Clearing AD User Properties Issue

$info = Get-ADUser -Filter * -Properties * | ForEach-Object {$_.PSObject.Properties} | Where-Object {$_.value -like "NULL"}

ForEach ($i in $info){
    Set-ADUser -Identity $i.BaseObject.SamAccountName -Clear $i.Name
}

Above is the code I'm using to find all AD user fields with a string value of "NULL". I am attempting to clear these fields.

Below is the exception I am routinely seeing, despite the property name clearly existing (as it's pulled directly from the AD property name value.

What am I missing?

Set-ADUser : The specified directory service attribute or value does not exist
Parameter name: OfficePhone
At line:2 char:5
+     Set-ADUser -Identity $i.BaseObject.SamAccountName -Clear $i.Name
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (RHanson:ADUser) [Set-ADUser], ArgumentException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.SetADUser

Solution 1:

Right out of the docs:

-OfficePhone

[…] To modify an object property, you must use the LDAP display name. […]

and

-OfficePhone

[…] The LDAP display name (ldapDisplayName) of this property is telephoneNumber. […]

And here are the docs for the Telephone-Number attribute:

CN: Telephone-Number
Ldap-Display-Name: telephoneNumber

Unfortunately, Get-ADUser -Properties * receives both, OfficePhone and telephoneNumber and I don't know how you can programmatically distinguish real properties from property-aliases built into the module itself.

As a workaround, you can however pipe it through Get-ADObject which does not impose alias properties on you:

$info = Get-ADUser -Filter * |
            Get-ADObject -Properties * |
            ForEach-Object {$_.PSObject.Properties} |
            Where-Object {$_.value -like "NULL"}

ForEach ($i in $info){
    Set-ADUser -Identity $i.BaseObject.SamAccountName -Clear $i.Name
}