Remove or Clear Property or Set Null value using Set-AzureADUser cmdlet

Would you like to modify or reset attributes for bulk Office 365 users without using PowerShell? Try Specmasoft‘s desktop-based Microsoft 365 Management tool. This tool enables you to easily update, reset, or clear user profile and contact properties in bulk using a CSV file. It also offers a variety of pre-configured reports with inline actions, allowing you to update licenses, managers, group memberships, and passwords for multiple users through an intuitive UI. Read more ยป

We can use the Set-AzureADUser cmdlet to update Microsoft 365 user properties in Azure AD. This command works fine when you set a value for any property of a user, but to clear or empty the property by setting $null is currently not supported.

With the MSOnline PowerShell module, we can use the Set-MsolUser cmdlet to clear an attribute value by setting “$null”. The below command clears the value that is present for the Mobile phone attribute.

Set-Msoluser -UserPrincipalName "[email protected]" -MobilePhone "$null"

The same case is not supported (or yet to be supported) with the Set-AzureADUser cmdlet which comes under the Azure AD PowerShell V2 module (Powered by Microsoft Graph API). The “empty space” is also not allowed to set this property. You can refer to this thread: https://github.com/Azure/azure-docs-powershell-azuread/issues/166.

As a workaround we can use the ExtensionProperty parameter in the Set-AzureADUser cmdlet, this parameter is probably intended to update directory extensions, but we can also use it to set any valid property of the user object.

The below commands clear the Mobile attribute in the given user.

$properties = [Collections.Generic.Dictionary[[String],[String]]]::new()
$properties.Add("Mobile", [NullString]::Value)
Set-AzureADUser -ObjectId "[email protected]" -ExtensionProperty $properties
Advertisement

2 thoughts on “Remove or Clear Property or Set Null value using Set-AzureADUser cmdlet”

  1. So for azureADuser I may have found a way to get it working:

    Set-AzureADUser -ObjectId “username@domain” -immutableid null

    “$Null” and “” both threw the badrequest wrong length error, but it accepted plain old null w no quotes. As always it asks for the real ObjectID hex code as another parameter, but then it sets to null and I then ran my sync connector delta-sync w no errors.

    Reply

Leave a Comment