0

I'm currently trying to sync additional attributes from the AD (Active Directory) for user objects in SCSM (System Center Service Manager) using a PowerShell script.

The extension I wrote for this, includes an attribute for the expiration date of a AD user account (DateTime value, named DateTimeAttribute in the example) if the user account doesn't expire it should be empty/null.

Using Import-SCSMInstance, which should be similar to a CSV import, it kind of works by passing "null" for the field. The problem is that Import-SCSMInstance seems to be quite unreliable and it doesn't offer any kind of information of why it works or doesn't work. Using Update-SCSMClassInstance seems to work a lot better but I can't figure out a way to clear the field using this and even using [DateTime]::MinValue will result in an error, stating that it's an invalid value.

So would anyone have an idea on how to clear the value using Update-SCSMClassInstance or figure out why Import-SCSMInstance might or might not work?

A simple example for this could look like the following:

$server = "<ServerName>"
$extensionGuid = "<GUID>"
Import-Module 'C:\Program Files\System Center 2012 R2\Service Manager\Powershell\System.Center.Service.Manager.psd1'

New-SCManagementGroupConnection -ComputerName $server
$extensionClass = Get-SCSMClass -Id $extensionGuid
$scsmUserObject = Get-SCSMClassInstance -Class $extensionClass -Filter 'UserName -eq "<User>"'

# Error
$scsmUserObject.DateTimeAttribute = ""

# Works but fails on Update-SCSMClassInstance
$scsmUserObject.DateTimeAttribute = $null
$scsmUserObject.DateTimeAttribute = [DateTime]::MinValue

# Works
$scsmUserObject.DateTimeAttribute = "01-01-1970"

Update-SCSMClassInstance -Instance $scsmUserObject
Seth
  • 1,215
  • 15
  • 35

2 Answers2

1

It seems that you can't clear a date once it's filled. When you write $null, it sets the date to 1-1-0001 01:00:00, which is an invalid date causing the update-scsmclassinstance to fail. What we have set as a user's AD property when we don't want something to expire, is 2999-12-31 (yyyy-MM-dd). Perhaps this could help, although it's not directly what you asked for...

Also, you can use the pipeline to update a property in SCSM:

    Get-SCSMClassInstance -Class $extensionClass -Filter 'UserName -eq "<User>"' | % {$_.DateTimeAttribute = <date>; $_} | update-scsmclassinstance
robin1301
  • 11
  • 2
  • Well its a partial answer that offers a workaround. I knew about pipes but wanted to make the code a bit clearer to show what the issue was. Using the pipes might speed up the process a bit. In production I'm not just reading a single user. Using an "outlandish" date feels kind of wrong but seems to be the best option for now. – Seth Oct 10 '17 at 13:03
0

It doesn't look like it's currently possible to clear custom date attributes using the PowerShell cmdlets.

Seth
  • 1,215
  • 15
  • 35