Hi,How would one go about unbinding a boolean attribute from the User object if the attribute has been populated with a value in one or more users? In other words, how can I clear the value from a boolean attribute on a user object so that I can delete the binding (and the attribute)?ThanksMark

One method is to disconnect all contributors.In this case, attribute recall will pull the contributed values - which clears them.Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Is it possible to unset an attribute using the FIMAutomation PowerShell snapin?I tried something like this, but it does not work (it gives no errors but the attribute is left unchanged): param ( [string]$attributeName = $(throw "Specify attribute name"), [string]$uri = "http://localhost:5725/ResourceManagementService", [int]$messageSize = 1GB) # load FIM snapin, ignore errors if already loaded Add-PSSnapin FIMAutomation -ErrorAction SilentlyContinue # get all objects that have a value for the specified attribute $objects = Export-FIMConfig -uri $uri -MessageSize $messageSize -CustomConfig "/*[$attributeName=false or $attributeName!=false]" -OnlyBaseResources # gets the value of a single-valued attribute from an exported object function GetAttributeValue($exportObject,[string] $name) { $attribute = $exportObject.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq $name} if ($attribute -ne $null -and $attribute.Value) { $attribute.Value } } $tempFilePath = "$pwd\tmp.xml" foreach ($object in $objects) { $objectID = GetAttributeValue $object "ObjectID" $displayName = GetAttributeValue $object "DisplayName" $objectType = GetAttributeValue $object "ObjectType" $attributeValue = GetAttributeValue $object $attributeName Write-Host "Deleting attribute $attributeName from $objectType '$displayName' ($attributeValue)" $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange $importChange.Operation = 1 $importChange.AttributeName = $attributeName $importChange.FullyResolved = 1 $importChange.Locale = "Invariant" $importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject $importObject.ObjectType = $objectType $importObject.TargetObjectIdentifier = $objectID $importObject.SourceObjectIdentifier = $objectID $importObject.State = 1 $importObject.Changes = (,$importChange) $importObject | Import-FIMConfig -uri $URI -ErrorVariable Err -ErrorAction SilentlyContinue if ($Err) {Throw $Err} } Paolo Tedesco - http://cern.ch/idm

What happens if you change this to: $importObject | Import-FIMConfig -uri $URI -ErrorVariable Err -ErrorAction SilentlyContinueIf($Err){Throw $Err} Cheers,Markus

Hi Markus, I updated my previous post with the whole script code and the suggestion you made, but nothing changes... I get no error and the attribute is not deleted. Any hint? Cheers, PaoloPaolo Tedesco - http://cern.ch/idm

I think ther's a litle error in line $importChange.Operation = 3Following the documentation here : http://technet.microsoft.com/en-us/library/ff431696(WS.10).aspx, you currently do nothing since number 3 is for 'None'.You must indicate number 1 for a replacement, since number 2 is for delete a value in a multi attribute.Problem comes has it is a boolean.For delete a string value, you just have to modify what I say and modify line $importChange.AttributeValue = $attributeValue to $importChange.AttributeValue = ''For a boolean, since I guess it accept only True or False value, you can try to verify what it does.

Hi Mark, In order to delete the binding and the boolean attribute, you must clear out all existing instances of that attribute. Since portal maps both the non-existance of booleans and false to an unchecked box, we can't clear booleans through portal. However, we can use the web service interface to clear this single-value attribute and by proxy, through the use of the FIMAutomation cmdlets. I've taken a snippet from Paolo's code below: foreach ($object in $objects) { $objectID = GetAttributeValue $object "ObjectID" $displayName = GetAttributeValue $object "DisplayName" $objectType = GetAttributeValue $object "ObjectType" $attributeValue = GetAttributeValue $object $attributeName Write-Host "Deleting attribute $attributeName from $objectType '$displayName' ($attributeValue)" $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange $importChange.Operation = 1 //Enum value for replace is 1  $importChange.AttributeName = $attributeName //$importChange.AttributeValue = $attributeValue --don't specify an attribute value $importChange.FullyResolved = 1 $importChange.Locale = "Invariant" $importObject | Import-FIMConfig -uri $URI -ErrorVariable Err -ErrorAction SilentlyContinue if ($Err) {Throw $Err} } Notice that I use a Replace operation instead of Delete. Replace is the only valid operation for single value attributes. We also do not specify an attribute value for that replace operation. We express a single value attribute deletion by defining "Replace null" which in our case is: Replace and don't specify an attribute value. You can now run this script against all resources that contains this attribute. Subsequently, once your attribute is no longer in use, you can delete the binding and attribute. Let me know if this works for you, Billy

I've test Billy' solution for no seting the attribute value in $importchange and it works for a boolean. It becomes null.However, for deletation, I wonder if the FIM history can authorize a delete as it is describe here http://technet.microsoft.com/en-us/library/ee534912(WS.10).aspx

Michael, Billy,thank you very much for your help, I tried your corrections and now the script works: I managed to delete all the values of a string attribute and later to delete the binding. I updated the script in the answer above with the fixes you suggested.Cheers,PaoloPaolo Tedesco - http://cern.ch/idm