Objects can be present in a multi-valued DN syntax property (e.g. Secretary) of another object. If such an object is deleted, the corresponding property value gets to be something like the following:
John Smith DEL:ba5e2568-0a8d-4a06-a9b2-df24b7ba94c2 (company.com\Deleted Objects)
The below script removes such values from the specified property to only keep values for existing objects. It can be executed in a business rule, custom command or scheduled task configured for the object type you need. In the script, the $propertyName variable specifies the LDAP name of the property to update.
PowerShell
$propertyName = "secretary" # TODO: modify me
# Get current property values
try
{
$values = $Context.TargetObject.GetEx($propertyName)
}
catch
{
$Context.LogMessage("The $propertyName property is empty for %fullname%.", "Information")
return
}
# Remove records for deleted objects
$newValues = New-Object System.Collections.ArrayList
foreach ($value in $values)
{
if($value -notlike "*DEL:*,CN=Deleted Objects,*")
{
$newValues.Add($value)
}
}
# Update the property
$Context.TargetObject.PutEx("ADS_PROPERTY_UPDATE", $propertyName, @($newValues))
$Context.TargetObject.SetInfo()