Link to home
Create AccountLog in
Avatar of Benzini00
Benzini00

asked on

Delete user, home & profile directory and Exchange 2007 mailbox from within AD

I'm looking for a similar VBS (see linked question) that could be used from within ADUC via the right click context menu - I already know how to add an item to a context menu and point it to the finished VBS, it's just the VBS itself that I need help with.

The VBS would give the ability to right click on an individual or large number of user objects within an OU, from the context menu you would select an appropriately named option that would launch the VBS from the NetLogon or central file share.

The VBS would then gather all required information and delete the following:

Home Directory (and all subfolders and files)
Profile Directory (and all subfolders and files)
Exchange 2007 Mailbox
AD User Object

The script would need to be able to run against any OU containing user objects in ADUC, it would also need to cope with a comma in the CN or Display Name of the user account eg:   Bloggs, Joe

Unlike the linked question I dont require a 'whenChanged' function, this would be actioned immediately regardless of whether the account is disabled / enabled.
Avatar of zoofan
zoofan
Flag of United States of America image

I am not completly understanding you,  

This implies you want to select users and delete them as a menu option.
"The VBS would give the ability to right click on an individual or large number of user objects within an OU, from the context menu you would select an appropriately named option that would launch the VBS from the NetLogon or central file share."


This implies you want to run it against an OU and delete every user in it.
"The script would need to be able to run against any OU containing user objects"


Are you looking for a right-click 'delete user' vbs to add via adsi edit to the context menu of the user or the OU?





zf


ASKER CERTIFIED SOLUTION
Avatar of zoofan
zoofan
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of Benzini00
Benzini00

ASKER

Hi Zoofan,

Sorry for the confusion in my original request, what I actually meant was that the script had to be able to run within any OU that contains users, not actually on the OU container itself ...

I have tried your second script with everything enabled, but I get an error at Line 10:

Object doesn't support this property or method: 'objMailbox.DeleteMailbox'
Code: 800A01B6

I have also tried running it with the mailbox lines commented out, this runs without error and the user object is removed from ADUC but the home and profile folders remain. The script also only seems to work if selecting one user at a time, I'm really looking for a script that will allow me to select multiple users as I normally have to clear around 1000 accounts each year.

Many thanks for your help so far

Benzini00
ok, bsaed on this

"Sorry for the confusion in my original request, what I actually meant was that the script had to be able to run within any OU that contains users, not actually on the OU container itself ..."

what is the critera your wanting to use for deleteion?  I thought it was selection in which case you cant select a user from an OU your not viewing.  please clarify.

-> The mail portion I have no way of testing or verifing as I do not have an exchange server nor experience using one
     this part we will need the help of another EE expert or your patience with trial and error and help with research.

->The deletion of folders will only occur if the account running the script has permission.  Are you directories created with full control to admin's and users,  or only the user?

->As for the multi I will modify the script script (my mistake) it simply needs a for each loop to run through multiple arguments being passed.

will modify and test for multi selection while awaiting response to permissions and criteria.



zf

At the moment I am unable to get the script to accept multiple users as arguments,  spawning a question of my own

https://www.experts-exchange.com/questions/23634541/Passing-multiple-objects-to-a-script-via-custom-ADUC-context-menu-item.html



zf
Instead of implementing it via context menu. Why do not you pass a file with all the users for which you wanna take required action. It will be faster and easier.
I'll try to clarify a little more:

"what is the critera your wanting to use for deleteion?  I thought it was selection in which case you cant select a user from an OU your not viewing."

It is selection, multiple user selection within a single OU at one time ... this would be done by browsing to an OU and selecting multiple users and then running the VBS via the context menu ... you would then browse to the next OU and repeat the process for another selection of users.

"The deletion of folders will only occur if the account running the script has permission.  Are you directories created with full control to admin's and users,  or only the user?"

Admin has full permission to all users home and profile folders, from the AD server I can confirm that the folders are fully accessible and can be deleted via file explorer.

I am quite happy to be patient and assist with the Exchange 2007 testing, trial & error is all part of attempting something new ...

Many thanks

Benzini00
Hi Sudhirchauhan3

"Instead of implementing it via context menu. Why do not you pass a file with all the users for which you wanna take required action. It will be faster and easier."

I think this would add quite a few extra steps to the process, you would have to identify and then export users from multiple OU's merge them together in a CSV and then run a script that referenced the CSV ... personally I'd find it far easier and more flexible to delete users on 'the fly' from within ADUC rather than spend time exporting lists of users from each OU and then piecing them together to create one large list.

Ideally I'm looking for a solution that's just as straight forward as the standard 'Delete' context menu option that already exists in ADUC ... except this solution will delete all traces of the user account.

Thanks for your comment though ...

All the best

Benzini00
Hi Benzini,

Still working on the multi and mail

As a note about the delete, also check to see if you profile and home paths for user properties are UNC paths which Im sure they are, ensure that the account used for delete has the permission at the SHARE level of the folder share where the home\profile directories are located.  as the delete is using the path exactly as it appears in the property.


zf
Hi zoofan,

Thanks for the update ...

I can confirm that the Admin account has the required permissions at the share and folder levels ... to test this I have opened a cmd prompt on the AD server and executed the following command:

rmdir <path-to-home-or-profile-folder-as-displayed-in-ADUC> /s

Both folders deleted successfully ... we use DFS paths here, but I assume that won't make any difference to the script as its still a file path none the less.

Benzini00
I would agree it should'nt but will test it that way as well.


zf
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
I sadly still have no update on why the multiple selection does not work as passing multple arg's to vbs works with every other method but still working on it.


I am in the process of downloading Exchange Server Enterprise 2007  from my MSDN subsc,  @ 6G its going to take a little while.  As Ive never used exchange Im hoping for help from others but this is my backup plan.




zf
Did that take care of the delete problem?

EX srv @ 27% and going lol

zf
Hi zf

I replaced line 24 with your correction and I can confirm that the home & profile folders now get deleted! ...

I'll keep my fingers crossed on your success with multiple arg's and the Exchange 2007 mailbox deletion ...

Let me know if you need any help with Exchange 2007 ... I've learnt a lot about it since transitioning our servers from Exchange 2003 ...

Thank you for your continued dedication to this challenge!

Benzini00
Glad to help,  It also suits many of my own needs and wonders, and yes Im sure to need help with exchange as Ive never so much as looked at it.


zf
I do have two question concerning the mail box,

One: Is this a physical file that needs to be deleted? Im assuming it is.  And if it is do you know the name of the user object attribute that stores the path/info/name of it?  as that is all were really missing for that.  If you dont already have one Softerra makes a great LDAP browser to view any and all attributes for AD objects.  There is a demo at http://www.ldapadministrator.com/ which can be installed on a temp workstation and connect to AD and get the attribute name for us.

Two: Is there a matching user in exchange that also needs to be deleted or just the user form AD and the mailbox file/folder itself?



zf
A quick favor if you dont mind, (instead of LDAP browser, but you should still have one)

Read this tread and follow the instructions on exporting the attributes of a single user, then export a test account that has an exchange account and information,  posting the results please

http://www.nnseek.com/e/microsoft.public.windows.server.active_directory/ad_user_object_exchange_attributes_152257950t.html

thanks,

zf
The

ldfide -f test.txt -s yourDC -d "cn=youruser,ou=yourou,dc=yourdomain,dc=com"

command




zf
Hi zf,

"One: Is this a physical file that needs to be deleted? Im assuming it is.  And if it is do you know the name of the user object attribute that stores the path/info/name of it?  as that is all were really missing for that."

Unfortunately not, Exchange stores all mailboxes in a 'Mailbox Store' which is essentially a large database file ...

"Two: Is there a matching user in exchange that also needs to be deleted or just the user form AD and the mailbox file/folder itself?"

There isn't a matching user in Exchange, only a mailbox which is linked to an AD account ...

I have emailed an AD exported test user to your gmail account as I didn't want to post the information in a public environment.

Benzini00
After all the todo mu msdn 07 exh is 64bit only lol,  ahh well have already downloaded and am now installing 07 32bit eval.


If ref to the output:

I see that the attribute
homeMDB:

exsits but is blank does this sample user have a mailbox?


zf



And could check(I dont need it, just review it) the output of a user that you know does and see if this is also blank for them.

thanks,

zf
Hi zf,

I dont think its blank, its just wrapped around to the following line for some reason ... I'll edit it and re-send ...

Thanks

Benzini00
Check this thread,

https://www.experts-exchange.com/questions/21712654/Delete-Mailbox-in-exchange-2003.html
note*
"My problem got resolved.. we had to install a component CDOEXM on the server and the same code worked."




zf
I see it,  no need to resend

zf
Hi zf,

Unfortunately CDOEXM doesn't exist in Exchange 2007 ... it was last available in Exchange 2003 ...

http://technet.microsoft.com/en-us/library/bb124516(EXCHG.80).aspx

Benzini00
My 07 exchange server just finished installing, configuring now(I think lol)


zf
ok well that was almost too easy, create a group, create a mailbox.

moving on!!  lol

browsing the ldap for my new mail user I now have what seems to be an exact match to what you have so on with deleting we go(hopefully)


check back shortly.


zf
Best I can tell and read, 2007 no longer supports .DeleteMailBox (no longer a function to call) as everything is done via power shell.  IE: Remove-Mailbox


Am attempting another work around


zf
OK well, I have managed to delete a mail user using the exchange shell via Remove-MailUser,  but unclear at the moment how to actually do that within our vbs, dont think you can as

to run the exchange shell were ported, cmd shell->power shell-> exchange shell  lmao!!! so geee lets port it vbscript-->cmd shell--->power shell-->exhcgange shell-->delete user


god there has got to be a better way!!!!



still working on it but need a break, time for sleep.


Until later,

zf
Think I will post a question in the exchange zone later today and get some better advice to work with.




zf
You've gotta love the hoops that MS make us jump through sometimes! ... sheeeesh!

Have a good break, I was beginning to wonder if you ever slept! ... Catch up later ...

Many thanks

Benzini00
Hi zf,

I've been thinking about the Exchange 2007 / Power Shell / Exchange Shell issue ... maybe I've needlessly overcomplicated the process by asking for everything to run from a single script ...

When a user is deleted from ADUC, Exchange 2007 sets the users mailbox as 'disconnected', the mailbox is then automatically removed after a period of time defined on the Mailbox Store (To set this value: Right click on a Mailbox Store, select Properties - Click on the 'Limits' Tab - Make changes under 'Deletion settings')

For instance the 'Deletion settings' could be set to delete disconnected mailboxes 30 days after being marked as disconnected.

If an urgent requirement to remove disconnected mailboxes should arise then running the following command from an Exchange Shell should remove them in one go - replacing "server\database" with the appropriate information before running:

Get-MailboxStatistics -database "server\database" | where {$_.disconnectdate -ne $null} | foreach {Remove-mailbox -database $_.database -storemailboxidentity $_.mailboxguid}

What do you think? ... I'd be quite happy to move forward with the above in place of a scripted mailbox deletion ...

That would just leave the issue with the VBS not working on multiple user selection ...

Benzini00
I did also read the info on autoremoval of stale accounts,  and also had a question for you about simply deleting.  If the stale removal works for you Im good with that lol, as I dont have an exchange server to deal with :-)  My question was regarding a direct delete and hadnling the incoming mail or allowing the users to update the incoming conacts(if that was even required).



Anyway,  yes if your ok with the autoremoval me too.  Seems to be a cleaner and more managable solution to that portion of this.


As for the multi select 3 days without so much as a morsal of infomation,
https://www.experts-exchange.com/questions/23634674/How-can-I-pass-multiple-AD-objects-as-vbscript-Arguments.html

 

zf
I sleep fast :-) keeps it from getting in the way.


zf
I like your theory on sleeping fast! ... ;-)

Can you still change the 'zones' on your posting? I wonder if it might be worth changing to 'Windows 2003 Server' - 'Active Directory' - 'VB Script'

It may also get some more interest from Monday I suppose ... fingers crossed! ...

Benzini00
That is my second post of the question first one was in those, will change later today , in anticipation of Monday(agree and crossing as well)





zf
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Oh no ... I can't believe that MS has restricted this when some of their own context menu items in ADUC can process multiple accounts ... How frustrating! ...

Well, you did your best zf, but it looks like this might be the end of the dream ...

You mention in your other post that you have made some standalone apps in the past, do they achieve the same thing? If so, would you be willing to share them? I understand completely if not ...

Benzini00
Sorry work has been ugly,


This is a vb6 project file that I created/use for deleteing users.  Does the same thing the script above does. loads all child ou's below the root ou specified into a drop down list, select an ou from the drop down, check the box for the user, click delete( Deletes home dir\profile dir\and user account).  Logs date/time/user account deleted/user that did it/appver

There are two lines that are commented you can\need to edit one is the root OU to start from and the second is the path to the log file.

enjoy,

zf
deleteUser.zip
That is the only one Ive completed a redo on that is not so custom written (to my environment) that it is usable.  Have been slowly rewritting a few to make them more versitile but truth be told they were hard coded to my net(easier and faster for me to do).


zf
Hi zf,

I've been taking a few days break so apologies for the delay in replying ...

Thanks for the vb6 code, I'll get it up and running when I get back to the office ...

I'd like to award the points for your time and effort, so I'll probably select 'Multiple Solutions' to highlight the relevant posts, I'll also post a final comment to point out the conclusion to future viewers of this topic ...

Many thanks again!

All the very best

Benzini00
Glad to help,  wish it had worked out to be a 100% success


Thanks,


zf
Thanks for all your help zoofan, and sorry its taken so long to get around to assigning the points! ...