I am trying to set the value of users "On-premises immutable ID" in O365/Entra to $null in bulk.
I recently removed users from the sync location on the AD Server and restored them in O365 to cloud only, but the "On-premises immutable ID" did not clear. This causes sync errors.
I have tried a few ways but can't get it right.
I first access MS Graph in Powershell.
Then export a list of users to .csv.
Once I have the .csv I remove users that are aleady null, then set the remaining users "On-premises immutable ID" to be blank.
#Export All Users ImmutableIDs
$Users = Get-MgUser -All -Property 'UserPrincipalName','OnPremisesImmutableId'
$Users | Select-Object 'UserPrincipalName','OnPremisesImmutableId' | Export-Csv -Path
"C:\TEMP\ExportUsersImmutableID.csv" -NoTypeInformation -Encoding UTF8
I tried using the script below.
#Import .CSV and loop through users
$csvData = Import-Csv "C:\TEMP\ExportUsersImmutableID.csv"
foreach ($userRecord in $csvData) {
Update-MgUser -UserId $userRecord.UserPrincipalName -OnPremisesImmutableId $userRecord.OnPremisesImmutableId
}
However I believe the issue is that the "Update-MgUser" cannot set "On-premises immutable ID" to be a null value. This throws "Invalid value" errors. If the "On-premises immutable ID" in the .csv is not blank, it works fine.
So I tried the below instead, as the "Invoke-MgGraphRequest" can set the "On-premises immutable ID" to $null correctly, this works when used one user at a time manually.
#Change ImmutableID for one user to $null
Invoke-MgGraphRequest -Method PATCH -Uri "https://graph.microsoft.com/v1.0/Users/user@test.com.au" -Body @{OnPremisesImmutableId = $null}
#Change ImmutableID bulk users to $null
$csvData = Import-Csv "C:\TEMP\ExportUsersImmutableID.csv"
foreach ($userRecord in $csvData) {
Invoke-MgGraphRequest -Method PATCH -Uri "https://graph.microsoft.com/v1.0/Users/$userRecord" -Body @{OnPremisesImmutableId = $null}
}
However this errors saying "{UserPrincipalName=fitter1@ausdraulics.com.au}"does not exist, I believe because it is adding the title "UserPrincipalName" to the UPN. Error1
If I remove the heading "UserPrincipalName" from the .CSV it does not error but does not make any changes.
Could someone please assist me with changing the script to import and run against the .CSV, pull the users one row at a time and set their "On-premises immutable ID" to "$Null"?
However this errors saying "{UserPrincipalName=fitter1@ausdraulics.com.au}"does not exist, I believe because it is adding the title "UserPrincipalName" to the UPN
Well, you implicitly added that.
When you import data from a CSV file with Import-Csv, every row is read and parsed into a single object, with each property on the resulting object corresponding to a column in the CSV. The default string serialization behavior of such an object is to produce a string in the form @{PropertyName1=propertyValue1; PropertyName2=propertyValue2; ...}.
To evaluate just the UserPrincipalName property value itself, use a subexpression $(...) inside the string literal, like so:
Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/Users/$($userRecord.UserPrincipalName)" -Method PATCH -Body @{OnPremisesImmutableId = $null}
PowerShell will evaluate the expression inside $(...) before interpolating, and you'll thus get the desired resulting string value https://graph.microsoft.com/v1.0/Users/fitter1@ausdraulics.com.au