinefilepath）= FALSE。 不是这种情况。 $ result.Properties.Contains（netbootmachinefilepath）= FALSE只是意味着该值为null（或者也该属性不存在？）。

Turns out I incorrectly assumed that it's impossible to set the value of the property if $result.Properties.Contains("netbootmachinefilepath") = FALSE. This is not the case. $result.Properties.Contains("netbootmachinefilepath") = FALSE just means that the value is null (or maybe also that the property doesn't exist?).

如果你只是删除if语句如下图所示，在code工作：

If you just remove the if statement as shown below, the code works:

function setAttribute
{
    $directorySearcher = New-Object System.DirectoryServices.DirectorySearcher
    $directorySearcher.PageSize = 100
    $directorySearcher.SearchScope = [System.DirectoryServices.SearchScope]::Subtree
    $directorySearcher.Filter = "(&(objectCategory=computer)(cn=computerName1))"
    $result = $directorySearcher.FindOne()

    $directoryEntry = $result.GetDirectoryEntry()
    $directoryEntry.Properties["netbootmachinefilepath"].Value = "someValue"
    $directoryEntry.CommitChanges()
}

这篇关于PowerShell的 - 无法清除后恢复Active Directory属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！