AD Migration : Cleanup extensionAttributes

AD Migration : Cleanup extensionAttributes

The Quest migration tools use extensionAttributes to keep objects in the source and destination domains. the script below will remove these entries. Change the desired extensionAttributes you wish to purge, as highlighted in red. You can also change the scope by changing strFilter and strOU.

   Const ADS_PROPERTY_DELETE = 4
   Const ADS_PROPERTY_UPDATE = 2
   Const ADS_PROPERTY_CLEAR = 1
  
   Dim strFilter ‘As String
   Dim oConnection ‘As ADODB.Connection
   Dim oRecordSet ‘As ADODB.RecordSet
   Dim strQuery ‘As String
   Dim strDomainNC ‘As String
   Dim oRootDSE ‘As IADs
   Dim vArray ‘As Variant()
   Dim vSid ‘As Variant
   Dim oDirObject ‘As Variant
   Dim strOU ‘As String

   ‘ Find the domain naming context
   set oRootDSE = GetObject(“LDAP://RootDSE”)
   strDomainNC = oRootDSE.Get(“defaultNamingContext”)
   set oRootDSE = Nothing

   ‘ Setup the ADO connection
   Set oConnection = CreateObject(“ADODB.Connection”)
   oConnection.Provider = “ADsDSOObject”
   oConnection.Open “ADs Provider”
   strOU = “OU=IT,”
   strFilter = “(&(objectClass=user)(objectCategory=person))”
   ‘strFilter = “(&(objectClass=computer))”
   ‘strFilter = “(&(objectClass=group))”
   strFilter = “(&(objectClass=contact))”
   strQuery = “;” & strFilter & “;distinguishedName,objectClass,name,extensionAttribute8,extensionAttribute9,targetAddress”

   ‘Execute the query
   set oRecordSet = oConnection.Execute(strQuery)

   if oRecordSet.Eof then
     WScript.Echo “No objects were found”
     WScript.Quit(0)
   Else
     Dim vClasses ‘As Variant
     Dim strClass ‘As String

     WScript.Echo “The following objects were found:”

     ‘ Iterate through the objects that match the filter
     While Not oRecordset.Eof
        vClasses = oRecordset.Fields(“objectClass”).Value
        strClass = vClasses(UBound(vClasses))
        If IsNull(oRecordSet.Fields(“extensionAttribute8“).Value ) and IsNull(oRecordSet.Fields(“extensionAttribute9“).Value) Then
            ‘Values Empty
        Else
            WScript.Echo chr(34) & oRecordset.Fields(“distinguishedName”).Value  & chr(34) & “,” & _
              chr(34) & oRecordset.Fields(“name”).Value   & chr(34) & “,” & _
              chr(34) & oRecordset.Fields(“extensionAttribute8“).Value & chr(34) & “,” & _
              chr(34) & oRecordset.Fields(“extensionAttribute9“).Value & chr(34)

              If InStr(oRecordset.Fields(“name”).Value, “/”) Then
                  ‘Ignore entries with a “/” in the canonical name – this will cause the script to fail
              Else
                set oDirObject = GetObject(“LDAP://” & oRecordset.Fields(“distinguishedName”).Value)
                oDirObject.PutEx ADS_PROPERTY_CLEAR, “extensionAttribute8“,  0
                oDirObject.SetInfo   
                oDirObject.PutEx ADS_PROPERTY_CLEAR, “extensionAttribute9“,  0
                  oDirObject.SetInfo
                End If   
        End if
        oRecordset.MoveNext
     Wend
   End if

   ‘Clean up
   Set oRecordset = Nothing
   Set oConnection = Nothing

 
Function OctetToHexStr(sOctet)
  Dim k
  OctetToHexStr = “”
  For k = 1 To Lenb(sOctet)
    OctetToHexStr = OctetToHexStr _
      & Right(“0” & Hex(Ascb(Midb(sOctet, k, 1))), 2)
  Next
End Function