Fatal编程技术网
  • powershell/
  • Powershell-清除active directory属性后无法检索该属性

Powershell-清除active directory属性后无法检索该属性

powershell active-directory

Powershell-清除active directory属性后无法检索该属性,powershell,active-directory,Powershell,Active Directory,我正在清除计算机的广告属性。 然后我尝试将该属性更改为某个值。但是,当我查看该AD对象的属性时,该属性似乎不再存在: function clearAttribute { $directorySearcher = New-Object System.DirectoryServices.DirectorySearcher $directorySearcher.PageSize = 100 $directorySearcher.SearchScope = [System.Dir

我正在清除计算机的广告属性。 然后我尝试将该属性更改为某个值。但是,当我查看该AD对象的属性时,该属性似乎不再存在:

function clearAttribute
{
    $directorySearcher = New-Object System.DirectoryServices.DirectorySearcher
    $directorySearcher.PageSize = 100
    $directorySearcher.SearchScope = [System.DirectoryServices.SearchScope]::Subtree
    $directorySearcher.Filter = "(&(objectCategory=computer)(cn=computerName1))"
    $result = $directorySearcher.FindOne()
    if ($result.Properties.Contains("netbootmachinefilepath"))
    {
        $directoryEntry = $result.GetDirectoryEntry()
        $directoryEntry.Properties["netbootmachinefilepath"].Clear()
        $directoryEntry.CommitChanges()
    }
}

function setAttribute
{
    $directorySearcher = New-Object System.DirectoryServices.DirectorySearcher
    $directorySearcher.PageSize = 100
    $directorySearcher.SearchScope = [System.DirectoryServices.SearchScope]::Subtree
    $directorySearcher.Filter = "(&(objectCategory=computer)(cn=computerName1))"
    $result = $directorySearcher.FindOne()
    if ($result.Properties.Contains("netbootmachinefilepath")) ###THIS IS FALSE!###
    {
        $directoryEntry = $result.GetDirectoryEntry()
        $directoryEntry.Properties["netbootmachinefilepath"].Value = "someValue"
        $directoryEntry.CommitChanges()
    }
}
clearAttribute
setAttribute
编辑:结果显示此属性可以是非空的,也可以是删除的(不能是空的)。“清除”它之后,如果要更新该值,则必须重新创建它。

结果是,我错误地认为如果$result.Properties.Contains(“netbootmachinefilepath”)=FALSE,则无法设置该属性的值。 事实并非如此。 $result.Properties.Contains(“netbootmachinefilepath”)=FALSE表示该值为null(或者该属性不存在?)

如果您仅删除如下所示的If语句,代码将正常工作:

function setAttribute
{
    $directorySearcher = New-Object System.DirectoryServices.DirectorySearcher
    $directorySearcher.PageSize = 100
    $directorySearcher.SearchScope = [System.DirectoryServices.SearchScope]::Subtree
    $directorySearcher.Filter = "(&(objectCategory=computer)(cn=computerName1))"
    $result = $directorySearcher.FindOne()

    $directoryEntry = $result.GetDirectoryEntry()
    $directoryEntry.Properties["netbootmachinefilepath"].Value = "someValue"
    $directoryEntry.CommitChanges()
}